Posted inCybersecurity

Domain 2 – Architecture and Design

https://www.udemy.com/course/comptia-security-601-practice-exam-domain-1-5/learn/quiz/6099064#overview

Domain 2 – Architecture and Design – Results

Back to result overview

Attempt 1

All domains

  • 50 all
  • 0 correct
  • 0 incorrect
  • 50
  • 0 marked

Collapse all questions

Question 1

What architecture is designed to protect against distributed denial-of-service (DDoS) attacks by routing traffic through a filtering service to scrub malicious traffic before it reaches the target network?

DMZ (Demilitarized Zone)

Proxy server

Intrusion Detection System (IDS)

Correct answer

Reverse proxy

Overall explanation

D) A reverse proxy architecture routes incoming traffic through a filtering service to scrub malicious traffic before it reaches the target network, providing protection against DDoS attacks.

Incorrect answers:

A) DMZ is a network segment used to host publicly accessible resources, not a traffic filtering architecture.

B)  A proxy server can provide security and anonymity, but it does not directly mitigate DDoS attacks.

C) IDS is used for detecting and analyzing suspicious activities, not for traffic scrubbing.

Question 2

In the context of architecture and design, which principle advocates the use of multiple security layers to protect against a variety of threats and vulnerabilities?

Single sign-on

Least privilege

Correct answer

Defense in depth

Role-based access control

Overall explanation

C) The principle of defense in depth involves implementing multiple security layers, each providing a unique line of defense, to protect against a wide range of threats and vulnerabilities.

Incorrect answers:

A) Single sign-on simplifies user authentication but is not a principle related to layered security.

B) Least privilege is about minimizing user access rights, not layering security defenses.

D) Role-based access control defines user permissions but is not a principle related to layered security.

Question 3

What architectural principle suggests that an organization should employ multiple, diverse security solutions rather than relying on a single security measure to protect against threats?

Security through obscurity

Correct answer

Vendor diversity

Vendor reliance

Security by design

Overall explanation

B) Vendor diversity suggests that an organization should use security solutions from different vendors to reduce reliance on a single vendor and enhance security resilience.

Incorrect answers:

A) Security through obscurity relies on keeping security mechanisms hidden, not on diversity.

C) This is not a recognized architectural principle in security design.

D) Security by design is about integrating security from the outset, not about using multiple vendors.

Question 4

What architectural component is responsible for maintaining a list of authorized devices on a network and ensuring that only authorized devices can access network resources?

Firewall

Intrusion Detection System (IDS)

Correct answer

Network Access Control (NAC)

Router

Overall explanation

C) Network Access Control (NAC) is responsible for maintaining a list of authorized devices and enforcing network access policies to ensure only authorized devices can access network resources.

Incorrect answers:

A) Firewalls control the flow of traffic between networks but do not manage device authorization.

B) IDS is used to detect and alert on suspicious activities but does not manage device authorization.

D) Routers direct traffic between networks but do not specifically manage device authorization as NAC does.

Question 5

In the context of network architecture, what is the purpose of a demilitarized zone (DMZ)?

To host sensitive data and internal applications

To isolate internal networks from external networks

Correct answer

To provide a buffer zone between the internet and an internal network

To secure the network perimeter through strong encryption

Overall explanation

C) To provide a buffer zone between the internet and an internal network A DMZ is a network segment that acts as a buffer zone between the internet and an internal network, hosting resources that need to be accessible from the internet while keeping the internal network protected.

Incorrect answers:

A) To host sensitive data and internal applications: DMZ is not for hosting sensitive data or internal applications.

B) To isolate internal networks from external networks: Network segmentation is used for network isolation, not DMZ.

D) To secure the network perimeter through strong encryption: While encryption may be used, DMZ’s primary purpose is not encryption.

Question 6

Which architectural component plays a critical role in enforcing security policies by examining and filtering network traffic based on predefined rules and policies?

Intrusion Detection System (IDS)

Router

Proxy server

Correct answer

Firewall

Overall explanation

D) A firewall is an architectural component responsible for examining and filtering network traffic based on predefined rules and policies to enforce security.

Incorrect answers:

A) Intrusion Detection System (IDS): IDS detects and alerts on suspicious activities but does not filter traffic like a firewall.

