Lesson 6 Review Questions Flashcards
(14 cards)
Upon learning that the organization is looking to enhance network security solutions for the corporate office, a software technician explores the benefits of deploying a Zero Trust Architecture (ZTA). What is not a key benefit of using a ZTA?
A. Greater security
B. Better access controls
C. Decreased granularity
D. Improved governance and compliance
C. Decreased granularity
To the contrary of decreased granularity, a key benefit of deploying ZTA is to have increased granularity, as it grants users access to what they need when they need it.
The Chief Information Security Officer (CISO) for a regional textile company tasks a cyber team with reviewing the security implications on available cloud architecture models as the business anticipates transitioning to a cloud environment within the next year. What model offers the highest level of security and allows the individual customer to have complete control over the infrastructure?
A. Multi-tenant architecture
B. Hybrid architecture
C. Single-tenant architecture
D. Serverless architecture
C. Single-tenant architecture
In this scenario, a single-tenant architecture provides dedicated infrastructure to a single customer, ensuring that only the customer can access the infrastructure. This model offers the highest level of security as the customer has complete control of the infrastructure.
A network architect at a global financial institution overhauls the company’s on-premises network to enhance security and reduce the attack surface. To accomplish this, the architect assesses various architecture models and their respective impact on the on-premises network’s security implications. While redesigning the on-premises network, which architecture derivative/model could effectively decrease the attack surface?
A. Centralized architecture
B. Peer-to-peer network
C. Content delivery networks
D. Hybrid cloud
A. Centralized architecture
Centralized computing architecture refers to a model where all data processing and storage is performed in a single location, typically a central server. That can help minimize threat vectors.
A research team of an aerospace organization wants to purchase an operating system (OS), that is commonly used in the aerospace industry and can assist in prioritizing deterministic execution of operations to ensure consistent responses are received for time-critical tasks. What type of OS should the research team purchase?
A. SCADA
B. ICS
C. ZTA
D. RTOS
D. RTOS
For this scenario, the purchase of a Real-Time Operation System (RTOS) would be most appropriate as it can assist in prioritizing deterministic execution of operations to ensure consistent response are received for time-critical tasks.
The network security engineer at a multinational company is preparing to introduce a new network infrastructure model. The company’s objective is to minimize the attack surface by implementing effective port security measures. To accomplish this, the engineer is evaluating the security implications of various architecture models and their compatibility with port security measures. Since the network security engineer plans to deploy port security to minimize the attack surface, which architecture model can BEST assist in supporting and enhancing the effectiveness of port security?
A. Peer-to-peer model
B. Client-server model
C. Hybrid model
D. Three-tier model
B. Client-server model
The client-server model can enhance the effectiveness of port security as it has centralized servers, making it easier to monitor and manage port security.
A software engineer reviews the use of SCADA applications associated with various industries. What sector of industry refers specifically to mining and refining raw materials, involving hazardous high heat and pressure furnaces?
A. Energy
B. Fabrication
C. Facilities
D. Industrial
D. Industrial
The industrial sector can refer specifically to mining and refining raw materials involving hazardous high heat and pressure furnaces, presses, centrifuges, and pumps.
To improve security, the security team at a growing tech company aims to update its infrastructure. They explore different architecture models and ponder the implications of logical segmentation. To curb lateral movement within the network (in case an intruder accesses one segment), the team plans to split the network into smaller, isolated segments, each boasting its own resources and security controls. Considering this strategy to boost security, which architecture model would optimally support the logical segmentation strategy?
A. Client-server model
B. Peer-to-peer model
C. Hybrid model
D. Monolithic model
A. Client-server model
The client-server model best supports logical segmentation. In this model, clients request services, and servers provide those services. This model is more suitable for segmentation as each segment can have its own server that manages its resources and security controls.
In exploring the tenets of Zero Trust Architecture, a cyber consultant reviews its various benefits and components to determine how the solution can help the company. What components are associated with ZTA? (Select the two best options.)
A. Better access controls
B. Cloud security
C. Improved governance and compliance
D. Data protection
B. Cloud security
D. Data protection
Cloud security is a component of ZTA that manages access to cloud-based applications, services, and data.
Data protection is a component of ZTA that controls and secures access to sensitive data, including encryption and auditing.
The IT department of a medium-sized enterprise is reviewing its network architecture with a focus on increasing security and efficiency. The organization currently uses a flat network model, but the security team has proposed implementing Virtual Local Area Networks (VLANs) to compartmentalize traffic and minimize potential attack surfaces. The team’s goal is to limit lateral movement between network devices and enforce a principle of least privilege across the network. Considering this security improvement initiative, what is a major benefit of integrating VLANs into the existing network architecture from a security standpoint?
