Domain 3.0 CompTIA

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

A network engineer is segmenting a company's network to improve security. In terms of routing infrastructure, which of the following strategies would the engineer employ to segment different types of hosts attached to the same switch?

(NOT) -> Assign a different internet protocol (IP) address to each host on the switch. Group hosts into VLANs based on department, function, or security requirements.

A multinational corporation handles both human-readable and non-human-readable data. Which of the following statements accurately represent the recommended security measures for each type of data?

(NOT) -> For non-human-readable data: encryption, access controls, intrusion detection/prevention, and secure data exchange.For human-readable data: monitoring, user awareness, encryption, and secure data exchange. For non-human-readable data: encryption, intrusion detection/prevention, and secure data exchange.For human-readable data: encryption, user awareness, data loss prevention, and content filtering.

A nonprofit organization with limited funds needs a cost-effective disaster recovery plan that doesn't necessitate immediate resumption of services after a disaster. What is significantly less expensive as it focuses solely on providing infrastructure until a disaster occurs?

(NOT) Set up a warm site

A financial services company tasks its IT security team with reducing the network's attack surface. They have segmented the network into security zones, put port security measures in place, and physically isolated critical servers. The IT security team wants to further reduce the risk of attack by managing traffic flow between security zones. Which of the following measures should the team implement?

Apply the principle of least privilege when defining traffic policies between zones.

A network engineer is optimizing an existing cloud-based system. The primary goal is to ensure the system remains operational, minimizing downtime, even under adverse conditions or potential failure points. What key characteristic of system design should the engineer prioritize?

Availability

A cloud administrator aims to privately connect two cloud server instances located in separate Virtual Private Clouds (VPCs) on Amazon Web Services (AWS). What configuration should be used to facilitate this connection without involving an internet gateway?

By using a virtual private cloud (VPC) peering connection

A company is considering changing its current network infrastructure. The employees are evaluating the benefits and drawbacks of having a network with a single main hub versus having functions distributed among various nodes. What network design principle are they considering?

Centralized/decentralized

An organization is trying to determine the appropriate level of access controls to put in place for a certain type of data. This data includes company financial reports that should only be accessible to the senior management team. How should the organization MOST accurately classify this data?

Confidential

A financial organization is currently handling a document that contains sensitive customer information, which is protected by a non-disclosure agreement. According to data classifications, how should the financial organization categorize this data?

Confidential Data

A systems architect is designing a new data center. The architect looks at different factors such as equipment type, data center location, and power specifications. What has the architect focused on as the primary concern during this stage of the process?

Considerations

In the initial planning phase for a new data center, a systems architect is tasked with evaluating various elements that will influence the design and functionality of the facility. This evaluation includes assessing equipment types, choosing the data center's location, and specifying power requirements. What term best describes the broad range of elements the architect must consider to ensure the data center meets all operational goals?

Considerations

To address the escalating operational costs and complexities stemming from multiple standalone applications, an organization plans to restructure its software deployment process. They want to minimize overhead, increase flexibility in development environments, and enhance the efficient use of system resources. What approach would be the MOST effective?

Containerization

During a security audit in a financial institution, the auditor identifies a subset of data that, if breached, could severely impact the organization's operation. The financial institution has this data currently stored on nonoperational servers. How would the institution classify this data?

Critical

A multinational company is improving its data security strategy and asks an IT professional to apply different protective measures, ensuring that the data remains secure, whether stored, transferred, or processed. What concept is the IT professional primarily working with?

Data States

An international company is planning to store data across its various global branches and must navigate the complex legal and regulatory landscape for data storage and usage. To ensure comprehensive compliance with the varying government requirements in each region, which concept should primarily guide the organization's approach?

Data sovereignty

An IT specialist working for a multinational confectionery company needs to fortify its network security. The firm has been dealing with intrusions where raw User Datagram Protocol (UDP) messages bypass open ports due to a virus. The specialist will analyze packet data to verify that the application protocol corresponds to the port. The company also wants to track the state of sessions and prevent fraudulent session initiations. Which of the following tools should the IT specialist prioritize deploying?

Deep packet inspection firewall

The IT manager of a medium-sized organization is designing a new network infrastructure to secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is considering different deployment methods for the IPS/IDS to optimize their effectiveness. The organization's network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF). Which deployment method provides the MOST comprehensive protection in this scenario?

Deploy the IPS/IDS devices in inline mode at the network perimeter.

A network security administrator's responsibilities include enhancing the enterprise's network infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their defense strategy. The enterprise mixes internal and external services, including a web application and a virtual private network (VPN) for remote access. Which of the following should the administrator primarily consider when implementing the NGFW to ensure effective security without disrupting normal operations?

Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity.

A small logistics company is contemplating certain steps for its data centers in its quest to fortify its systems against long-term power outages. What is the MOST suitable measure the company could undertake?

