Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?
A warm site offers a balance between cost and functionality, providing essential hardware and internet access but not fully operational systems.
Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?
Infrastructure as Code centralizes configuration in version-controlled code, ensuring environments are consistent, repeatable, and auditable. This reduces configuration drift and enables automated security checks before deployment.
Which of the following would be the best way to test resiliency in the event of a primary power failure?
A production failover simulates an actual switch to backup power and systems to test resiliency in real-world conditions.
A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?
Virtualization allows multiple virtual machines to run on a single physical server, reducing the need for more physical hardware.
Which of the following would most likely mitigate the impact of an extended power outage on a company's environment?
A hot site provides a fully operational backup location with power, infrastructure, and resources, allowing the company to continue operations during an extended power outage.
An organization decides that most employees will work remotely. The existing VPN solution does not have adequate bandwidth, and the content filtering proxy is on premises. Which of the following strategies will enable the business to securely achieve its objective while also being prepared to quickly scale for growth?
Integrating with a Secure Access Service Edge (SASE) platform moves security enforcement to the cloud, providing scalable bandwidth and inline filtering. Deploying agents on remote laptops ensures policy enforcement without backhauling traffic through on-premises proxies.
A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the administrator to implement?
IPSec is used to secure data transmission by encrypting network traffic, making it ideal for protecting communication within a private cloud.
An organization purchased a critical business application containing sensitive data. The organization would like to ensure that the application is not exploited by common data exfiltration attacks. Which of the following approaches would best help to fulfill this requirement?
A Web Application Firewall (WAF) inspects and filters HTTP(s) traffic to block malicious payloads and thwart data exfiltration attempts. By enforcing rules at the web layer, it prevents attackers from exploiting application interfaces to steal sensitive data.
Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?
Data sovereignty refers to the principle that data stored in another country remains subject to the originating country's laws. This is a common concern in cloud computing.
A security analyst is investigating an incident in which a workstation was redirecting users to malicious websites. The analyst determined that the hosts file was modified to include mapping to malicious URLs. Which of the following logs should the analyst use to confirm that the file was modified?
Endpoint logs track system activities on individual devices, including modifications to files such as the hosts file.
A security analyst notices an increase in port scans on the edge of the corporate network. Which of the following logs should the analyst check to obtain the attacker's source IP address?
Firewall logs capture incoming connection attempts and include source IPs. Reviewing them pinpoints scanning activity and attacker location.
An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?
Containers allow applications to run with their dependencies in isolated environments, reducing the need for patches on operating systems.
A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?
IPSec is commonly used for establishing encrypted tunnels in VPNs.
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
The correct ACL allows DNS traffic only from the IP address 10.50.10.25 and denies it from all other devices.
Which of the following is a possible consequence of a VM escape?
VM escape allows code running inside a virtual machine to break out and interact with the hypervisor. Once the hypervisor is compromised, the attacker may control or manipulate other guest VMs. This undermines the isolation guaranteed by virtualization technologies.
Quiz Complete!
Domain 3: Security Architecture