A. Enhancing bandwidth efficiency and speed
B. Isolating network traffic and reducing the potential attack surface
C. Improving scalability by adding more devices to the network
D. Providing an alternative for physical cabling and switches
B. Isolating network traffic and reducing the potential attack surface
VLANs isolate network traffic and reduce the potential attack surface, enabling the logical segmentation of networks into isolated broadcast domains. As a result, they limit lateral movement and reduce the potential attack surface.
An organization’s security officer is actively developing a new data protection strategy. The plan aims to fortify the integrity of data stored on the company’s servers to uphold the confidentiality, integrity, and availability (CIA) triad principles. In this development process, which data protection method should the security officer primarily implement to ensure the accuracy and consistency of data over its entire life cycle, according to the principles of the CIA triad, particularly focusing on enhancing the “integrity” aspect?
A. User access controls
B. Data backup
C. Checksum verification
D. Data encryption
C. Checksum verification
Checksum verification not only assures the “Integrity” aspect of the CIA triad but also significantly bolsters data integrity by minimizing the risk of data corruption.
Following a recent insider threat breach, a network engineer reviews the company’s Zero Trust architecture policy to ensure all aspects are accurate and aspects of the control and data planes are implemented correctly. What statements are TRUE regarding the control plane of the Zero Trust architecture? (Select the two best options.)
A. It establishes sessions for secure information transfers.
B. In this plane, a subject uses a system to make requests for a given resource.
C. It manages policies that dictate how users and devices are authorized to access network resources.
D. It is implemented through a centralized policy decision point.
C. It manages policies that dictate how users and devices are authorized to access network resources.
D. It is implemented through a centralized policy decision point.
One aspect of the control plane is that it manages policies that dictate how users and devices are authorized to access network resources.
The control plane is implemented through a centralized policy decision point. The policy decision point is comprised of two subsystems: the policy engine and the policy administrator.
A cybersecurity analyst at a large corporation is assessing the security implications of transitioning to a hybrid model that incorporates both traditional network and cloud architectures. The corporation aims to leverage the advantages of both architectures while minimizing potential vulnerabilities. The analyst needs to understand the distinctive characteristics of each model to manage risks effectively. Given the differences in the architecture models, which statements correctly describe unique features related to the security implications of each model? (Select the two best options.)
A. Cloud architectures actively delegate security tasks between cloud service providers and customers, creating a shared responsibility model.
B. Traditional network architectures inherently prioritize data encryption during transit more than cloud architectures.
C. Physical device security and controlled access gain heightened importance in traditional network architectures due to onsite storage of devices.
D. Cloud architectures solely depend on customers to manage the physical hardware and its security.
A. Cloud architectures actively delegate security tasks between cloud service providers and customers, creating a shared responsibility model.
C. Physical device security and controlled access gain heightened importance in traditional network architectures due to onsite storage of devices.
One of the defining features of cloud architectures is the shared responsibility model, where both the cloud service provider and the customer have specific, delineated security roles.
In traditional architectures, with physical devices often stored onsite, there is a critical need to ensure robust physical access controls to prevent unauthorized interventions.
A network engineer reviews the security implications tied to cloud architecture models as the company plans to move data off-premises at the end of the year. What model provides flexibility by allowing the company to store sensitive data to a private cloud infrastructure and non-sensitive information on a public cloud infrastructure?
A. Multi-tenant architecture
B. Serverless architecture
C. Single-tenant architecture
D. Hybrid architecture
D. Hybrid architecture
In this scenario, a hybrid architecture provides greater flexibility and control over sensitive data and applications, allowing customers to store data on private cloud infrastructure while using public cloud infrastructure for less sensitive workloads.
The IT department of an organization is preparing to implement new access control measures to enhance the security of its network. The IT team has studied various access control models and is assessing the potential applicability to their needs. Which access control models should the IT team consider if they want to implement access controls based on user roles and security classifications of information? (Select the two best options.)
A. Discretionary access control
B. Mandatory access control
C. Role-based access control
D. Rule-based access control
B. Mandatory access control
C. Role-based access control
In the mandatory access control (MAC) model, the system grants access rights by examining the security classifications assigned to information and the clearances associated with the user. This model focuses on information confidentiality and classification, providing robust control over information flow.
The role-based access control model assigns access rights based on user roles within the system. These roles reflect the user’s responsibilities and authority in the system.
