Domain 3.0 Security Architecture
You are the network administrator for a mid-sized company and are considering upgrading its firewall to one with Deep Packet Inspection (DPI) capabilities. What is the primary advantage of implementing a DPI firewall in the company's network?
Detects and prevents sophisticated cyber threats
A manufacturing firm is seeking to enhance its plant floor operations with a network system capable of managing large-scale, real-time processes. Given these requirements, which type of network infrastructure will BEST fit the firm's operational and security needs?
ICS/SCADA infrastructure
A leading healthcare provider must improve its network infrastructure to secure sensitive patient data. You are evaluating a Next-Generation Firewall (NGFW), which will play a key role in protecting the network from attack. What feature of a Next-Generation Firewall (NGFW) will help protect sensitive patient data in the healthcare organization's network?
Application-level inspection
A financial services company tasks its IT security team with reducing the network's attack surface. They have segmented the network into security zones, put port security measures in place, and physically isolated critical servers. The IT security team wants to further reduce the risk of attack by managing traffic flow between security zones. Which of the following measures should the team implement?
Apply the principle of least privilege when defining traffic policies between zones.
A network engineer is optimizing an existing cloud-based system. The primary goal is to ensure the system remains operational, minimizing downtime, even under adverse conditions or potential failure points. What key characteristic of system design should the engineer prioritize?
Availability
You are designing a new data center for a financial institution that requires high security and reliability due to the sensitive nature of the data being processed and stored. What is the MOST important design concept to include in the data center to ensure its security?
Biometric access controls
A cloud administrator aims to privately connect two cloud server instances located in separate Virtual Private Clouds (VPCs) on Amazon Web Services (AWS). What configuration should be used to facilitate this connection without involving an internet gateway?
By using a virtual private cloud (VPC) peering connection
A company is considering upgrading its Wi-Fi network infrastructure. The network team is evaluating the advantages and disadvantages of having a network with a single main Access Point (AP) versus having service distributed among multiple APs. What network design concept are they considering?
Centralized/decentralized
A financial services company is defining the appropriate level of access controls for a specific type of data. The data includes company financial reports that should only be accessible to the senior management team. How should the organization most likely classify this data?
Confidential
A financial organization is currently handling a document that contains sensitive customer information, which is protected by a non-disclosure agreement. According to data classifications, how should the financial organization categorize this data?
Confidential data
An organization plans to restructure its software deployment process to address increasing complexities stemming from application library dependency conflicts. The organization wants to increase flexibility and maximize the use of hardware resources while keeping the number of deployed operating systems at a minimum. Which of the following approaches would be the MOST effective?
Containerization
During a security audit, some data is identified that, if breached, could severely impact the organization's ability to operate. How should the organization classify this data?
Critical
A multinational business is improving its data security strategy and wants to apply different protective measures to secure data, whether stored, transferred, or processed. What term is used to describe data in this context?
Data States
An international marketing company stores information across its global cloud infrastructure and must navigate complex legal and regulatory data storage and usage rules. Which concept best identifies this scenario?
Data sovereignty
The IT manager of a small government agency is designing a new secure network infrastructure and implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). To optimize their effectiveness, the manager is considering different deployment methods for the IPS/IDS. The organization's network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF). Which deployment method provides the most effective solution in this scenario?
Deploy the IPS/IDS devices in inline mode at the network perimeter.
A small retail company has decided to implement a load balancer. The network administrator assigned to this task must ensure that the load balancer can defend against basic attacks. What is a fundamental step the network administrator should perform to secure the load balancer?
Disable unnecessary services on the load balancer.
You are a cloud security analyst reviewing a new application for a fintech startup. The application will be hosted on a serverless architecture to maximize scalability and cost-efficiency. You know serverless architectures' unique security considerations, particularly around third-party services and APIs. In a serverless architecture, what is the MOST important security practice to protect sensitive financial data processed by the application?
Encrypting data at rest and in transit
A global banking organization requires its cybersecurity team to minimize the network's vulnerability to cyber threats. The team has divided the network into secure segments, implemented port security, and physically isolated key servers. The team plans to restrict traffic flow between network segments to reduce the threat of attack further. Which of the following approaches can best help with this plan?
Enforce role-based access control for traffic policies between zones.
You are updating the security controls for your company's wireless network and considering implementing 802.1x. What is the primary benefit of this technology?
Enhances security by requiring authentication
An organization is considering a hybrid cloud deployment to leverage the benefits of both private and public cloud resources. While reviewing third-party vendors, what critical aspect should the employees consider for a secure and effective transition?