Deploying onsite generators

A small start-up has recently launched its first web application. To ensure high availability and to handle potential traffic spikes, the start-up decides to implement a load balancer in its network infrastructure. The network technician must secure the load balancer against basic threats. What is the fundamental step the network technician should take to secure the load balancer?

Disable unnecessary services on the load balancer.

A security specialist is evaluating several new systems for potential integration into the company's network. Which of the following criteria is MOST directly linked to the system's setup process and maintenance scheduling?

Ease of deployment

A systems engineer must develop a design strategy for a new data center that provides services around-the-clock, and any disruptions must resolve quickly. Which of the following is a primary consideration in the engineer's design to meet these requirements?

Ease of recovery

A company transmits source code from its headquarters to a partnered third-party contract group via the internet. The network administrator wants to enhance the security of this code while it is in transit. The selected method converts data into a coded format that can only be accessed with a key and password. Which technique is being used in this scenario?

Encryption

An organization wants to improve the security of sensitive customer information stored on its servers. This sensitive customer information is "data at rest" and not currently accessed or processed. Which method should the organization consider for protecting this data?

Encryption

A global banking institution instructs its cybersecurity team to minimize the network's vulnerability to cyber threats. The team has divided the network into secure segments, initiated port security protocols, and physically segregated key servers. The team now wishes to manage the flow of traffic between the security segments to reduce the threat of attack. What approach should the cybersecurity team adopt?

Enforce role-based access control for traffic policies between zones.

An organization is considering a hybrid cloud deployment to leverage the benefits of both private and public cloud resources. While reviewing third-party vendors, what critical aspect should the employees consider for a secure and effective transition?

Establish clear service level agreements

A security engineer is updating the company's cyber security strategy. Which of the following strategies is the MOST effective in reducing the company's network attack surface?

Establish multiple control categories and functions to enforce multiple layers of protection.

An organization implements a new network infrastructure and plans to use an intrusion prevention system (IPS) for security. The IT manager wants to ensure that the IPS will continue to let traffic flow if it fails. Which failure mode should the IT manager configure the IPS?

Fail-open

An organization is implementing an intrusion prevention system (IPS) as part of its efforts to secure its enterprise infrastructure. The IT manager is considering the failure modes of the IPS and is deciding between a fail-open and a fail-closed configuration. What are the implications of each configuration on network traffic in the event of a system failure?

Fail-open will allow all traffic; fail-closed will block all traffic.

A company is redesigning its network architecture and wants to implement a zone-based security model. Which of the following is the MOST accurate statement about hosts within the same zone?

Hosts within the same zone should be subject to the same access control requirements.

A manufacturing firm is exploring implementing a network system for its plant floor operations to manage its large-scale, real-time processes and to ensure that the network is isolated from unauthorized or accidental communication with other networks. Which type of infrastructure will BEST fit the firm's needs?

ICS/SCADA infrastructure

A corporation is experiencing frequent power failures in its data center, which are causing downtime and resulting in high recovery costs. Which strategy could the corporation employ to minimize the impact of these power failures?

Implement a UPS system

An organization plans to implement a load balancer as part of its network infrastructure to manage the increased web traffic to its services. The organization tasks a network administrator with ensuring that the load balancer is configured in line with best security practices to reduce the attack surface and secure the enterprise infrastructure. The network administrator's responsibilities include evaluating the network appliances, securing connectivity, and considering device placement. What is the MOST effective security measure in this scenario?

Implement a Web Application Firewall alongside the load balancer.

A rapidly growing e-commerce company is considering changes to its current network infrastructure as it wants to use a system concept that can handle increasing workloads more efficiently and provide higher availability. The company elects to maintain its' current on-premises infrastructure and add a cloud-based solution to increase efficiency of scalability and resilience. Which infrastructure options should the company consider to address its needs?

Implement a hybrid solution with a mix of on-premises and cloud-based infrastructure.

An organization is transitioning to an Infrastructure as a Service (IaaS) model with a third-party vendor. What should the organization's security officer do to ensure the security of deployed applications and data?

Implement user identity management and access controls to cloud resources

An organization is aiming to enhance its incident response and system resilience to ensure business continuity in case of disruptions. Which testing method would BEST help the organization validate its incident response plan and backup system functionality without impacting current operations?

Implementing parallel processing tests

A multinational corporation wants to standardize and automate the setup of its Information Technology (IT) infrastructure across various branches. This would reduce manual setup errors and allow for quicker deployment and scaling of resources as per demand. Which methodology should the corporation adopt to accomplish this?

Infrastructure as code

A large organization is redesigning its network infrastructure to increase security and reduce the potential attack surface. The organization considers implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS) into its security zones. The IT manager wants to secure connectivity and considers different network appliances and port security measures. Which of the following options BEST describes the benefits and disadvantages of placing the IPS/IDS devices inline with the network traffic?

Inline placement allows for active prevention measures but can become a single point of failure.

The tech team is working on numerous tickets regarding internet access and corporate devices. What best describes the concept of devices and other technologies communicating with one another through the internet?