B) Routers direct traffic between networks but do not provide the same level of traffic filtering as firewalls.

C) Proxy servers are intermediaries between clients and servers, often used for caching and security, but they do not directly filter traffic like firewalls.

Question 7

What component is responsible for directing traffic between different network segments and enforcing access controls based on network policies?

Intrusion Detection System (IDS)

Network Access Control (NAC)

Correct answer

Router

Proxy server

Overall explanation

C) Routers are responsible for directing traffic between different network segments and enforcing access controls based on network policies.

Incorrect answers:

A) IDS detects and alerts on suspicious activities but is not responsible for traffic routing.

B) NAC enforces access policies but is not primarily involved in routing traffic.

D) Proxy servers act as intermediaries between clients and servers, often used for caching and security, but they do not route traffic between network segments.

Question 8

An organization is designing a system that will allow users to access multiple applications and resources using a single set of credentials. Which architectural concept is being implemented in this scenario?

Correct answer

Single sign-on (SSO)

Role-based access control (RBAC)

Least privilege

Security by design

Overall explanation

A) Single sign-on (SSO) is an architectural concept that allows users to access multiple applications and resources with a single set of credentials.

Incorrect answers:

B) RBAC defines user permissions based on their roles, but it is not about using a single set of credentials.

C) Least privilege pertains to limiting user access rights, not SSO.

D) Security by design is about integrating security from the outset, not about user authentication.

Question 9

In a cloud-based architecture, what security principle ensures that data remains confidential and protected even if it is stored in a shared, multi-tenant environment?

Correct answer

Data isolation

Data integrity

Least privilege

Security by design

Overall explanation

A) Data isolation is a security principle in a shared, multi-tenant cloud environment that ensures data from one tenant is kept separate and inaccessible to other tenants, maintaining data confidentiality.

Incorrect answers:

B) Data integrity focuses on ensuring data remains accurate and protected but does not address isolation in multi-tenant environments.

C) Least privilege pertains to limiting user access rights, not data isolation.

D) Security by design is about integrating security from the outset, not specifically data isolation in cloud environments.

Question 10

An organization is designing its network architecture with the goal of ensuring that critical systems are protected and available even during a cyberattack. Which architectural principle is the organization primarily focused on?

Correct answer

Availability

Authentication

Authorization

Accountability

Overall explanation

A) Ensuring that critical systems are protected and available even during a cyberattack is primarily a focus on the architectural principle of availability.

Incorrect answers:

B) Authentication is about verifying the identity of users or systems, not about system availability.

C) Authorization relates to granting or denying access to resources based on permissions, not system availability.

D) Accountability is about tracking and auditing actions for auditing and compliance, not about system availability.

Question 11

In a cloud-based infrastructure, which architectural component is responsible for scaling resources automatically based on demand and optimizing costs by only using resources when necessary?

Load balancer

Virtual Private Network (VPN)

Elastic Load Balancing (ELB)

Correct answer

Autoscaler

Overall explanation

D) Autoscaler is a cloud architecture component that scales resources automatically based on demand, optimizing costs by using resources only when needed.

Incorrect answers:

A) Load balancers distribute network traffic across multiple servers to ensure high availability and reliability.

B) VPNs are used to create secure network connections over the internet or other untrusted networks.

C) ELB is a service that automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances.

Question 12

What architectural design principle emphasizes designing and implementing security measures as an integral part of a system or application rather than as an afterthought?

Correct answer

VPN gateway

Firewall

Load balancer

Proxy server

Overall explanation

A) A VPN gateway allows external users to securely access internal resources while hiding the internal network structure from external view.

Incorrect answers:

B) Firewalls control the flow of traffic but do not typically provide VPN services.

C) Load balancers distribute network traffic but do not hide network structure.

D) Proxy servers act as intermediaries between clients and servers but do not provide VPN services.

Question 13

An organization is implementing a network architecture that requires users to provide multiple authentication factors to access sensitive systems. Which architectural principle does this represent?

Least privilege

Authentication

Authorization

Correct answer

Multifactor authentication

Overall explanation

D) Requiring users to provide multiple authentication factors is a security architecture principle known as multifactor authentication (MFA).

Incorrect answers:

A) Least privilege pertains to limiting user access rights, not the number of authentication factors.

