SY0-701 Lesson 6: Secure Cloud Network Architecture
Upon learning that the organization is looking to enhance network security solutions for the corporate office, a software technician explores the benefits of deploying a Zero Trust Architecture (ZTA). What is not a key benefit of using a ZTA?
Decreased granularity
A network engineer reviews the security implications tied to cloud architecture models as the company plans to move data off-premises at the end of the year. What model provides flexibility by allowing the company to store sensitive data to a private cloud infrastructure and non-sensitive information on a public cloud infrastructure?
Hybrid architecture
A software engineer reviews the use of SCADA applications associated with various industries. What sector of industry refers specifically to mining and refining raw materials, involving hazardous high heat and pressure furnaces?
Industrial
The IT department of a medium-sized enterprise is reviewing its network architecture with a focus on increasing security and efficiency. The organization currently uses a flat network model, but the security team has proposed implementing Virtual Local Area Networks (VLANs) to compartmentalize traffic and minimize potential attack surfaces. The team's goal is to limit lateral movement between network devices and enforce a principle of least privilege across the network. Considering this security improvement initiative, what is a major benefit of integrating VLANs into the existing network architecture from a security standpoint?
Isolating network traffic and reducing the potential attack surface
Following a recent insider threat breach, a network engineer reviews the company's Zero Trust architecture policy to ensure all aspects are accurate and aspects of the control and data planes are implemented correctly. What statements are TRUE regarding the control plane of the Zero Trust architecture? (Select the two best options.)
It manages policies that dictate how users and devices are authorized to access network resources. & It is implemented through a centralized policy decision point.
The IT department of an organization is preparing to implement new access control measures to enhance the security of its network. The IT team has studied various access control models and is assessing the potential applicability to their needs. Which access control models should the IT team consider if they want to implement access controls based on user roles and security classifications of information? (Select the two best options.)
Mandatory access control & Role-based access control
The Chief Information Security Officer (CISO) for a regional textile company tasks a cyber team with reviewing the security implications on available cloud architecture models as the business anticipates transitioning to a cloud environment within the next year. What model offers the highest level of security and allows the individual customer to have complete control over the infrastructure?
Single-tenant architecture
A cybersecurity analyst at a large corporation is assessing the security implications of transitioning to a hybrid model that incorporates both traditional network and cloud architectures. The corporation aims to leverage the advantages of both architectures while minimizing potential vulnerabilities. The analyst needs to understand the distinctive characteristics of each model to manage risks effectively. Given the differences in the architecture models, which statements correctly describe unique features related to the security implications of each model? (Select the two best options.)
Cloud architectures actively delegate security tasks between cloud service providers and customers, creating a shared responsibility model. & Physical device security and controlled access gain heightened importance in traditional network architectures due to onsite storage of devices.
In exploring the tenets of Zero Trust Architecture, a cyber consultant reviews its various benefits and components to determine how the solution can help the company. What components are associated with ZTA? (Select the two best options.)
Cloud security & Data protection
A network architect at a global financial institution overhauls the company's on-premises network to enhance security and reduce the attack surface. To accomplish this, the architect assesses various architecture models and their respective impact on the on-premises network's security implications. While redesigning the on-premises network, which architecture derivative/model could effectively decrease the attack surface?
Centralized architecture
An organization's security officer is actively developing a new data protection strategy. The plan aims to fortify the integrity of data stored on the company's servers to uphold the confidentiality, integrity, and availability (CIA) triad principles. In this development process, which data protection method should the security officer primarily implement to ensure the accuracy and consistency of data over its entire life cycle, according to the principles of the CIA triad, particularly focusing on enhancing the "integrity" aspect?
Checksum verification
The network security engineer at a multinational company is preparing to introduce a new network infrastructure model. The company's objective is to minimize the attack surface by implementing effective port security measures. To accomplish this, the engineer is evaluating the security implications of various architecture models and their compatibility with port security measures. Since the network security engineer plans to deploy port security to minimize the attack surface, which architecture model can BEST assist in supporting and enhancing the effectiveness of port security?
Client-server model
To improve security, the security team at a growing tech company aims to update its infrastructure. They explore different architecture models and ponder the implications of logical segmentation. To curb lateral movement within the network (in case an intruder accesses one segment), the team plans to split the network into smaller, isolated segments, each boasting its own resources and security controls. Considering this strategy to boost security, which architecture model would optimally support the logical segmentation strategy?
Client-server model
A research team of an aerospace organization wants to purchase an operating system (OS), that is commonly used in the aerospace industry and can assist in prioritizing deterministic execution of operations to ensure consistent responses are received for time-critical tasks. What type of OS should the research team purchase?
RTOS