IoT

A systems engineer is designing a new IT infrastructure for a company that provides a highly used online service. The company wants to ensure that its service's communications are efficient and available around the clock. Which features should the engineer primarily consider during the design process? (Select the two best options.)

Load Balancing Clustering

A large organization is planning to restructure its network infrastructure to create better security boundaries and enhance control over network traffic as it undergoes expansion with an increasing number of remote employees. What should the company implement to meet these requirements?

Logical segmentation

A global e-commerce company faces challenges with its legacy monolithic application. The application is becoming increasingly difficult to maintain due to its intertwined components and struggles to scale quickly enough to handle sudden traffic surges during big sales events. The company has already invested in cloud technology and on-premises infrastructure but still faces scalability and manageability issues. What would MOST effectively address these challenges?

Microservices

During an annual review, a health services company's leadership aims to scrutinize its disaster response and data recovery protocols. They focus on effectiveness, hidden weaknesses, and clarity of employee roles during a disaster. Which course of action would BEST serve these objectives?

Organizing tabletop exercises

A systems administrator receives an alert for potential unauthorized access to sensitive data while in active memory on a server within the organization. The organization has tasked the systems administrator with enforcing stricter controls to prevent such breaches. What would be the MOST appropriate measure to implement?

Permission restrictions

A medium-sized organization is upgrading its network infrastructure to secure its enterprise infrastructure by implementing an intrusion prevention system (IPS) and an intrusion detection system (IDS). The organization has sensitive data in different security zones, and the IT manager has concerns regarding the attack surface and network connectivity. Which of the following placements of the IPS/IDS devices would be MOST effective in this scenario?

Place the IPS/IDS devices at the network perimeter to monitor inbound and outbound traffic.

A company is developing a system that requires instantaneous response to certain inputs. The system will incorporate into a larger device and will not have many resources. What type of system is likely to be MOST suitable for this scenario?

Real-time operating system

The IT department of a healthcare provider maintains a database containing personal health information for its patients. Which classification BEST suits this type of data?

Regulated

A large multinational corporation is restructuring its IT division. The corporation defines roles, responsibilities, and levels of authority for different tasks across various teams. What type of tool is the corporation likely to use to document this information?

Responsibility matrix

A prominent e-commerce company experiencing significant business growth anticipates a sharp increase in website traffic during an upcoming annual sales event. The company is wary of potential system bottlenecks or downtimes that could disrupt sales and affect reputation. What primary strategy should the company use to ensure its systems can handle the upcoming event?

Rigorous capacity planning process

A healthcare institution is building a new patient information system. It wants to ensure the system can handle the projected volume of patient records and requests, especially during peak hours, without compromising the accuracy of information and system performance. Which of the following is the MOST effective way to confirm the system's ability to manage the expected demand?

Running a simulation of the system

A hospital is putting measures in place to protect patient records. Which term BEST describes how the hospital should classify patient data?

Sensitive

A rock band wants to deploy a system that requires little to no infrastructure setup for communicating with their fans upon arrival at concerts and providing them with relevant hashtags for participation. Which type of cloud service model would be MOST beneficial to recommend to the rock band?

Software as a service

A medium-sized organization elects to redesign its network security infrastructure. The IT manager is considering implementing a proxy server to enhance security and improve client performance. The organization's network includes a virtual private network (VPN) for remote access, multiple security zones, and a Unified Threat Management (UTM) system. Which of the following is the primary benefit of implementing a proxy server in this scenario?

The proxy server can perform application-layer filtering, enhancing network traffic security.

As a financial institution implementing a new security control device to protect its network infrastructure, it wants to ensure that in the event of a failure, the confidentiality and integrity of its financial data take precedence over system availability. What should the financial institution set as the failure mode configuration for this security control device?

The security control device should be configured to fail-closed.

A hospital has implemented a security device that processes sensitive patient information. The hospital wants to ensure that in the event of a failure, the confidentiality and integrity of the patient data take priority over the system's availability. What should the hospital set as the failure mode configuration for this security device?

The security device should be configured to fail-closed.

A tech startup develops a unique algorithm that provides a significant competitive edge in the market. To maintain this edge, the startup needs to ensure the highest level of protection for this information. How should this startup categorize and handle this unique algorithm?

The startup should categorize the algorithm as a trade secret and protect it using non-disclosure agreements.

An organization wants to implement a hybrid cloud strategy and understand the security implications of its responsibility matrix. What should the organization consider in this analysis?

They should balance security duties between on-premises and cloud to ensure a clear definition in the responsibility matrix.


संबंधित स्टडी सेट्स

Combo with "Economics" and 1 other

View Set

Unit 2 Interactions Among Branches of Gov

View Set

Intro. to Research Methods Chapters 1-7 Review

View Set

ACC 615 Ch 6 SmartBook, Lecture Video & Powerpoint

View Set

Geography 5.02 Where Is Western Europe?

View Set

Apologia Chemistry and Physics Unit 4 Quiz

View Set

Section Two: Religion and Hegemonies in the Long Nineteenth-Century

View Set