B) Authentication is the process of verifying a user’s identity, but it doesn’t inherently involve multiple factors.

C) Authorization is about granting or denying access based on permissions, not authentication factors.

Question 14

An organization is planning to implement a secure architecture that minimizes the attack surface and allows only necessary services and ports to be accessible. Which architectural principle does this strategy align with?

Network segmentation

Least privilege

Service-oriented architecture (SOA)

Correct answer

Principle of least common mechanism

Overall explanation

D) The principle of least common mechanism emphasizes minimizing the attack surface by providing only the necessary services and ports, reducing potential vulnerabilities.

Incorrect answers:

A) Network segmentation involves dividing a network to enhance security but is not specifically related to the principle of least common mechanism.

B) Least privilege pertains to user access rights, not the attack surface.

C) SOA is an architectural approach for building and delivering services, not an architectural security principle.

Question 15

An organization is designing a network architecture that incorporates redundancy to ensure high availability. Which is the primarily responsible for providing redundancy?

Intrusion Detection System (IDS)

Load balancer

Correct answer

Failover cluster

Proxy server

Overall explanation

C) A failover cluster is a component responsible for providing redundancy and high availability in a network architecture by allowing for seamless service migration in the event of a failure.

Incorrect answers:

A) IDS is used for detecting and alerting on suspicious activities but does not provide redundancy.

B) Load balancers distribute network traffic but do not inherently provide redundancy.

D) Proxy servers act as intermediaries between clients and servers but are not primarily responsible for redundancy.

Question 16

An organization is planning to implement a network architecture that uses encryption to protect data in transit. Which architectural principle does this align with?

Data isolation

Data integrity

Data classification

Correct answer

Data confidentiality

Overall explanation

D) Using encryption to protect data in transit is aligned with the architectural principle of data confidentiality, which ensures that data is kept confidential and protected from unauthorized access during transmission.

Incorrect answers:

A) Data isolation involves separating data to prevent unauthorized access, but it is not specifically related to encryption in transit.

B) Data integrity focuses on ensuring data remains accurate and protected but does not specifically relate to encryption.

C) Data classification involves categorizing data based on its importance or sensitivity, not encryption.

Question 17

A large healthcare organization is planning to implement a new network architecture to ensure the security and privacy of patient records. Which architectural component is crucial for this scenario, providing secure and audited access to patient data for authorized healthcare professionals while protecting against unauthorized access?

Single sign-on (SSO)

Correct answer

Role-based access control (RBAC)

Intrusion Prevention System (IPS)

Data encryption

Overall explanation

B) In a healthcare organization, RBAC is crucial for ensuring secure and audited access to patient data by assigning permissions based on user roles, allowing authorized healthcare professionals access while protecting against unauthorized access.

Incorrect answers:

A) SSO simplifies user authentication but is not directly related to access control.

C) IPS is designed to detect and prevent malicious activities, not control access to data.

D) Data encryption is essential for data protection but does not directly manage access control.

Question 18

A financial institution is designing its network architecture to ensure that customer data is securely transmitted and stored. The design must address encryption for data in transit and at rest, robust authentication, and access control. Which architectural component is essential for this scenario?

Intrusion Prevention System (IPS)

Firewall

Correct answer

Data encryption

Network segmentation

Overall explanation

C) Data encryption is essential for ensuring the secure transmission and storage of customer data, addressing the requirements for encryption for data in transit and at rest, and providing confidentiality and data protection.

Incorrect answers:

A) IPS is designed to detect and prevent malicious activities but is not primarily focused on data encryption.

B) Firewalls control the flow of traffic but do not directly provide data encryption.

D) Network segmentation involves dividing a network to enhance security but does not inherently address data encryption.

Question 19

An e-commerce company is planning to implement a highly available architecture for its online store. The design should ensure minimal downtime, even during system maintenance and updates. What architectural component is crucial for this scenario?

Correct answer

Load balancer

Disaster recovery plan

Intrusion Prevention System (IPS)

Single sign-on (SSO)

Overall explanation

A) In this scenario, a load balancer is crucial for ensuring high availability by distributing incoming traffic across multiple servers and reducing downtime during maintenance and updates.

Incorrect answers:

B) A disaster recovery plan is important for data backup and recovery but is not directly related to minimizing downtime during maintenance.