Establish clear service level agreements
Which of the following strategies is the most effective in reducing a company's attack surface?
Establish functions to enforce multiple layers of protection.
A government agency is modifying its network infrastructure and plans to use an intrusion prevention system (IPS). The IT manager wants to ensure that the IPS will continue to let traffic flow if it fails. Which failure mode should the IT manager configure the IPS?
Fail-open
A large bank is redesigning its network architecture and wants to implement a zone-based security model. Which of the following is the most accurate statement about hosts within the same zone?
Hosts within the same zone should be subject to the same access control requirements.
An organization is implementing an intrusion prevention system (IPS) as part of its efforts to secure its enterprise infrastructure. The IT manager is considering the failure modes of the IPS and is deciding between a fail-open and a fail-closed configuration. What are the implications of each configuration on network traffic in the event of a system failure?
Fail-open will allow all traffic; fail-closed will block all traffic.
A network engineer is tasked with segmenting the company network to improve security protections. Which of the following strategies will the engineer most likely utilize to segment devices attached to the same switch?
Group hosts into VLANs based on department, function, or security requirements.
A parts manufacturer is experiencing frequent power failures in its computer room, which are causing downtime. Which strategy can the manufacturer employ to minimize the impact of these power failures?
Implement a UPS system
A non-profit organization plans to implement a load balancer to manage increased web traffic to its online services. Additionally, the organization needs to provide enhanced web traffic protection, as the recent increases in traffic have also included some malicious activity targeting its online services. Which of the following represents the best solution in this scenario?
Implement a Web Application Firewall alongside the load balancer.
A rapidly growing e-commerce company is considering changes to its cloud infrastructure to support rapid growth and provide access to geographically diverse services while still maintaining its existing data center. Which infrastructure model should the company consider to address its needs?
Implement a hybrid solution with a mix of on-premises and cloud-based infrastructure.
You are the IT manager for a growing online retail company planning to migrate its website and customer database to an Infrastructure as a Service (IaaS) platform. Aware of the shared responsibility model in cloud services, you must ensure the security of customer data as part of the migration. In an IaaS environment, which of the following is the MOST critical security consideration for protecting the online retail company's customer database?
Implement strong network access controls
To minimize downtime and ensure the high availability of critical services, an organization seeks to evaluate the readiness and effectiveness of its backup systems under real-world conditions. This evaluation aims to confirm that the backup infrastructure can seamlessly handle the full operational load in the event of a primary system failure without causing any interruption to current operations. Which testing method would BEST help the organization achieve this objective without impacting existing operations?
Implementing parallel processing tests
A multinational corporation wants to standardize and automate the setup of its technology infrastructure to reduce manual setup errors and support quicker deployment of resources. Which methodology should the corporation adopt to accomplish this?
Infrastructure as code
A large healthcare organization is redesigning its network infrastructure to increase security capabilities by implementing an Intrusion Prevention System (IPS). Which of the following options best describes the benefits and disadvantages of implementing an IPS?
Inline placement allows for active prevention measures but can become a single point of failure.
A systems engineer is designing a new web application infrastructure for a major sporting event ticket sales platform. Which features should the engineer prioritize in the design process? (Select the two best options.)
Load balancing NOT replication
A large organization is planning to restructure its network infrastructure to improve security boundaries and enhance control over network traffic as it expands with an increasing number of remote employees. The organization must implement a solution that provides high levels of flexibility. What should the company implement to meet these requirements?
Logical segmentation
You are an IT security analyst for a regional bank preparing for a potentially significant natural disaster that could physically destroy its primary data center. To quickly restore banking operations and customer access, you must choose the most effective preparation strategy. Which of the following tasks is most essential for ensuring continuity of operations (COOP) in this scenario?
Maintaining an off-site backup of critical data and systems.
A global e-commerce company faces challenges with a monolithic application. Due to its interdependent components, the application is becoming increasingly difficult to maintain and cannot dynamically scale in response to increased demand. The company has invested in cloud infrastructure and would like to leverage this investment to address these issues. What would MOST effectively address these challenges?
Microservices
A healthcare company transmits billing code updates from its headquarters to partner affiliates via the Internet. The network administrator wants to protect the integrity of the data and provides an encoded number that can be used to check its accuracy. Which technique is being used in this scenario?
NOT Encryption
A logistics company must fortify its data center systems against extended-duration power outages. What is the most suitable approach the company should pursue?
