Domain 3.0 Security Architecture Assessment

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

By using a virtual private cloud (VPC) peering connection

A cloud administrator aims to privately connect two cloud server instances located in separate Virtual Private Clouds (VPCs) on Amazon Web Services (AWS). What configuration should be used to facilitate this connection without involving an internet gateway?

Centralized/decentralized

A company is considering changing its current network infrastructure. The employees are evaluating the benefits and drawbacks of having a network with a single main hub versus having functions distributed among various nodes. What network design principle are they considering?

Serverless platforms and software-defined networking (SDN)

A company is deploying a software service to monitor traffic and enforce security policies in its cloud environment. Considering the need for responsiveness, which technology should the company consider using?

Hosts within the same zone should be subject to the same access control requirements.

A company is redesigning its network architecture and wants to implement a zone-based security model. Which of the following is the MOST accurate statement about hosts within the same zone?

Implement a UPS system

A corporation is experiencing frequent power failures in its data center, which are causing downtime and resulting in high recovery costs. Which strategy could the corporation employ to minimize the impact of these power failures?

Confidential data

A financial organization is currently handling a document that contains sensitive customer information, which is protected by a non-disclosure agreement. According to data classifications, how should the financial organization categorize this data?

Enforce role-based access control for traffic policies between zones.

A global banking institution instructs its cybersecurity team to minimize the network's vulnerability to cyber threats. The team has divided the network into secure segments, initiated port security protocols, and physically segregated key servers. The team now wishes to manage the flow of traffic between the security segments to reduce the threat of attack. What approach should the cybersecurity team adopt?

Running a simulation of the system

A healthcare institution is building a new patient information system. It wants to ensure the system can handle the projected volume of patient records and requests, especially during peak hours, without compromising the accuracy of information and system performance. Which of the following is the MOST effective way to confirm the system's ability to manage the expected demand?

The security device should be configured to fail-closed.

A hospital has implemented a security device that processes sensitive patient information. The hospital wants to ensure that in the event of a failure, the confidentiality and integrity of the patient data take priority over the system's availability. What should the hospital set as the failure mode configuration for this security device?

Sensitive

A hospital is putting measures in place to protect patient records. Which term BEST describes how the hospital should classify patient data?

The proxy server can perform application-layer filtering, enhancing network traffic security.

A medium-sized organization elects to redesign its network security infrastructure. The IT manager is considering implementing a proxy server to enhance security and improve client performance. The organization's network includes a virtual private network (VPN) for remote access, multiple security zones, and a Unified Threat Management (UTM) system. Which of the following is the primary benefit of implementing a proxy server in this scenario?

Place the IPS/IDS devices at the network perimeter to monitor inbound and outbound traffic.

A medium-sized organization is upgrading its network infrastructure to secure its enterprise infrastructure by implementing an intrusion prevention system (IPS) and an intrusion detection system (IDS). The organization has sensitive data in different security zones, and the IT manager has concerns regarding the attack surface and network connectivity. Which of the following placements of the IPS/IDS devices would be MOST effective in this scenario?

Data states

A multinational company is improving its data security strategy and asks an IT professional to apply different protective measures, ensuring that the data remains secure, whether stored, transferred, or processed. What concept is the IT professional primarily working with?

For non-human-readable data: encryption, access controls, data loss prevention and secure data exchange.For human-readable data: monitoring, user awareness, and intrusion detection.

A multinational corporation handles both human-readable and non-human-readable data. Which of the following statements accurately represent the recommended security measures for each type of data?

Private

A network administrator configures the security for data transmitted by employees working remotely. The data includes personal employee information such as addresses and phone numbers. Which category does this scenario BEST fit?

Availability

A network engineer is optimizing an existing cloud-based system. The primary goal is to ensure the system remains operational, minimizing downtime, even under adverse conditions or potential failure points. What key characteristic of system design should the engineer prioritize?

Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity.

A network security administrator's responsibilities include enhancing the enterprise's network infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their defense strategy. The enterprise mixes internal and external services, including a web application and a virtual private network (VPN) for remote access. Which of the following should the administrator primarily consider when implementing the NGFW to ensure effective security without disrupting normal operations?

Software as a service

A rock band wants to deploy a system that requires little to no infrastructure setup for communicating with their fans upon arrival at concerts and providing them with relevant hashtags for participation. Which type of cloud service model would be MOST beneficial to recommend to the rock band?

Ease of recovery

A systems engineer must develop a design strategy for a new data center that provides services around-the-clock, and any disruptions must resolve quickly. Which of the following is a primary consideration in the engineer's design to meet these requirements?

The startup should categorize the algorithm as a trade secret and protect it using non-disclosure agreements.

A tech startup develops a unique algorithm that provides a significant competitive edge in the market. To maintain this edge, the startup needs to ensure the highest level of protection for this information. How should this startup categorize and handle this unique algorithm?