C) IPS detects and prevents malicious activities but is not primarily focused on system availability.

D) SSO simplifies user authentication but does not inherently provide high availability.

Question 20

What is a characteristic of cloud computing that enables users to access computing resources on-demand and from anywhere with an internet connection?

Network segmentation

Correct answer

Scalability

Geofencing

Redundancy

Overall explanation

B) Scalability is a characteristic of cloud computing that enables users to access computing resources on-demand and from anywhere with an internet connection, allowing for the easy expansion or reduction of resources as needed.

Incorrect answers:

A) Network segmentation: Network segmentation is not directly related to accessing resources on-demand.

C) Geofencing: Geofencing is a technology used to define geographic boundaries, not a characteristic of cloud computing.

D) Redundancy: Redundancy provides fault tolerance but is not the primary characteristic for accessing resources on-demand.

Question 21

In a virtualized environment, what is the term for the software or firmware that manages the hardware and creates virtual machines (VMs)?

Correct answer

Hypervisor

Router

Switch

Firewall

Overall explanation

A) A hypervisor is the software or firmware that manages the hardware and creates virtual machines (VMs) in a virtualized environment.

Incorrect answers:

B) A router directs network traffic but is not the component that manages virtualization.

C) A switch connects devices in a network but is not the component responsible for virtualization.

D) A firewall enforces network security policies but is not the component that manages virtualization.

Question 22

What is a key benefit of cloud computing in disaster recovery planning?

Increased physical hardware requirements

Reduced data backup and redundancy

Correct answer

Cost-effective and scalable offsite storage

Decreased reliance on encryption and authentication

Overall explanation

C) Cost-effective and scalable offsite storage

Incorrect answers:

A) Increased physical hardware requirements: Cloud computing can reduce the need for physical hardware, not increase it.

B) Reduced data backup and redundancy: Cloud computing often enhances data backup and redundancy, rather than reducing it.

D) Decreased reliance on encryption and authentication: Cloud computing does not decrease the reliance on encryption and authentication for security.

Question 23

In the context of application development and deployment, what is the primary purpose of DevOps?

Ensuring data confidentiality and integrity

Correct answer

Automating the software development and deployment process

Implementing access control and identity management

Monitoring network traffic for anomalies

Overall explanation

B) Automating the software development and deployment process The primary purpose of DevOps in application development and deployment is to automate and streamline the software development and deployment process, enabling faster and more reliable releases.

Incorrect answers:

A) Ensuring data confidentiality and integrity: While security is important, DevOps is primarily focused on automation, not data confidentiality and integrity.

C) Implementing access control and identity management: Access control and identity management are important but not the primary purpose of DevOps.

D) Monitoring network traffic for anomalies: Monitoring network traffic for anomalies is a security measure but not the primary purpose of DevOps.

Question 24

Which software development methodology places a strong emphasis on customer collaboration, responding to change, and delivering working software frequently and iteratively?

Correct answer

Agile

Waterfall

Scrum

Six Sigma

Overall explanation

A) The Agile methodology places a strong emphasis on customer collaboration, responding to change, and delivering working software frequently and iteratively.

Incorrect answers:

B) Waterfall is a traditional sequential methodology and does not emphasize the same principles as Agile.

C) Scrum is an Agile framework for managing work, but it is not a methodology in itself.

D) Six Sigma is a methodology focused on process improvement and reducing defects, but it is not directly related to Agile software development.

Question 25

What is the primary purpose of a RADIUS (Remote Authentication Dial-In User Service) server?

Ensuring data confidentiality and integrity

Correct answer

Centralizing user authentication and authorization

Protecting against malware and viruses

Monitoring network traffic for anomalies

Overall explanation

B) Centralizing user authentication and authorization The primary purpose of a RADIUS server is to centralize user authentication and authorization, providing a single point for managing access to network resources.

Incorrect answers:

A) Ensuring data confidentiality and integrity: While important, data confidentiality and integrity are not the primary purpose of RADIUS.

C) Protecting against malware and viruses: Protection against malware and viruses is a different security function.

D) Monitoring network traffic for anomalies: Monitoring network traffic is not the primary role of RADIUS.

Question 26

Which of the following is a commonly used mechanism for multi-factor authentication (MFA) in network design?

