COMPTIA SEC + CERTMASTER SY0-701 DOMAIN 3
ASSESSMENT
A large multinational corporation is restructuring its IT division. The corporation
defines roles, responsibilities, and levels of authority for different tasks across
various teams. What type of tool is the corporation likely to use to document
this information? - ANSWER-Responsibility matrix
A security engineer is updating the company's cyber security strategy. Which of
the following strategies is the MOST effective in reducing the company's
network attack surface? - ANSWER-Establish multiple control categories and
functions to enforce multiple layers of protection.
During an annual review, a health services company's leadership aims to
scrutinize its disaster response and data recovery protocols. They focus on
effectiveness, hidden weaknesses, and clarity of employee roles during a
disaster. Which course of action would BEST serve these objectives? - ANSWER-
Organizing tabletop exercises
A financial services company tasks its IT security team with reducing the
network's attack surface. They have segmented the network into security zones,
put port security measures in place, and physically isolated critical servers. The
IT security team wants to further reduce the risk of attack by managing traffic
flow between security zones. Which of the following measures should the team
implement? - ANSWER-Apply the principle of least privilege when defining
traffic policies between zones.
, A systems engineer must develop a design strategy for a new data center that
provides services around-the-clock, and any disruptions must resolve quickly.
Which of the following is a primary consideration in the engineer's design to
meet these requirements? - ANSWER-Ease of recovery
A multinational corporation wants to standardize and automate the setup of its
Information Technology (IT) infrastructure across various branches. This would
reduce manual setup errors and allow for quicker deployment and scaling of
resources as per demand. Which methodology should the corporation adopt to
accomplish this? - ANSWER-Infrastructure as code
A major e-commerce company is planning for a disaster recovery strategy that
balances minimal data loss, quick recovery, and budget considerations. It needs
a recovery site that does not necessitate instant recovery but restores critical
systems promptly. Which option BEST suits the company's recovery site
requirements? - ANSWER-Establishing a warm site
An organization implements a new network infrastructure and plans to use an
intrusion prevention system (IPS) for security. The IT manager wants to ensure
that the IPS will continue to let traffic flow if it fails. Which failure mode should
the IT manager configure the IPS? - ANSWER-Fail-open
A network engineer is segmenting a company's network to improve security. In
terms of routing infrastructure, which of the following strategies would the
engineer employ to segment different types of hosts attached to the same
switch? - ANSWER-Assign each host to a different virtual local area network
(VLAN).
ASSESSMENT
A large multinational corporation is restructuring its IT division. The corporation
defines roles, responsibilities, and levels of authority for different tasks across
various teams. What type of tool is the corporation likely to use to document
this information? - ANSWER-Responsibility matrix
A security engineer is updating the company's cyber security strategy. Which of
the following strategies is the MOST effective in reducing the company's
network attack surface? - ANSWER-Establish multiple control categories and
functions to enforce multiple layers of protection.
During an annual review, a health services company's leadership aims to
scrutinize its disaster response and data recovery protocols. They focus on
effectiveness, hidden weaknesses, and clarity of employee roles during a
disaster. Which course of action would BEST serve these objectives? - ANSWER-
Organizing tabletop exercises
A financial services company tasks its IT security team with reducing the
network's attack surface. They have segmented the network into security zones,
put port security measures in place, and physically isolated critical servers. The
IT security team wants to further reduce the risk of attack by managing traffic
flow between security zones. Which of the following measures should the team
implement? - ANSWER-Apply the principle of least privilege when defining
traffic policies between zones.
, A systems engineer must develop a design strategy for a new data center that
provides services around-the-clock, and any disruptions must resolve quickly.
Which of the following is a primary consideration in the engineer's design to
meet these requirements? - ANSWER-Ease of recovery
A multinational corporation wants to standardize and automate the setup of its
Information Technology (IT) infrastructure across various branches. This would
reduce manual setup errors and allow for quicker deployment and scaling of
resources as per demand. Which methodology should the corporation adopt to
accomplish this? - ANSWER-Infrastructure as code
A major e-commerce company is planning for a disaster recovery strategy that
balances minimal data loss, quick recovery, and budget considerations. It needs
a recovery site that does not necessitate instant recovery but restores critical
systems promptly. Which option BEST suits the company's recovery site
requirements? - ANSWER-Establishing a warm site
An organization implements a new network infrastructure and plans to use an
intrusion prevention system (IPS) for security. The IT manager wants to ensure
that the IPS will continue to let traffic flow if it fails. Which failure mode should
the IT manager configure the IPS? - ANSWER-Fail-open
A network engineer is segmenting a company's network to improve security. In
terms of routing infrastructure, which of the following strategies would the
engineer employ to segment different types of hosts attached to the same
switch? - ANSWER-Assign each host to a different virtual local area network
(VLAN).