Performing failover tests

An organization is aiming to enhance its incident response and system resilience to ensure business continuity in case of disruptions. Which testing method would BEST help the organization validate its incident response plan and backup system functionality without impacting current operations?

Establish clear service level agreements

An organization is considering a hybrid cloud deployment to leverage the benefits of both private and public cloud resources. While reviewing third-party vendors, what critical aspect should the employees consider for a secure and effective transition?

Implement user identity management and access controls to cloud resources

An organization is transitioning to an Infrastructure as a Service (IaaS) model with a third-party vendor. What should the organization's security officer do to ensure the security of deployed applications and data?

The security control device should be configured to fail-closed.

As a financial institution implementing a new security control device to protect its network infrastructure, it wants to ensure that in the event of a failure, the confidentiality and integrity of its financial data take precedence over system availability. What should the financial institution set as the failure mode configuration for this security control device?

Critical

During a security audit in a financial institution, the auditor identifies a subset of data that, if breached, could severely impact the organization's operation. The financial institution has this data currently stored on nonoperational servers. How would the institution classify this data?

Organizing tabletop exercises

During an annual review, a health services company's leadership aims to scrutinize its disaster response and data recovery protocols. They focus on effectiveness, hidden weaknesses, and clarity of employee roles during a disaster. Which course of action would BEST serve these objectives?

Considerations

In the initial planning phase for a new data center, a systems architect is tasked with evaluating various elements that will influence the design and functionality of the facility. This evaluation includes assessing equipment types, choosing the data center's location, and specifying power requirements. What term best describes the broad range of elements the architect must consider to ensure the data center meets all operational goals?

A company is developing a system that requires instantaneous response to certain inputs. The system will incorporate into a larger device and will not have many resources. What type of system is likely to be MOST suitable for this scenario?

Real-time operating system

Regulated

The IT department of a healthcare provider maintains a database containing personal health information for its patients. Which classification BEST suits this type of data?

Deploy the IPS/IDS devices in inline mode at the network perimeter.

The IT manager of a medium-sized organization is designing a new network infrastructure to secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is considering different deployment methods for the IPS/IDS to optimize their effectiveness. The organization's network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF). Which deployment method provides the MOST comprehensive protection in this scenario?

Implement EAP and RADIUS.

The security team at a multinational cloud services company is working on their port security. They implemented basic Media Access Control (MAC) address filtering on all switch ports, but they have concerns about the risk of MAC spoofing and the management overhead of maintaining a list of valid MAC addresses. To address these concerns, they now require strong authentication before a user can obtain full network access. Which of the following measures should the team implement next?

Containerization

To address the escalating operational costs and complexities stemming from multiple standalone applications, an organization plans to restructure its software deployment process. They want to minimize overhead, increase flexibility in development environments, and enhance the efficient use of system resources. What approach would be the MOST effective?

Encryption

A company transmits source code from its headquarters to a partnered third-party contract group via the internet. The network administrator wants to enhance the security of this code while it is in transit. The selected method converts data into a coded format that can only be accessed with a key and password. Which technique is being used in this scenario?

Apply the principle of least privilege when defining traffic policies between zones.

A financial services company tasks its IT security team with reducing the network's attack surface. They have segmented the network into security zones, put port security measures in place, and physically isolated critical servers. The IT security team wants to further reduce the risk of attack by managing traffic flow between security zones. Which of the following measures should the team implement?

Microservices

A global e-commerce company faces challenges with its legacy monolithic application. The application is becoming increasingly difficult to maintain due to its intertwined components and struggles to scale quickly enough to handle sudden traffic surges during big sales events. The company has already invested in cloud technology and on-premises infrastructure but still faces scalability and manageability issues. What would MOST effectively address these challenges?

Responsibility matrix

A large multinational corporation is restructuring its IT division. The corporation defines roles, responsibilities, and levels of authority for different tasks across various teams. What type of tool is the corporation likely to use to document this information?

Logical segmentation

A large organization is planning to restructure its network infrastructure to create better security boundaries and enhance control over network traffic as it undergoes expansion with an increasing number of remote employees. What should the company implement to meet these requirements?

Distribute servers across different secure locations for redundancy, disable unused ports, and implement 802.1X authentication.

A large organization is redesigning its network and is considering the placement of servers and networking equipment, and is enabling switch port security. The primary concern is maintaining the high availability of services and securing the network infrastructure from unauthorized access. What approach should the organization adopt to address these concerns?

ICS/SCADA infrastructure

A manufacturing firm is exploring implementing a network system for its plant floor operations to manage its large-scale, real-time processes and to ensure that the network is isolated from unauthorized or accidental communication with other networks. Which type of infrastructure will BEST fit the firm's needs?

Infrastructure as code

A multinational corporation wants to standardize and automate the setup of its Information Technology (IT) infrastructure across various branches. This would reduce manual setup errors and allow for quicker deployment and scaling of resources as per demand. Which methodology should the corporation adopt to accomplish this?

Public

A national park posts information about its flora and fauna on its website. This information does not contain any personally identifiable information or sensitive government data. How should the park service classify this data?

Group hosts into VLANs based on department, function, or security requirements.

A network engineer is segmenting a company's network to improve security. In terms of routing infrastructure, which of the following strategies would the engineer employ to segment different types of hosts attached to the same switch?

Deploy a cold site

A nonprofit organization with limited funds needs a cost-effective disaster recovery plan that doesn't necessitate immediate resumption of services after a disaster. What is significantly less expensive as it focuses solely on providing infrastructure until a disaster occurs?

Implement a hybrid solution with a mix of on-premises and cloud-based infrastructure.

A rapidly growing e-commerce company is considering changes to its current network infrastructure as it wants to use a system concept that can handle increasing workloads more efficiently and provide higher availability. The company elects to maintain its' current on-premises infrastructure and add a cloud-based solution to increase efficiency of scalability and resilience. Which infrastructure options should the company consider to address its needs?

Establish multiple control categories and functions to enforce multiple layers of protection.

A security engineer is updating the company's cyber security strategy. Which of the following strategies is the MOST effective in reducing the company's network attack surface?

Ease of deployment

A security specialist is evaluating several new systems for potential integration into the company's network. Considering the initial setup process and the system's ability to adapt efficiently to maintenance needs, especially in patch management, which of the following criteria is MOST directly linked?

Deploying onsite generators

A small logistics company is contemplating certain steps for its data centers in its quest to fortify its systems against long-term power outages. What is the MOST suitable measure the company could undertake?

Disable unnecessary services on the load balancer.

A small start-up has recently launched its first web application. To ensure high availability and to handle potential traffic spikes, the start-up decides to implement a load balancer in its network infrastructure. The network technician must secure the load balancer against basic threats. What is the fundamental step the network technician should take to secure the load balancer?

Permission restrictions

A systems administrator receives an alert for potential unauthorized access to sensitive data while in active memory on a server within the organization. The organization has tasked the systems administrator with enforcing stricter controls to prevent such breaches. What would be the MOST appropriate measure to implement?

Load balancing and clustering

A systems engineer is designing a new IT infrastructure for a company that provides a highly used online service. The company wants to ensure that its service's communications are efficient and available around the clock. Which features should the engineer primarily consider during the design process? (Select the two best options.)

Deep packet inspection firewall

An IT specialist working for a multinational confectionery company needs to fortify its network security. The firm has been dealing with intrusions where raw User Datagram Protocol (UDP) messages bypass open ports due to a virus. The specialist will analyze packet data to verify that the application protocol corresponds to the port. The company also wants to track the state of sessions and prevent fraudulent session initiations. Which of the following tools should the IT specialist prioritize deploying?

Data sovereignty

An international company is planning to store data across its various global branches and must navigate the complex legal and regulatory landscape for data storage and usage. To ensure comprehensive compliance with the varying government requirements in each region, which concept should primarily guide the organization's approach?

Fail-open

An organization implements a new network infrastructure and plans to use an intrusion prevention system (IPS) for security. The IT manager wants to ensure that the IPS will continue to let traffic flow if it fails. Which failure mode should the IT manager configure the IPS?

Fail-open will allow all traffic; fail-closed will block all traffic.

An organization is implementing an intrusion prevention system (IPS) as part of its efforts to secure its enterprise infrastructure. The IT manager is considering the failure modes of the IPS and is deciding between a fail-open and a fail-closed configuration. What are the implications of each configuration on network traffic in the event of a system failure?

Trade secret data

An organization is looking to gain a competitive advantage by using proprietary algorithms to offer a newly designed automation service to customers that is not offered by any competitors. What type of data is presented in this scenario?

Implement a Web Application Firewall alongside the load balancer.

An organization plans to implement a load balancer as part of its network infrastructure to manage the increased web traffic to its services. The organization tasks a network administrator with ensuring that the load balancer is configured in line with best security practices to reduce the attack surface and secure the enterprise infrastructure. The network administrator's responsibilities include evaluating the network appliances, securing connectivity, and considering device placement. What is the MOST effective security measure in this scenario?

They should balance security duties between on-premises and cloud to ensure a clear definition in the responsibility matrix.

An organization wants to implement a hybrid cloud strategy and understand the security implications of its responsibility matrix. What should the organization consider in this analysis?

Encryption

An organization wants to improve the security of sensitive customer information stored on its servers. This sensitive customer information is "data at rest" and not currently accessed or processed. Which method should the organization consider for protecting this data?


Set pelajaran terkait

PoR CH 10 REAL ESTATE CONTRACT LAW

View Set

Dynamic Christian Living Lesson 17: Prerequisites for Answered Prayer

View Set

FI 201 Personal Financial Managment

View Set