Username and password

Correct answer

Biometric authentication

Single sign-on (SSO)

MAC address filtering

Overall explanation

B) Biometric authentication, such as fingerprint or facial recognition, is a commonly used mechanism for one of the factors in multi-factor authentication (MFA).

Incorrect answers:

A) Username and password: While a common authentication method, it represents a single factor, not multi-factor authentication.

C) Single sign-on (SSO): SSO simplifies user authentication but is not a form of MFA.

D) MAC address filtering: MAC address filtering is a security mechanism but is not typically part of MFA.

Question 27

In a large healthcare organization, there is a need to ensure that only authorized personnel have access to patients’ electronic health records (EHR). What type of authentication and authorization mechanism would be most suitable for this scenario, considering the sensitivity of patient data?

Single-factor authentication using username and password

Correct answer

Multi-factor authentication (MFA) requiring a password and fingerprint scan

Using open access for better collaboration among staff

Implementing MAC address filtering for all devices

Overall explanation

B) Given the sensitivity of patient EHR data, a robust authentication method like MFA with both a password and biometric authentication (fingerprint scan) would be most suitable to ensure only authorized personnel have access.

Incorrect answers:

A) Single-factor authentication using username and password: Single-factor authentication is less secure for sensitive health data.

C) Using open access for better collaboration among staff: Open access does not provide adequate security for patient EHR data.

D) Implementing MAC address filtering for all devices: MAC address filtering is insufficient for securing access to sensitive data.

Question 28

A financial institution has implemented a role-based access control (RBAC) system for its employees. Employees in different roles have varying levels of access to financial data and transactions. What is the primary benefit of this RBAC system?

Simplifying user authentication

Enhancing data encryption

Correct answer

Restricting user access based on job responsibilities

Accelerating network performance

Overall explanation

C) The primary benefit of the RBAC system in this financial institution is that it restricts user access based on job responsibilities, providing granular control over who can access sensitive financial data.

Incorrect answers:

A) Simplifying user authentication: RBAC primarily focuses on access control, not authentication.

B) Enhancing data encryption: Data encryption is essential but is not the primary benefit of RBAC.

D) Accelerating network performance: Network performance improvements are not the primary goal of RBAC.

Question 29

A university wants to provide secure access to its Wi-Fi network for students and staff. They also want to track user activities and restrict unauthorized devices. Which authentication and authorization technology is most appropriate for achieving these goals?

Using an open network for ease of access

Implementing WPA3 for Wi-Fi encryption

Correct answer

Leveraging a RADIUS server for user authentication and MAC address filtering for device control

Enforcing strong password policies

Overall explanation

C) To achieve secure access, user tracking, and device restriction, a combination of RADIUS server for user authentication and MAC address filtering for device control would be most appropriate.

Incorrect answers:

A) An open network does not provide the necessary security and control.

B) While important for encryption, it does not address user tracking and device control.

D) Strong password policies alone do not provide the desired device control.

Question 30

A small startup company is designing its network infrastructure. They want to minimize costs and simplify network management while ensuring security. Which network architecture is a cost-effective and simple solution for this startup?

A complex hierarchical network architecture

A peer-to-peer network architecture

Correct answer

A cloud-based network architecture

A star network architecture

Overall explanation

C) For a small startup looking to minimize costs and simplify network management, a cloud-based network architecture is a cost-effective and simple solution. Cloud services offer scalability, reduced hardware costs, and centralized management.

Incorrect answers:

A) A complex hierarchical network architecture: Complex hierarchical architectures may be overkill for a small startup.

B) A peer-to-peer network architecture: Peer-to-peer networks can be simple but may not provide the desired scalability.

D) A star network architecture: While simple, a star network may not offer the scalability and flexibility of cloud-based solutions.

Question 31

Which cryptographic concept involves the use of two keys, one for encryption and another for decryption?

Digital signatures

Symmetric encryption

Correct answer

Asymmetric encryption

Hash functions

Overall explanation

C) Asymmetric encryption involves the use of two keys, a public key for encryption and a private key for decryption, ensuring secure communication and data protection.

Incorrect answers:

A) Digital signatures use asymmetric encryption but serve a different purpose.

B) Symmetric encryption uses a single key for both encryption and decryption.

