Domain 3: Security Architecture Flashcards

1
Q

Question 1 of 20
A corporation is experiencing frequent power failures in its data center, which are causing downtime and resulting in high recovery costs.
Which strategy could the corporation employ to minimize the impact of these power failures?
answer
Implement network segmentation.
Employ a hybrid cloud strategy.
Implement a UPS system.
Migrate to an SDN.

A

Correct Answer:
Implement a UPS system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question 2 of 20
As a network security analyst, you have been tasked with improving the security of a network that includes a variety of embedded devices, including appliances, wearable devices, and industrial equipment.
The network has been experiencing frequent security breaches.
Which of the following would be the MOST effective strategy to improve network security?
answer
Disabling all unnecessary services on the devices.
Regularly updating the firmware of all devices.
Using VLANs or encrypting all network communications.
Implementing a firewall for each individual device

A

Correct Answer:
Using VLANs or encrypting all network communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question 3 of 20
BackNext
Which VPN implementation uses routers on the edge of each site?
answer
Remote access VPN
Host-to-host VPN
Always-on VPN
Site-to-site VPN

A

Correct Answer:
Site-to-site VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question 4 of 20
BackNext
A cyber team implements new hardening techniques after a data loss prevention (DLP) audit revealed increased data exfiltration.
What is a tenet of host-based firewalls?
answer
It requires deploying and configuring specialized software agents.
It uses signature-based detection and anomaly detection.
It provides controls for incoming and outgoing network traffic.
It describes software tools that monitor and protect individual hosts.

A

Correct Answer:
It provides controls for incoming and outgoing network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question 5 of 20
BackNext
Which of the following do Raspberry Pi systems make use of?
answer
FPGA
RTOS
SCADA
SoC

A

Correct Answer:
SoC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question 6 of 20
As a network security analyst, you have been tasked with improving the security of a network that includes a variety of embedded devices, including appliances, wearable devices, and industrial equipment.

The network has been experiencing frequent security breaches.

Which of the following would be the MOST effective strategy to improve network security?

answer

Disabling all unnecessary services on the devices.
Regularly updating the firmware of all devices.
Using VLANs or encrypting all network communications.
Implementing a firewall for each individual device.

A

Correct Answer:
Using VLANs or encrypting all network communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question 7 of 20
BackNext
A multinational corporation with headquarters in New York and branches in London, Tokyo, and Sydney wants to securely connect all their offices to share resources and data.
The IT department has been tasked with setting up a secure network connection.
Which type of VPN setup would be the MOST appropriate for this scenario?
answer
Correct Answer:
Site-to-site VPN
Host-to-host VPN
Remote access VPN
Client-to-site VPN
Data journaling

A

Correct Answer:
Site-to-site VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question 8 of 20
The cybersecurity team at an international data center operator is enhancing its port security strategy. They have implemented rudimentary media access control (MAC) address filtering on all switch ports.
However, concerns about MAC spoofing and the administrative burden of maintaining a list of valid MAC addresses have surfaced. The team decided that robust authentication needs to occur before a user can gain comprehensive network access.
What strategy should the cybersecurity team adopt next?
answer
Divide into secure segments.
Enable auxiliary switch ports.
Deploy EAP over TLS.
Enforce physical isolation for servers.

A

Correct Answer:
Deploy EAP over TLS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question 9 of 20
A security team in a multinational organization decides to improve the security of their inter-office communications. They agree to use a tunneling protocol that can offer confidentiality, sender authentication, and message integrity.
They need a protocol that operates at the network level.
Which protocol BEST fulfills the team’s requirements for securing inter-office communications and operates at the network level?
answer
TLS
HTTPS
SSH
IPSec

A

Correct Answer:
IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Question 10 of 20
When recovering from a disaster, which services should you stabilize first?
answer
Outside communications
Least business-critical services
Financial support
Mission-critical services

A

Correct Answer:
Mission-critical services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Question 11 of 20
You often travel away from the office. While traveling, you would like to use your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible.
Which type of connection do you need?
answer
Internet
Remote access
Intranet
Virtual private network

