Domain 3 Security Architecture Flashcards

1
Q

An organization leverages both on-premises data centers and cloud services to host its applications and data. What security considerations are typically associated with a hybrid architecture?

A

Integration of on-premises and cloud security controls is crucial.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When engaging third-party vendors for security services or products, what should be a primary concern to ensure the security of an organization’s information assets?

A

The security practices and measures implemented by the vendor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company that has adopted a microservices architecture, what security challenge might arise during the development and deployment of new features?

A

Rapid development cycles leading to potential oversight of security best practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When designing a security architecture with a high emphasis on availability, what is a key consideration regarding system redundancy?

A

Implementing redundant systems in geographically diverse locations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An organization decides to purchase cyber insurance to transfer the financial risk associated with a potential data breach, what risk management strategy is being employed?

A

Risk transference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a primary security advantage of adopting an on-premises infrastructure?

A

Enhanced control over the physical security of the infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When comparing centralized and decentralized security architectures, what is a potential drawback of a centralized model?

A

Increased susceptibility to a single point of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When implementing the principle of security through obscurity, what practice should be avoided?

A

Using default configurations for critical systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In a healthcare organization, there is a need to safeguard patient records and comply with privacy regulations. What type of data is the organization primarily concerned with protecting?

A

Regulated data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In a financial institution, customer account details and transaction records need protection due to regulatory requirements. What data classification level would likely be assigned to this type of information?

A

Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In a government agency, there is a need to handle information related to national security. What data classification level would likely be assigned to this type of sensitive information?

A

Top Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a corporate environment, the employee handbook and internal policies need to be shared with all employees. What data classification level would likely be assigned to these documents?

A

Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A multinational corporation is expanding its operations to comply with data sovereignty requirements in various countries. What does the company need to consider when addressing data sovereignty concerns?

A

Ensuring the physical location of data centers complies with local regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which encryption method uses the same key for both encryption and decryption processes and is commonly used for securing communication channels?

A

Symmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An organization uses a cloud-based collaboration platform for employees to work on projects. What security measure should be emphasized to protect data in use on this platform?

A

Using role-based access controls within the platform

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A cyber-security professional is implementing a password storage system that should securely store user passwords. What cryptographic technique is suitable for this purpose to protect against unauthorized access to the actual passwords?

A

Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company is implementing data masking to protect personally identifiable information (PII) in a non-production environment. What is the primary purpose of data masking in this scenario?

A

Protecting data confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A database administrator is concerned about protecting passwords stored in a database from unauthorized access. In addition to hashing, what additional technique should be implemented to enhance security?

A

Salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the primary goal of a security token in a multi-factor authentication (MFA) system?

A

To provide a second factor of authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You are a developer working on a web application that processes user input and stores it in a database. How do you ensure that the application is protected against SQL injection attacks?

A

Use parameterized queries or prepared statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A developer is working on a web application that handles sensitive user data. The application uses user authentication and the development team is discussing best practice to protect against brute force attacks on user accounts. What is the recommended practice in this situation?

A

Implement account lockout after a certain number of failed login attempts.

21
Q

In a corporate network, why might a Jump Server be implemented in the DMZ?

A

To facilitate secure remote administration of internal servers

22
Q

How does a proxy server contribute to protecting internal networks from external threats?

A

By acting as a barrier between internal and external networks

23
Q

How does Secure Access Service Edge (SASE) address the challenges of traditional network architectures for remote users?

A

By integrating security services into the cloud

24
Q

Which of the following is a key benefit of implementing Secure Access Service Edge (SASE) for organizations with a distributed workforce?

A

Enhanced visibility and control over network traffic

25
Q

What is a key advantage of using Software-Defined Wide Area Network (SD-WAN) for organizations with multiple branch offices?

A

Centralized management and control

26
Q

27) Which type of firewall operates at the transport layer of the OSI model and can filter traffic based on source and destination IP addresses, as well as port numbers?

A

Stateful inspection firewall

27
Q

Which type of firewall hides the internal network structure and IP addresses from external networks by forwarding requests on behalf of clients and returning the results to the clients?

A

Proxy firewall

28
Q

29) What is a potential challenge or limitation associated with the use of a Web Application Firewall (WAF) in a secure architecture?

A

Inability to inspect encrypted traffic

29
Q

30) In a fully remote company, employees use a virtual private network (VPN) to connect to the corporate network securely. Which tunneling protocol is commonly used in this context to create a secure tunnel over the internet?

A

IPsec (Internet Protocol Security)

29
Q

What security mechanism is commonly employed to safeguard trade secret data during transmission over a network?

A

Transport Layer Security (TLS)

29
Q

Which of the following cryptographic protocols is commonly used for securing email communication?

A

RSA

30
Q

In a government agency, certain documents contain information critical to national security. Which sensitivity label is most appropriate for these documents?

A

Critical

31
Q

In a legal firm, there is a document containing client case details and confidential legal strategies. Access should be restricted to the legal team working on the specific cases. Which classification label is most appropriate for this document?

A

Confidential

32
Q

An IT department is planning for disaster recovery and business continuity. The company requires minimal downtime and can afford a short recovery time. Which site consideration is most appropriate for this scenario?

A

Hot site

33
Q

A research institution has sensitive data that requires protection, but the budget is limited. The institution can tolerate some downtime in the event of a disaster. Which site consideration is most appropriate for this scenario?

A

Cold site

34
Q

What is the primary objective of a failover test in a high-availability system?

A

To simulate the switch to backup systems in case of a primary system failure

35
Q

In a disaster recovery scenario, how do backup snapshots contribute to the restoration process?

A

By providing a point-in-time copy of data for quick recovery

36
Q

Which security measure is specifically designed to protect backup tapes during transportation?

A

Tape encryption

37
Q

Which cryptographic technique is commonly used to secure data during transit in backup operations?

A

Symmetric encryption

38
Q

When designing a backup and recovery strategy, what is the purpose of geographic diversity in backup storage locations?

A

Enhancing data resilience and availability

39
Q

What is a potential disadvantage of relying solely on a hot site for disaster recovery?

A

High costs associated with maintaining constant readiness

40
Q

An e-commerce website, the IT team is experiencing performance issues during peak hours. Which solution would be most effective in distributing incoming user requests and optimizing resource utilization?

A

Load Balancing

41
Q

A company’s critical database server needs to maintain high availability and fault tolerance. What solution would is recommended to achieve this goal?

A

Database Clustering

42
Q

An educational institution needs a disaster recovery solution that can be activated within a few days in case of a major disruption. Which site would be most appropriate for this scenario?

A

Warm Site

43
Q

A financial institution wants to ensure high availability for its critical applications and data by leveraging multiple cloud providers. What key benefit is the institution seeking from a multi-cloud approach?

A

Geographic Redundancy

44
Q

In a data center environment, why is it crucial to have a generator as part of the power infrastructure?

A

To provide temporary power during outages

45
Q

An organization wants to identify and respond to suspicious activities on the network in real-time, which security control should be implemented?

A

Intrusion Detection System (IDS)

46
Q

What is the primary benefit of implementing a DMZ in a network architecture?

A

Improved security for public-facing services

47
Q

An organization is implementing a high-availability solution for critical applications. What factor should be a top priority to ensure continuous availability?

A

Redundant power supplies