D) Hash functions are used for data integrity and not encryption.

Question 32

An online banking platform wants to secure user logins and transactions. What cryptographic concept is typically used to provide secure authentication and data confidentiality

Hash functions

Digital certificates

Multi-factor authentication (MFA)

Correct answer

Transport Layer Security (TLS)

Overall explanation

D) In the context of securing online banking platforms, Transport Layer Security (TLS) is typically used to provide secure authentication and data confidentiality for user logins and transactions.

Incorrect answers:

A) Hash functions are used for data integrity and not user authentication.

B) Digital certificates are part of TLS but are not the primary mechanism for secure authentication.

C) MFA enhances authentication but is not the primary cryptographic concept for securing communication.

Question 33

A government agency needs to securely transmit classified documents over a public network. What cryptographic concept is best suited?

Correct answer

Virtual Private Network (VPN)

Public key infrastructure (PKI)

Symmetric encryption

Blockchain technology

Overall explanation

A) Virtual Private Network (VPN) is an appropriate cryptographic concept to create an encrypted and private communication channel.

Incorrect answers:

B) PKI is essential for secure communication but may not provide the same level of confidentiality as a VPN.

C) Symmetric encryption can provide confidentiality but may not offer the network-level security provided by a VPN.

D) Blockchain technology is not typically used for document transmission but for distributed ledgers.

Question 34

Why is it important to implement surveillance cameras and access logs in a facility’s entry and exit points?

To track employee attendance

Correct answer

To deter unauthorized access and monitor security breaches

To improve network performance

To enhance document security

Overall explanation

B) Implementing surveillance cameras and access logs in entry and exit points is important to deter unauthorized access and monitor security breaches, enhancing physical security.

Incorrect answers:

A) To track employee attendance: While this could be a secondary benefit, the primary purpose is security.

C) To improve network performance: Surveillance cameras and access logs are not related to network performance.

D) To enhance document security: This is a different aspect of security.

Question 35

What is the primary purpose of a disaster recovery plan (DRP) in an organization’s architecture and design strategy?

To prevent all disasters from occurring

Correct answer

To ensure the continuous availability of critical systems and data after a disaster

To boost network performance

To replace damaged equipment with new technology

Overall explanation

B) To ensure the continuous availability of critical systems and data after a disaster

Incorrect answers:

A) To prevent all disasters from occurring: Preventing disasters is beyond the scope of DRP.

C) To boost network performance: DRP is not primarily focused on network performance.

D) To replace damaged equipment with new technology: DRP is about recovery, not equipment replacement.

Question 36

In a corporate network, why is it essential to segment the network into different virtual LANs (VLANs)?

To increase energy efficiency

To simplify network management

To improve network performance

Correct answer

To enhance security and isolate traffic

Overall explanation

D) Segmenting the network into different virtual LANs (VLANs) is essential to enhance security and isolate traffic, reducing the risk of unauthorized access and attacks.

Incorrect answers:

A) To increase energy efficiency: VLANs primarily focus on security and network organization, not energy efficiency.

B) To simplify network management: While segmentation can aid in management, the primary goal is security.

C) To improve network performance: Network performance may benefit from proper segmentation, but it’s not the primary purpose.

Question 37

What is the primary purpose of maintaining visitor logs for a corporate facility?

To promote employee collaboration

To enhance network aesthetics

Correct answer

To track and audit the entry and exit of visitors for security and compliance purposes

To centralize data storage

Overall explanation

C) Maintaining visitor logs for a corporate facility primarily serves the purpose of tracking and auditing the entry and exit of visitors for security and compliance reasons.

Incorrect answers:

A) To promote employee collaboration: Visitor logs are not related to employee collaboration.

B) To enhance network aesthetics: Network aesthetics are unrelated to visitor logs.

D) To centralize data storage: Centralized data storage is not the primary purpose of visitor logs.

Question 38

Which backup method involves a complete backup of all selected files and folders each time it is performed?

Incremental backup

Correct answer

Full backup

Differential backup

Synthetic backup

Overall explanation

B) A full backup involves a complete backup of all selected files and folders every time it is performed.

Incorrect answers:

A) Describes an incremental backup, which only backs up changed files since the last backup.

