Sec + CertMaster SY0-701 Domain 3 Assessment

A hospital has implemented a security device that processes sensitive patient information. The hospital wants to ensure that in the event of a failure, the confidentiality and integrity of the patient data take priority over the system's availability. What should the hospital set as the failure mode configuration for this security device?

A hospital has implemented a security device that processes sensitive patient information. The hospital wants to ensure that in the event of a failure, the confidentiality and integrity of the patient data take priority over the system's availability. What should the hospital set as the failure mode configuration for this security device?

A financial services company tasks its IT security team with reducing the network's attack surface. They have segmented the network into security zones, put port security measures in place, and physically isolated critical servers. The IT security team wants to further reduce the risk of attack by managing traffic flow between security zones. Which of the following measures should the team implement?

Apply the principle of least privilege when defining traffic policies between zones.

A network engineer is segmenting a company's network to improve security. In terms of routing infrastructure, which of the following strategies would the engineer employ to segment different types of hosts attached to the same switch?

Assign each host to a different virtual local area network (VLAN).

A network engineer is optimizing an existing cloud-based system. The primary goal is to ensure the system remains operational, minimizing downtime, even under adverse conditions or potential failure points. What key characteristic of system design should the engineer prioritize?

Availability

A cloud administrator wants to directly connect a cloud server instance with another cloud server instance privately on Amazon Web Services (AWS). How can the administrator configure them without going through an internet gateway?

By using a virtual private cloud (VPC) peering connection

A company is considering changing its current network infrastructure. The employees are evaluating the benefits and drawbacks of having a network with a single main hub versus having functions distributed among various nodes. What network design principle are they considering?

Centralized/decentralized

A financial organization is currently handling a document that contains sensitive customer information, including financial details and social security numbers. According to data classifications, how should the financial organization categorize this data?

Confidential data

A systems architect is designing a new data center. The architect looks at different factors such as equipment type, data center location, and power specifications. What is the primary concern during this stage of the process?

Considerations

To address the escalating operational costs and complexities stemming from multiple standalone applications, an organization plans to restructure its software deployment process. They want to minimize overhead, increase flexibility in development environments, and enhance the efficient use of system resources. What approach would be the MOST effective?

Containerization

During a security audit in a financial institution, the auditor identifies a subset of data that, if breached, could severely impact the organization's operation. The financial institution has this data currently stored on nonoperational servers. How would the institution classify this data?

Critical

Planning to store data from various global branches, an international company is assessing the legal and regulatory compliance requirements for data storage and usage. What should the organization consider in its analysis of government requirements?

Data sovereignty

An IT specialist working for a multinational confectionery company needs to fortify its network security. The firm has been dealing with intrusions where raw User Datagram Protocol (UDP) packets bypass open ports due to a virus. The specialist will analyze packet data to verify that the application protocol corresponds to the port. The company also wants to track the state of sessions and prevent fraudulent session initiations. Which of the following tools should the IT specialist prioritize deploying?

Deep packet inspection firewall

A nonprofit organization with limited funds needs a cost-effective disaster recovery plan that doesn't necessitate immediate resumption of services after a disaster. Which strategy is the MOST suitable?

Deploy a cold site

The IT manager of a medium-sized organization is designing a new network infrastructure to secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is considering different deployment methods for the IPS/IDS to optimize their effectiveness. The organization's network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF). Which deployment method provides the MOST comprehensive protection in this scenario?

Deploy the IPS/IDS devices in inline mode at the network perimeter.

A network security administrator's responsibilities include enhancing the enterprise's network infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their defense strategy. The enterprise mixes internal and external services, including a web application and a virtual private network (VPN) for remote access. Which of the following should the administrator primarily consider when implementing the NGFW to ensure effective security without disrupting normal operations?

Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity.

A large organization is redesigning its network and is considering the placement of servers and networking equipment, and is enabling switch port security. The primary concern is maintaining the high availability of services and securing the network infrastructure from unauthorized access. What approach should the organization adopt to address these concerns?

Distribute servers across different secure locations for redundancy, disable unused ports, and implement 802.1X authentication.

A security specialist is evaluating several new systems for potential integration into the company's network. Which of the following criteria is MOST directly linked to the system's setup process and maintenance scheduling?