A

Correct Answer:
Remote access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Question 12 of 20
As a network administrator for a tech startup, you are tasked with improving the efficiency of a single system that runs multiple applications.
The system is currently experiencing performance issues due to the applications competing for network resources.
Which type of network virtualization would be the most appropriate solution in this scenario?
answer
Virtual Private Network (VPN)
Virtual Local Area Network (VLAN)
External network virtualization
Internal network virtualization

A

Correct Answer:
Internal network virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Question 13 of 20
BackNext
A financial institution is implementing a new security control device to protect its network infrastructure and wants to ensure that in the event of a failure, the confidentiality and integrity of its financial data take precedence over system availability.
What should the financial institution set as the failure mode configuration for this security control device?
answer
The security control device should be configured to fail-closed.
The security control device should be configured to actively monitor the network.
The security control device should be configured to fail-open.
The security control device should be configured to passively monitor the network.

A

Correct Answer:
The security control device should be configured to fail-closed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Question 14 of 20
A company is planning to implement a remote access architecture to allow its employees to work from home.
The company has a central office where all its servers and applications are located. The employees need to access these resources securely from their home computers.
Which remote access architecture would be the most suitable for this scenario?
answer
Transport Layer Security (TLS)
Client-to-site VPN technology
Site-to-site VPN topology
Host-to-host tunnel topology

A

Correct Answer:
Client-to-site VPN technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Question 15 of 20
A large multinational corporation is implementing a data protection strategy. The company has a complex IT environment with a mix of physical servers, virtual machines, and cloud-based services.
The primary concern is the ability to rapidly recover large datasets and applications in the event of a major system failure or data corruption.
Which type of snapshot would be MOST suitable for this organization?
answer
Storage Area Network (SAN) snapshots
Virtual Machine (VM) snapshots
Filesystem snapshots
Cloud-based snapshots

A

Correct Answer:
Storage Area Network (SAN) snapshots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Question 16 of 20
The IT manager of a medium-sized organization is designing a new network infrastructure to secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is considering different deployment methods for the IPS/IDS to optimize their effectiveness.
The organization’s network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF).
Which deployment method provides the MOST comprehensive protection in this scenario?
answer
Deploy the IPS/IDS devices in passive mode within the internal network.
Deploy the IPS/IDS devices in tap/monitor mode at the entry and exit points of the VPN tunnel.
Deploy the IPS/IDS devices in inline mode at the network perimeter.
Deploy the IPS/IDS devices in inline mode next to the WAF.

A

Correct Answer:
Deploy the IPS/IDS devices in inline mode at the network perimeter.

17
Q

Question 17 of 20
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?
answer
Virtual firewall
Hypervisor
Virtual switch
Virtual router

A

Correct Answer:
Hypervisor

18
Q

Question 18 of 20
The IT department in a large multinational corporation faces challenges managing secure communications for remote desktop connections. The increasing number of remote employees has made it essential to ensure that their remote desktop connections are secure. The IT department is considering various measures to establish secure communication.
Given the challenges the corporation faces, what approach should the IT department adopt to ensure secure communications for remote desktop connections while maintaining the manageability and performance of the enterprise infrastructure?
answer
Disable all firewall rules for remote desktop connections
Implement TLS for all remote desktop connections
Establish VPN tunnels for all users without using any encryption protocols
Enable open access to all remote desktop connections for easy manageability

A

Correct Answer:
Implement TLS for all remote desktop connections

19
Q

Question 19 of 20
An IT specialist working for a multinational confectionery company needs to fortify its network security. The firm has been dealing with intrusions where raw User Datagram Protocol (UDP) packets bypass open ports due to a virus.
The specialist will analyze packet data to verify that the application protocol corresponds to the port. The company also wants to track the state of sessions and prevent fraudulent session initiations.
Which of the following tools should the IT specialist prioritize deploying?
answer
Deep packet inspection firewall
Packet filtering firewall
Circuit-level gateway
Transparent firewall

A

Correct Answer:
Deep packet inspection firewall

20
Q

Question 20 of 20
Which VPN tunnel style routes only certain types of traffic?
answer
Full
Site-to-site
Host-to-host
Split

A

Correct Answer:
Split