C) Represents a differential backup, which backs up files changed since the last full backup.

D) Synthetic backup involves creating a full backup from the previous full and incremental backups.

Question 39

An online banking service sends a one-time passcode to a user’s registered mobile phone number after entering their password to complete a transaction. Which MFA factor does this scenario represent?

Something you know

Correct answer

Something you have

Something you are

Something you do

Overall explanation

B) In this scenario, receiving a one-time passcode on a registered mobile phone represents the "something you have" factor in MFA.

Incorrect answers:

A) "Something you know" factors typically involve passwords or PINs.

C) "Something you are" factors involve biometric recognition such as fingerprints or facial scans.

D) "Something you do" factors include behavioral-based authentication methods.

Question 40

A company allows access to sensitive areas based on an employee’s fingerprint scan in addition to a security badge. What MFA factor is primarily utilized in this scenario?

Something you know

Something you have

Correct answer

Something you are

Something you do

Overall explanation

C) Using an employee’s fingerprint scan in addition to a security badge for access control primarily involves the "something you are" factor in MFA.

Incorrect answers:

A) "Something you know" factors typically involve passwords or PINs.

B) "Something you have" factors often involve possession of physical tokens or one-time passcodes.

D) "Something you do" factors involve behavioral-based authentication methods.

Question 41

Which type of redundancy involves mirroring data across multiple hard drives to ensure data availability in case of drive failure?

Load balancing

Correct answer

RAID (Redundant Array of Independent Disks)

Failover clustering

Network segmentation

Overall explanation

B) RAID (Redundant Array of Independent Disks) involves mirroring data across multiple hard drives to ensure data availability in case of drive failure.

Incorrect answers:

A) Load balancing involves distributing network traffic across multiple paths to optimize resource utilization, not mirroring data.

C) Failover clustering involves switching to a standby system in case of primary system failure, not specifically mirroring data.

D) Network segmentation involves dividing a network into smaller parts for easier management and security.

Question 42

In a secure online transaction, a user verifies the authenticity of a digital document shared by a sender, ensuring the document hasn’t been altered in transit. Which cryptographic concept best describes this scenario?

Symmetric encryption

Correct answer

Digital signatures

Hashing algorithms

Key exchange

Overall explanation

B) The scenario involves the use of digital signatures to ensure the authenticity and integrity of the shared digital document.

Incorrect Answers:

A) Symmetric encryption focuses on securing data in transit but doesn’t specifically guarantee document authenticity or integrity.

C) Hashing algorithms are used for ensuring data integrity but aren’t primarily related to document authenticity verification.

D) Key exchange enables secure key sharing for encryption but isn’t directly linked to verifying document authenticity.

Question 43

An organization securely shares encrypted data with a third-party vendor, requiring both parties to generate and exchange their public keys before communication. Which cryptographic concept does this scenario illustrate?

Digital signatures

Hashing algorithms

Correct answer

Asymmetric encryption

Symmetric encryption

Overall explanation

C) The scenario involves the use of asymmetric encryption for secure data exchange with the necessity of generating and exchanging public keys before communication.

Incorrect answers:

A) Digital signatures are focused on message integrity and authenticity but are not the primary mechanism for key exchange in this scenario.

B) Hashing algorithms ensure data integrity but aren’t directly related to the exchange of public keys between parties.

D) Symmetric encryption uses shared secret keys, not public keys, for encryption and would not require key exchange before communication.

Question 44

In the event of a successful phishing attack that compromises employee credentials, what cybersecurity resilience measure could a company have in place to limit the damage caused by compromised credentials?

Correct answer

Multi-factor authentication (MFA).

Encrypting all sensitive data.

Regular employee cybersecurity training.

Deploying intrusion prevention systems.

Overall explanation

A) Implementing multi-factor authentication (MFA) could limit the damage caused by compromised credentials as it requires an additional form of verification beyond passwords.

Incorrect Answers:

B) While encrypting sensitive data is important, it does not directly address the issue of compromised credentials resulting from a phishing attack.

C) Regular employee cybersecurity training is proactive but does not immediately limit the damage once credentials have been compromised.

D) Intrusion prevention systems focus on preventing network intrusions and attacks, not specifically dealing with compromised credentials.

Question 45

After discovering vulnerabilities in critical software, what resilience measure could an organization take to address these vulnerabilities?