Ease of deployment

A systems engineer must develop a design strategy for a new data center that provides services around-the-clock, and any disruptions must resolve quickly. Which of the following is a primary consideration in the engineer's design to meet these requirements?

Ease of recovery

An organization wants to improve the security of sensitive customer information stored on its servers. This sensitive customer information is "data at rest" and not currently accessed or processed. Which method should the organization consider for protecting this data?

Encryption

A global banking institution instructs its cybersecurity team to minimize the network's vulnerability to cyber threats. The team has divided the network into secure segments, initiated port security protocols, and physically segregated key servers. The team now wishes to manage the flow of traffic between the security segments to reduce the threat of attack. What approach should the cybersecurity team adopt?

Enforce role-based access control for traffic policies between zones.

An organization is considering a hybrid cloud deployment to leverage the benefits of both private and public cloud resources. While reviewing third-party vendors, what critical aspect should the employees consider for a secure and effective transition?

Establish clear service level agreements

A security engineer is updating the company's cyber security strategy. Which of the following strategies is the MOST effective in reducing the company's network attack surface?

Establish multiple control categories and functions to enforce multiple layers of protection.

A major e-commerce company is planning for a disaster recovery strategy that balances minimal data loss, quick recovery, and budget considerations. It needs a recovery site that does not necessitate instant recovery but restores critical systems promptly. Which option BEST suits the company's recovery site requirements?

Establishing a warm site

An organization implements a new network infrastructure and plans to use an intrusion prevention system (IPS) for security. The IT manager wants to ensure that the IPS will continue to let traffic flow if it fails. Which failure mode should the IT manager configure the IPS?

Fail-open

An organization is implementing an intrusion prevention system (IPS) as part of its efforts to secure its enterprise infrastructure. The IT manager is considering the failure modes of the IPS and is deciding between a fail-open and a fail-closed configuration. What are the implications of each configuration on network traffic in the event of a system failure?

Fail-open will allow all traffic; fail-closed will block all traffic.

A multinational corporation handles both human-readable and non-human-readable data. Which of the following statements accurately represent the recommended security measures for each type of data?

For non-human-readable data: encryption, access controls, intrusion detection/prevention, and secure data exchange. For human-readable data: monitoring, user awareness, encryption, and secure data exchange.

A company is redesigning its network architecture and wants to implement a zone-based security model. Which of the following is the MOST accurate statement about hosts within the same zone?

Hosts within the same zone should be subject to the same access control requirements.

The security team at a multinational cloud services company is working on their port security. They implemented basic Media Access Control (MAC) address filtering on all switch ports, but they have concerns about the risk of MAC spoofing and the management overhead of maintaining a list of valid MAC addresses. To address these concerns, they now require strong authentication before a user can obtain full network access. Which of the following measures should the team implement next?

Implement EAP and RADIUS.

A corporation is experiencing frequent power failures in its data center, which are causing downtime and resulting in high recovery costs. Which strategy could the corporation employ to minimize the impact of these power failures?

Implement a UPS system

An organization plans to implement a load balancer as part of its network infrastructure to manage the increased web traffic to its services. The organization tasks a network administrator with ensuring that the load balancer configures in line with best security practices to reduce the attack surface and secure the enterprise infrastructure. The network administrator's responsibilities include evaluating the network appliances, securing connectivity, and considering device placement. What is the MOST effective security measure in this scenario?

Implement a Web Application Firewall alongside the load balancer.

A rapidly growing e-commerce company is considering changes to its current on-premises network infrastructure to handle increasing workloads better and provide high availability. The company expresses concerns about the potential costs and complexity associated with scalability and ease of recovery from potential failures. Which infrastructure options should the company consider to address its needs?

Implement a hybrid solution with a mix of on-premises and cloud-based infrastructure.

An organization is transitioning to an Infrastructure as a Service (IaaS) model with a third-party vendor. What should the organization's security officer do to ensure the security of deployed applications and data?

Implement user identity management and access controls to cloud resources

A multinational corporation wants to standardize and automate the setup of its Information Technology (IT) infrastructure across various branches. This would reduce manual setup errors and allow for quicker deployment and scaling of resources as per demand. Which methodology should the corporation adopt to accomplish this?

Infrastructure as code

A large organization is redesigning its network infrastructure to increase security and reduce the potential attack surface. The organization considers implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS) into its security zones. The IT manager wants to secure connectivity and considers different network appliances and port security measures. Which of the following options BEST describes the benefits and disadvantages of placing the IPS/IDS devices inline with the network traffic?

Inline placement allows for active prevention measures but can become a single point of failure.

In a small office building, the operations team wants to automate various processes and enable real-time monitoring of systems over the internet. Which technology is best suited for this task?

IoT

A systems engineer is designing a new IT infrastructure for a company that provides a highly used online service. The company wants to ensure that its service's communications are efficient and available around the clock. Which features should the engineer primarily consider during the design process? (Select the two best options.)

Load balancing Clustering

A large organization is planning to restructure its network infrastructure to create better security boundaries and enhance control over network traffic as it undergoes rapid expansion with an increasing number of remote employees. What should the company implement to meet these requirements?

Logical segmentation

A global e-commerce company faces challenges with its legacy monolithic application. The application is becoming increasingly difficult to maintain due to its intertwined components and struggles to scale quickly enough to handle sudden traffic surges during big sales events. The company has already invested in cloud technology and on-premises infrastructure but still faces scalability and manageability issues. What would MOST effectively address these challenges?

Microservices

During an annual review, a health services company's leadership aims to scrutinize its disaster response and data recovery protocols. They focus on effectiveness, hidden weaknesses, and clarity of employee roles during a disaster. Which course of action would BEST serve these objectives?

Organizing tabletop exercises

A systems administrator receives an alert for potential unauthorized access to sensitive data while in active memory on a server within the organization. The organization has tasked the systems administrator with enforcing stricter controls to prevent such breaches. What would be the MOST appropriate measure to implement?

Permission restrictions

A medium-sized organization is upgrading its network infrastructure to secure its enterprise infrastructure by implementing an intrusion prevention system (IPS) and an intrusion detection system (IDS). The organization has sensitive data in different security zones, and the IT manager has concerns regarding the attack surface and network connectivity. Which of the following placements of the IPS/IDS devices would be MOST effective in this scenario?

Place the IPS/IDS devices at the network perimeter to monitor inbound and outbound traffic.

A network administrator configures the security for data transmitted by employees working remotely. The data includes personal employee information such as addresses and phone numbers. Which category does this scenario BEST fit?

Private

A national park posts information about its flora and fauna on its website. This information does not contain any personally identifiable information or sensitive government data. How should the park service classify this data?

Public

A company is developing a system that requires instantaneous response to certain inputs. The system will incorporate into a larger device and will not have many resources. What type of system is likely to be MOST suitable for this scenario?

Real-time operating system

The IT department of a healthcare provider maintains a database containing personal health information for its patients. Which classification BEST suits this type of data?

Regulated

A large multinational corporation is restructuring its IT division. The corporation defines roles, responsibilities, and levels of authority for different tasks across various teams. What type of tool is the corporation likely to use to document this information?

Responsibility matrix

A healthcare institution is building a new patient information system. It wants to ensure the system can handle the projected volume of patient records and requests, especially during peak hours, without compromising the accuracy of information and system performance. Which of the following is the MOST effective way to confirm the system's ability to manage the expected demand?

Running a simulation of the system

A company is deploying a software service to monitor traffic and enforce security policies in its cloud environment. Considering the need for responsiveness, which technology should the company consider using?

Serverless platforms and software-defined networking (SDN)

A rock band wishes to set up a system for communicating with their fans upon arrival at concerts and providing them with relevant hashtags for participation. Which type of cloud service model would be MOST beneficial to recommend to the rock band?

Software as a service

A medium-sized organization elects to redesign its network security infrastructure. The IT manager is considering implementing a proxy server to enhance security and improve client performance. The organization's network includes a virtual private network (VPN) for remote access, multiple security zones, and a Unified Threat Management (UTM) system. Which of the following is the primary benefit of implementing a proxy server in this scenario?

The proxy server can perform application-layer filtering, enhancing network traffic security.

As a financial institution implementing a new security control device to protect its network infrastructure, it wants to ensure that in the event of a failure, the confidentiality and integrity of its financial data take precedence over system availability. What should the financial institution set as the failure mode configuration for this security control device?

The security control device should be configured to fail-closed.

An organization wants to implement a hybrid cloud strategy and understand the security implications of its responsibility matrix. What should the organization consider in this analysis?

They should balance security duties between on-premises and cloud to ensure a clear definition in the responsibility matrix.