Domain 3, Quiz 1 Flashcards
What is the primary advantage of Infrastructure as Code (IaC)?
a.Ease of deployment and scalability.
b.It reduces the cost of physical infrastructure.
c. It replaces the need for cloud solutions.
d.It provides a real-time operating system.
Ease of deployment and scalability.
IaC (Infrastructure as Code) allows for automated, consistent, and repeatable deployments, making scaling and deploying infrastructure easier.
An organization is looking to reduce its physical infrastructure footprint. Which model should they consider?
a.Centralized network infrastructure.
b.Embedded systems.
c.Air-gapped systems.
d.Serverless architecture.
Serverless architecture.
Serverless computing allows developers to build and run applications without considering servers. It reduces the need for a large physical infrastructure footprint.
What is the primary goal of software-defined networking (SDN)?
a. Reduce power consumption.
b. Provide real-time operating capabilities.
c. Ensure high availability.
d. Logical segmentation and management of network resources.
Logical segmentation and management of network resources.
SDN allows dynamic, programmatically created network configurations, enabling logical segmentation and efficient resource management.
What is the primary concern when dealing with IoT (Internet of Things) devices in an enterprise network?
a. Ease of deployment.
b. Patch availability and inability to patch.
c. Cost.
d. Scalability.
Patch availability and inability to patch.
IoT (Internet of Things) devices often have limited or no options for patching, leading to potential vulnerabilities.
In the context of a network’s attack surface, what does device placement primarily influence?
a.Responsiveness of microservices.
b.Scalability of the network.
c. Device power consumption.
d.Exposure to potential threats.
Exposure to potential threats.
Proper device placement can minimize exposure to threats by ensuring devices are not exposed to public networks unnecessarily.
A company wants to ensure that if its intrusion detection system (IDS) fails, it does not prevent the flow of traffic. Which mode should they configure it in?
a. Fail-closed.
b. Tap/Monitor.
c. Inline.
d. Fail-open.
Fail-open.
Fail-open ensures that if the IDS fails, it will not stop the flow of traffic.
What is the primary purpose of a Web Application Firewall (WAF)?
a. Provide VPN connectivity.
b. Intrusion detection on a network level.
c. Protect web applications by filtering and monitoring HTTP traffic.
d. Monitor and balance traffic loads.
Protect web applications by filtering and monitoring HTTP traffic.
WAFs specifically protect web apps from various attacks by inspecting web traffic.
Which protocol is predominantly used to secure VPN connections by providing encrypted transport mode capabilities?
a.802.1X.
b.EAP.
c.Layer 4.
d. Internet protocol security (IPSec).
Internet protocol security (IPSec).
IPSec can be used to secure Internet Protocol communication by authenticating and encrypting each IP packet.
Which of the following describes a responsibility matrix in cloud security?
a. A definition of organizational roles and responsibilities in cloud environments.
b. A documentation specifying the uptime of cloud services.
c. A network diagram showcasing cloud architecture.
d. A tool used to measure the performance of cloud resources.
A definition of organizational roles and responsibilities in cloud environments.
A responsibility matrix clarifies what the organization and the cloud provider are responsible for regarding security and management.
What security consideration is paramount for air-gapped systems?
a.Cost.
b.Physical isolation.
c.Scalability.
d. Responsiveness.
Physical isolation.
Air-gapped systems are physically isolated from other networks to prevent unauthorized access and data breaches.
Which of the following best describes containerization in security architecture?
a. A method to physically isolate a network.
b. Packaging an application with its dependencies, libraries, and binaries in a single unit.
c. An approach to decentralize network resources.
d. Embedding systems within larger systems for specific functions.
Packaging an application with its dependencies, libraries, and binaries in a single unit.
Containerization ensures that the application will run uniformly across different environments by bundling it with all its requirements.
In terms of enterprise infrastructure security, why is the placement of a jump server crucial?
a.To balance network loads.
b. To encrypt web traffic.
c.To detect intrusions in the network.
d. To manage secure administrative access and act as an intermediary.
To manage secure administrative access and act as an intermediary.
Jump servers provide a controlled means of accessing another network segment, often used for administrative tasks.
Which of the following security zones is most likely to house publicly accessible services like a web server?
a. Demilitarized zone (DMZ).
b. Intrusion detection zone.
c. Restricted zone.
d. Management zone.
Demilitarized zone (DMZ).
DMZ is a perimeter network segment that sits between an internal network and an external network, designed to house publicly accessible services.
Why are Layer 7 firewalls considered more advanced than Layer 4 firewalls?
a. They operate at the hardware level.
b. They inspect the actual content of data packets.
c. They only focus on transport layer security.
d. They are restricted to physical firewall appliances
They inspect the actual content of data packets.
Layer 7 firewalls operate at the application layer, allowing them to inspect, recognize, and act upon actual data payload.
Why is a unified threat management (UTM) system advantageous for a small business?
a.It acts as an intermediary system for administrators.
b. It segments network traffic based on application content.
c. It provides containerization for applications.
d. It combines multiple security features and services in one solution.
It combines multiple security features and services in one solution.
UTMs are all-in-one security solutions combining firewall, anti-virus, and other security technologies, providing cost-effective security for small businesses.