Deploying an intrusion detection system.

Correct answer

Implementing patch management procedures.

Conducting regular security risk assessments.

Establishing network segmentation.

Overall explanation

B) Implementing patch management procedures is a key resilience measure to address vulnerabilities by applying updates and fixes to critical software.

Incorrect Answers:

A) Intrusion detection systems monitor network traffic but do not directly address vulnerabilities within software.

C) Regular security risk assessments help identify vulnerabilities but might not directly address vulnerabilities in critical software.

D) Network segmentation enhances security but is not directly related to addressing vulnerabilities within software.

Question 46

What security principle does the use of encryption for sensitive data storage adhere to in secure application development?

Correct answer

Confidentiality

Availability

Integrity

Authentication

Overall explanation

A) The use of encryption for sensitive data storage in secure application development primarily aligns with the principle of confidentiality.

Incorrect Answers:

B) Availability refers to ensuring system accessibility and is not the primary focus of using encryption for sensitive data storage.

C) Integrity focuses on maintaining data accuracy and consistency, not specifically tied to encryption for data storage.

D) Authentication involves verifying user identity, which differs from using encryption for data storage.

Question 47

In a web application, an attacker successfully exploits a vulnerability, injecting malicious code into a form field, leading to unauthorized access to sensitive customer information. What secure application development practice could have prevented this scenario?

Correct answer

Implementing input validation and sanitization.

Regularly updating server hardware.

Enhancing user authentication protocols.

Employing content caching for faster page loads.

Overall explanation

A) Implementing input validation and sanitization could have prevented the injection of malicious code by validating and cleansing user input.

Incorrect Answers:

B) Regularly updating server hardware might improve performance but does not directly prevent unauthorized access through input vulnerabilities.

C) Enhancing user authentication protocols is essential, but it may not directly prevent injection attacks through input fields.

D) Content caching improves page load times but does not specifically prevent unauthorized access through input vulnerabilities.

Question 48

What technique involves intentionally presenting false information or systems to attackers to divert their attention from genuine assets?

Correct answer

Honeypots.

Encrypted tunnels.

Intrusion detection systems.

Multi-factor authentication.

Overall explanation

A) Honeypots involve presenting false systems or data to divert attackers’ attention from genuine assets.

Incorrect Answers:

B) Encrypted tunnels secure data transmission but are not specifically designed to divert attackers’ attention.

C) Intrusion detection systems monitor network traffic for potential threats but do not primarily involve diverting attackers’ attention.

D) Multi-factor authentication enhances security but is not primarily about diverting attackers’ attention from genuine assets.

Question 49

Which RAID level offers disk mirroring, providing data redundancy by duplicating all data on a separate drive?

RAID 0

Correct answer

RAID 1

RAID 5

RAID 10

Overall explanation

B) RAID 1 offers disk mirroring, providing data redundancy by duplicating all data on a separate drive. This redundancy ensures that if one drive fails, the data remains intact on the mirrored drive.

Incorrect Answers:

A) RAID 0 does not provide any redundancy and instead focuses on striping data across multiple disks for performance.

C) RAID 5 uses parity for data protection, but it doesn’t involve mirroring as in RAID 1.

D) RAID 10 combines mirroring (like RAID 1) and striping (like RAID 0) to provide redundancy and performance but doesn’t duplicate all data on a separate drive like RAID 1.

Question 50

Where encrypted traffic is monitored for potential threats. How does SSL/TLS inspection aid in identifying and preventing security risks in this context?

It instantly encrypts data for secure transactions.

It verifies the authenticity of the banking server.

Correct answer

It inspects and controls encrypted traffic for potential threats.

It prioritizes faster communication between different banking systems.

Overall explanation

C) SSL/TLS inspection aids in identifying and preventing security risks by inspecting and controlling encrypted traffic for potential threats, ensuring secure communication.

Incorrect answers:

A) SSL/TLS inspection doesn’t instantly encrypt data but rather inspects encrypted traffic for security threats.

B) While SSL/TLS involves verification, inspection typically focuses on monitoring encrypted traffic for threats rather than server authenticity.

D) SSL/TLS inspection primarily focuses on security rather than prioritizing communication speed between banking systems.

Tags: