Security Architecture Flashcards

1
Q

What could you implement so users within an organization can manage fewer credentials?

A

SSO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a jump server?

A

A secure node that sits between the untrusted network and the secure zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What would you implement to protect internal company resources that would have no reason to be accessed by the outside?

A

Jump server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What would you implement to secure administrative access to internal resources while minimizing traffic through the security boundary?

A

Implementing a bastion host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What must be considered when designing a high-availability network?

A
  • Ease of recovery
  • Responsiveness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a cold site?

A
  • The most cost-effective option for a backup data center
  • A backup facility that has the necessary infrastructure but no active IT systems or data until it is needed
  • Not fully equipped
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What site would be best for an organization building a new backup data center with RTO and RPO values around two days?

A

Warm site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If a U.S.-based cloud-hosting provider wants to expand its data centers to new international locations, what should they consider first?

A

Local data protection regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a security measure that is put in place to satisfy the requirements of a security policy when the primary control cannot be implemented?

A

Compensating control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What has been implemented when a host-based firewall on a legacy Linux systems allows connections only from specific internal IP addresses?

A

Compensating control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What solution would fulfil the need for a low-cost application-hosting solution that is cloud-based?

A

Serverless framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What should a company consider if they are considered about weather events causing damage to the server room and downtime?

A

Geographic dispersion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network, what should they disable?

A

Web-based administration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How should controls be set up in a data center to ensure data and human life is protected?

A

Safety controls should fail open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What architecture would be best suited for constantly changing environments?

A

Containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does a VPN between headquarters and a branch location protect?

A

Data in transit

17
Q

What should a sys admin use to ensure an easy deployment of resources within the cloud provider?

A

Infrastructure as Code (IaC)

18
Q

What are examples of ways to ensure only authorized personnel can access a secure facility?

A
  • Badge access
  • Access control vestibule
19
Q

What would you implement when a customer wants their data stored on a separate part of the network that is not accessible to users on the main corporate network?

A

Segmentation

20
Q

What is a comprehensive networking and security approach that combines WAN capabilities with security features to secure access to apps and data while offering monitoring capabilities for remote employee internet traffic?

A

SASE (Secure Access Service Edge)

21
Q

What could you implement to reduce traffic on the VPN and internet circuit by routing traffic intelligently through the cloud, closer to the users?

A

SASE (Secure Access Service Edge)

22
Q

A network administrator is working on a project to deploy a load balancer in the company’s cloud environment. Which fundamental security requirements does this project fulfil?

A

Availability

23
Q

What is symmetric encryption?

A

In this type of encryption, there is only one key, and all parties involved use the same key to encrypt and decrypt information.

24
Q

A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which architectures is best suited for this goal?

A

Virtualization

25
Q

What most impacts an administrator’s ability to address Common Vulnerabilities and Exposures (CVEs) discovered on a server?

A

Patch availability