NOT Incorporating additional Uninterruptible Power Supplies (UPS) Investing in geographic dispersion
As a security analyst for a smart home devices manufacturer, you are tasked with improving the security of a new line of IoT (Internet of Things) devices. These devices require robust security measures to prevent unauthorized access and protect user privacy. Which of the following is the MOST critical ssecurity measure focused on direct physical protections of the IoT devices?
Not Regular firmware updates, not wireless encryption
During an annual review, a health services company's leadership aims to scrutinize its disaster response and data recovery protocols. They focus on effectiveness, hidden weaknesses, and clarity of employee roles during a disaster. Which course of action would BEST serve these objectives?
Organizing tabletop exercises
A regional bank is improving its security infrastructure by implementing an intrusion prevention system (IPS). Which of the following deployments of the IPS devices would be most effective?
Place the IPS devices at the network perimeter to monitor inbound and outbound traffic.
A network administrator has implemented security controls to protect sensitive employee information like home addresses and phone numbers. What is the most appropriate classification schema for this type of data?
Private
You are a compliance analyst at a large corporation that handles a wide range of data, including personal details of employees, proprietary research, and customer information. Which type of data should be classified as "Restricted" to ensure the highest level of protection?
Proprietary research and development information
An organization implements measures to protect critical business records. Which term best describes information that, if breached, could harm the company by damaging its reputation?
Sensitive
You are an analyst in the IT department of a software development company that supports a remote workforce. To ensure the environment's security, you are evaluating an agent-based monitoring solution for employee devices. What is the primary benefit of using an agent-based monitoring solution in a remote work environment?
Provides real-time detection and response to threats on devices
A national park posts information about trees, flowers, and other plants on its website. How should the organization classify this data?
Public
Question A company is developing a aircraft flight control system that requires instantaneous response to certain inputs. Which of the following is MOST suitable for this scenario?
Real-time operating system
A multinational corporation is planning to restructure its IT division. The leadership team has decided to define roles, responsibilities, and levels of authority for different tasks across various technical teams. Which tool would be the most appropriate for the leadership team to use in documenting this work?
Responsibility matrix
A prominent e-commerce company experiencing significant business growth anticipates a sharp increase in website traffic during an upcoming annual sales event. The company is wary of potential system bottlenecks or downtimes that could disrupt sales and affect reputation. What primary strategy should the company use to ensure its systems can handle the upcoming event?
Rigorous capacity planning process
A healthcare institution is building a new patient information system. It wants to ensure the system can handle the projected volume of patient records and requests, especially during peak hours, without compromising the accuracy of information and system performance. Which of the following is the MOST effective way to confirm the system's ability to manage the expected demand?
Running a simulation of the system
A software engineer for a new FinTech company wants to acquire new services that will allow the business to grow but not be required to procure software license with a specific number of seats. Which service model allows the company to access software servers based on a pay-as-you-go or lease arrangement?
Software as a service
The IT manager at a testing clinic wants to implement a proxy server to improve network security and performance. The network incorporates a virtual private network (VPN), multiple security zones, and a Unified Threat Management (UTM) appliance. In this scenario, which of the following is the primary benefit of implementing a proxy server?
The proxy server can perform application-layer filtering, enhancing network traffic security.
A bank is implementing a new network security appliance to protect financial data. In the event of a failure, the confidentiality and integrity of the financial data must take precedence over system availability. What should the financial institution set as the failure mode configuration for this appliance?
The security control device should be configured to fail-closed.
A hospital hosts a service that processes sensitive patient billing information. In the event of a failure, the confidentiality and integrity of the patient data must take priority. What failure mode configuration is most suitable for this service?
The security device should be configured to fail-closed.
A tech startup develops a unique algorithm that provides a significant competitive edge in the market. To maintain this edge, the startup needs to ensure the highest level of protection for this information. How should this startup categorize and handle this unique algorithm?
The startup should categorize the algorithm as a trade secret and protect it using non-disclosure agreements.
An organization wants to implement a hybrid cloud strategy but is concerned about the security risks associated with this change. Which approach is most effective for this new project?
They should balance security duties between on-premises and cloud to ensure a clear definition in the responsibility matrix.
Question An organization is looking to gain a competitive advantage by using proprietary algorithms to offer a newly designed automation service to customers that is not offered by any competitors. What type of data is presented in this scenario?
Trade secret data
The IT department of a healthcare provider maintains a database containing personal health information for its patients. Which of the following labels best describes this data?
regulated