CompTIA Sec+ SY0-701

Ace your homework & exams now with Quizwiz!

A network engineer is segmenting a company's network to improve security. In terms of routing infrastructure, which of the following strategies would the engineer employ to segment different types of hosts attached to the same switch?

Assign each host to a different virtual local area network (VLAN).

A network security administrator's responsibilities include enhancing the enterprise's network infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their defense strategy. The enterprise mixes internal and external services, including a web application and a virtual private network (VPN) for remote access. Which of the following should the administrator primarily consider when implementing the NGFW to ensure effective security without disrupting normal operations?

Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity.

A large organization is redesigning its network and is considering the placement of servers and networking equipment, and is enabling switch port security. The primary concern is maintaining the high availability of services and securing the network infrastructure from unauthorized access. What approach should the organization adopt to address these concerns?

Distribute servers across different secure locations for redundancy, disable unused ports, and implement 802.1X authentication.

A security specialist is evaluating several new systems for potential integration into the company's network. Which of the following criteria is MOST directly linked to the system's setup process and maintenance scheduling?

Ease of deployment

A systems engineer must develop a design strategy for a new data center that provides services around-the-clock, and any disruptions must resolve quickly. Which of the following is a primary consideration in the engineer's design to meet these requirements?

Ease of recovery

An organization wants to improve the security of sensitive customer information stored on its servers. This sensitive customer information is "data at rest" and not currently accessed or processed. Which method should the organization consider for protecting this data?

Encryption

A global banking institution instructs its cybersecurity team to minimize the network's vulnerability to cyber threats. The team has divided the network into secure segments, initiated port security protocols, and physically segregated key servers. The team now wishes to manage the flow of traffic between the security segments to reduce the threat of attack. What approach should the cybersecurity team adopt?

Enforce role-based access control for traffic policies between zones

A global banking institution instructs its cybersecurity team to minimize the network's vulnerability to cyber threats. The team has divided the network into secure segments, initiated port security protocols, and physically segregated key servers. The team now wishes to manage the flow of traffic between the security segments to reduce the threat of attack. What approach should the cybersecurity team adopt?

Enforce role-based access control for traffic policies between zones.

An organization is considering a hybrid cloud deployment to leverage the benefits of both private and public cloud resources. While reviewing third-party vendors, what critical aspect should the employees consider for a secure and effective transition?

Establish clear service level agreements

A security engineer is updating the company's cyber security strategy. Which of the following strategies is the MOST effective in reducing the company's network attack surface?

Establish multiple control categories and functions to enforce multiple layers of protection.

An organization implements a new network infrastructure and plans to use an intrusion prevention system (IPS) for security. The IT manager wants to ensure that the IPS will continue to let traffic flow if it fails. Which failure mode should the IT manager configure the IPS?

Fail-open

An organization is implementing an intrusion prevention system (IPS) as part of its efforts to secure its enterprise infrastructure. The IT manager is considering the failure modes of the IPS and is deciding between a fail-open and a fail-closed configuration. What are the implications of each configuration on network traffic in the event of a system failure?

Fail-open will allow all traffic; fail-closed will block all traffic.

An organization is transitioning to an Infrastructure as a Service (IaaS) model with a third-party vendor. What should the organization's security officer do to ensure the security of deployed applications and data?

Implement user identity management and access controls to cloud resources

A systems engineer is designing a new IT infrastructure for a company that provides a highly used online service. The company wants to ensure that its service's communications are efficient and available around the clock. Which features should the engineer primarily consider during the design process? (Select the two best options.)

Load balancing & Clustering

A prominent e-commerce company experiencing significant business growth anticipates a sharp increase in website traffic during an upcoming annual sales event. The company is wary of potential system bottlenecks or downtimes that could disrupt sales and affect reputation. What primary strategy should the company use to ensure its systems can handle the upcoming event?

Rigorous capacity planning process

A company is deploying a software service to monitor traffic and enforce security policies in its cloud environment. Considering the need for responsiveness, which technology should the company consider using?

Serverless platforms and software-defined networking (SDN)????

A tech startup develops a unique algorithm that provides a significant competitive edge in the market. To maintain this edge, the startup needs to ensure the highest level of protection for this information. How should this startup categorize and handle this unique algorithm?

The startup should categorize the algorithm as a trade secret and protect it using non-disclosure agreements.

A network engineer is optimizing an existing cloud-based system. The primary goal is to ensure the system remains operational, minimizing downtime, even under adverse conditions or potential failure points. What key characteristic of system design should the engineer prioritize?

Availability

A cloud administrator wants to directly connect a cloud server instance with another cloud server instance privately on Amazon Web Services (AWS). How can the administrator configure them without going through an internet gateway?

By using a virtual private cloud (VPC) peering connection

A company is considering changing its current network infrastructure. The employees are evaluating the benefits and drawbacks of having a network with a single main hub versus having functions distributed among various nodes. What network design principle are they considering?

Centralized/decentralized

A financial organization is currently handling a document that contains sensitive customer information, including financial details and social security numbers. According to data classifications, how should the financial organization categorize this data?

Confidential data

A systems architect is designing a new data center. The architect looks at different factors such as equipment type, data center location, and power specifications. What is the primary concern during this stage of the process?

Considerations

To address the escalating operational costs and complexities stemming from multiple standalone applications, an organization plans to restructure its software deployment process. They want to minimize overhead, increase flexibility in development environments, and enhance the efficient use of system resources. What approach would be the MOST effective?

Containerization

During a security audit in a financial institution, the auditor identifies a subset of data that, if breached, could severely impact the organization's operation. The financial institution has this data currently stored on nonoperational servers. How would the institution classify this data?

Critical

A corporation is experiencing frequent power failures in its data center, which are causing downtime and resulting in high recovery costs. Which strategy could the corporation employ to minimize the impact of these power failures?

Implement a UPS system

A rapidly growing e-commerce company is considering changes to its current on-premises network infrastructure to handle increasing workloads better and provide high availability. The company expresses concerns about the potential costs and complexity associated with scalability and ease of recovery from potential failures. Which infrastructure options should the company consider to address its needs?

Implement a hybrid solution with a mix of on-premises and cloud-based infrastructure.

In a small office building, the operations team wants to automate various processes and enable real-time monitoring of systems over the internet. Which technology is best suited for this task?

IoT

A financial services company tasks its IT security team with reducing the network's attack surface. They have segmented the network into security zones, put port security measures in place, and physically isolated critical servers. The IT security team wants to further reduce the risk of attack by managing traffic flow between security zones. Which of the following measures should the team implement?

Apply the principle of least privilege when defining traffic policies between zones.

An IT specialist working for a multinational confectionery company needs to fortify its network security. The firm has been dealing with intrusions where raw User Datagram Protocol (UDP) packets bypass open ports due to a virus. The specialist will analyze packet data to verify that the application protocol corresponds to the port. The company also wants to track the state of sessions and prevent fraudulent session initiations. Which of the following tools should the IT specialist prioritize deploying?

Deep packet inspection firewall

A nonprofit organization with limited funds needs a cost-effective disaster recovery plan that doesn't necessitate immediate resumption of services after a disaster. Which strategy is the MOST suitable?

Deploy a cold site

A manufacturing firm is exploring implementing a network system for its plant floor operations to manage its large-scale, real-time processes and to ensure that the network is isolated from unauthorized or accidental communication with other networks. Which type of infrastructure will BEST fit the firm's needs?

ICS/SCADA infrastructure

The IT manager of a medium-sized organization is designing a new network infrastructure to secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is considering different deployment methods for the IPS/IDS to optimize their effectiveness. The organization's network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF). Which deployment method provides the MOST comprehensive protection in this scenario?

Deploy the IPS/IDS devices in inline mode at the network perimeter.

A small logistics company is contemplating certain steps for its data centers in its quest to fortify its systems against long-term power outages. What is the MOST suitable measure the company could undertake?

Deploying onsite generators

A company is transmitting source code from its headquarters to a remote branch over the Internet. The network administrator wants to enhance the security of this code while it is in transit. While maintaining readability is not alarming for the organization, they have increased concerns about ensuring the code is difficult to understand if intercepted. Which technique should the administrator use?

Obfuscation

During an annual review, a health services company's leadership aims to scrutinize its disaster response and data recovery protocols. They focus on effectiveness, hidden weaknesses, and clarity of employee roles during a disaster. Which course of action would BEST serve these objectives?

Organizing tabletop exercises

A medium-sized organization is upgrading its network infrastructure to secure its enterprise infrastructure by implementing an intrusion prevention system (IPS) and an intrusion detection system (IDS). The organization has sensitive data in different security zones, and the IT manager has concerns regarding the attack surface and network connectivity. Which of the following placements of the IPS/IDS devices would be MOST effective in this scenario?

Place the IPS/IDS devices at the network perimeter to monitor inbound and outbound traffic.

A national park posts information about its flora and fauna on its website. This information does not contain any personally identifiable information or sensitive government data. How should the park service classify this data?

Public

A company is developing a system that requires instantaneous response to certain inputs. The system will incorporate into a larger device and will not have many resources. What type of system is likely to be MOST suitable for this scenario?

Real-Time operating system?

A rock band wishes to set up a system for communicating with their fans upon arrival at concerts and providing them with relevant hashtags for participation. Which type of cloud service model would be MOST beneficial to recommend to the rock band?

Software as a service

A medium-sized organization elects to redesign its network security infrastructure. The IT manager is considering implementing a proxy server to enhance security and improve client performance. The organization's network includes a virtual private network (VPN) for remote access, multiple security zones, and a Unified Threat Management (UTM) system. Which of the following is the primary benefit of implementing a proxy server in this scenario?

The proxy server can perform application-layer filtering, enhancing network traffic security.

As a financial institution implementing a new security control device to protect its network infrastructure, it wants to ensure that in the event of a failure, the confidentiality and integrity of its financial data take precedence over system availability. What should the financial institution set as the failure mode configuration for this security control device?

The security control device should be configured to fail-closed.

A tech startup develops a unique algorithm that provides a significant competitive edge in the market. To maintain this edge, the startup needs to ensure the highest level of protection for this information. How should this startup categorize and handle this unique algorithm?

The startup should categorize the algorithm as a trade secret and protect it using non-disclosure agreements


Related study sets

CFA 48: Overview of Equity Securities FIN3013

View Set

Research Methods Study Questions

View Set