Security Architecture

Question 1

What could you implement so users within an organization can manage fewer credentials?

Answer 1

SSO

Question 2

What is a jump server?

Answer 2

A secure node that sits between the untrusted network and the secure zone

Question 3

What would you implement to protect internal company resources that would have no reason to be accessed by the outside?

Answer 3

Jump server

Question 4

What would you implement to secure administrative access to internal resources while minimizing traffic through the security boundary?

Answer 4

Implementing a bastion host

Question 5

What must be considered when designing a high-availability network?

Answer 5

• Ease of recovery
• Responsiveness

Question 6

What is a cold site?

Answer 6

• The most cost-effective option for a backup data center
• A backup facility that has the necessary infrastructure but no active IT systems or data until it is needed
• Not fully equipped

Question 7

What site would be best for an organization building a new backup data center with RTO and RPO values around two days?

Answer 7

Warm site

Question 8

If a U.S.-based cloud-hosting provider wants to expand its data centers to new international locations, what should they consider first?

Answer 8

Local data protection regulations

Question 9

What is a security measure that is put in place to satisfy the requirements of a security policy when the primary control cannot be implemented?

Answer 9

Compensating control

Question 10

What has been implemented when a host-based firewall on a legacy Linux systems allows connections only from specific internal IP addresses?

Answer 10

Compensating control

Question 11

What solution would fulfil the need for a low-cost application-hosting solution that is cloud-based?

Answer 11

Serverless framework

Question 12

What should a company consider if they are considered about weather events causing damage to the server room and downtime?

Answer 12

Geographic dispersion

Question 13

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network, what should they disable?

Answer 13

Web-based administration

Question 14

How should controls be set up in a data center to ensure data and human life is protected?

Answer 14

Safety controls should fail open

Question 15

What architecture would be best suited for constantly changing environments?

Answer 15

Containers

Question 16

What does a VPN between headquarters and a branch location protect?

Answer 16

Data in transit

Question 17

What should a sys admin use to ensure an easy deployment of resources within the cloud provider?

Answer 17

Infrastructure as Code (IaC)

Question 18

What are examples of ways to ensure only authorized personnel can access a secure facility?

Answer 18

• Badge access
• Access control vestibule

Question 19

What would you implement when a customer wants their data stored on a separate part of the network that is not accessible to users on the main corporate network?

Answer 19

Segmentation

Question 20

What is a comprehensive networking and security approach that combines WAN capabilities with security features to secure access to apps and data while offering monitoring capabilities for remote employee internet traffic?

Answer 20

SASE (Secure Access Service Edge)

Question 21

What could you implement to reduce traffic on the VPN and internet circuit by routing traffic intelligently through the cloud, closer to the users?

Answer 21

SASE (Secure Access Service Edge)

Question 22

A network administrator is working on a project to deploy a load balancer in the company’s cloud environment. Which fundamental security requirements does this project fulfil?

Answer 22

Availability

Question 23

What is symmetric encryption?

Answer 23

In this type of encryption, there is only one key, and all parties involved use the same key to encrypt and decrypt information.

Question 24

A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which architectures is best suited for this goal?

Answer 24

Virtualization

Question 25

What most impacts an administrator’s ability to address Common Vulnerabilities and Exposures (CVEs) discovered on a server?

Answer 25

Patch availability