Certmaster CE Security+ Domain 3.0 Security
Architecture Assessment
An organization plans to implement a load balancer as part of its network infrastructure
to manage the increased web traffic to its services. The organization tasks a network
administrator with ensuring that the load balancer configures in line with best security
practices to reduce the attack surface and secure the enterprise infrastructure. The
network administrator's responsibilities include evaluating the network appliances,
securing connectivity, and considering device placement. What is th (Correct Answer) -
✅ A. Implement a Web Application Firewall alongside the load balancer.
A multinational corporation handles human-readable and non-human-readable data.
What are the implications for security operations and controls? (Correct Answer) - ✅
A. Security measures for non-human-readable data: encryption, access controls, intrusion
detection/prevention, and secure data exchange (incorrect)
B. Security measures for human-readable data: monitoring, user awareness, encryption,
and secure data exchange (incorrect)
The IT manager of a medium-sized organization is designing a new network
infrastructure to secure its enterprise infrastructure by implementing an Intrusion
Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is
, considering different deployment methods for the IPS/IDS to optimize their effectiveness.
The organization's network includes multiple security zones, a virtual private network
(VPN) for remote access, and a web application firewall (WAF). Which deployment
method (Correct Answer) - ✅ C. Deploy the IPS/IDS devices in inline mode at the
network perimeter.
An IT specialist working for a multinational confectionery company needs to fortify its
network security. The firm has been dealing with intrusions where raw User Datagram
Protocol (UDP) packets bypass open ports due to a virus. The specialist will analyze
packet data to verify that the application protocol corresponds to the port. The company
also wants to track the state of sessions and prevent fraudulent session initiations. Which
of the following tools should the IT specialist prioritize deploying? (Correct Answer) -
✅ D. Deep packet inspection firewall
A manufacturing firm is exploring the implementation of an isolated network system for
its plant floor operations. The goal is to prevent any unauthorized or accidental
communication with other networks. The firm plans to manage large-scale, real-time
processes using this system. Which type of infrastructure will BEST fit the firm's needs?
(Correct Answer) - ✅ D. ICS/SCADA infrastructure
A medium-sized organization elects to redesign its network security infrastructure. The
IT manager is considering implementing a proxy server to enhance security and improve
client performance. The organization's network includes a virtual private network (VPN)
for remote access, multiple security zones, and a Unified Threat Management (UTM)
system. Which of the following is the primary benefit of implementing a proxy server in
this scenario? (Correct Answer) - ✅ B. The proxy server can perform application-layer
filtering, enhancing network traffic security.
A global e-commerce company faces challenges with its legacy monolithic application.
The application is becoming increasingly difficult to maintain due to its intertwined
components and struggles to scale quickly enough to handle sudden traffic surges during
big sales events. The company has already invested in cloud technology and on-premises
Architecture Assessment
An organization plans to implement a load balancer as part of its network infrastructure
to manage the increased web traffic to its services. The organization tasks a network
administrator with ensuring that the load balancer configures in line with best security
practices to reduce the attack surface and secure the enterprise infrastructure. The
network administrator's responsibilities include evaluating the network appliances,
securing connectivity, and considering device placement. What is th (Correct Answer) -
✅ A. Implement a Web Application Firewall alongside the load balancer.
A multinational corporation handles human-readable and non-human-readable data.
What are the implications for security operations and controls? (Correct Answer) - ✅
A. Security measures for non-human-readable data: encryption, access controls, intrusion
detection/prevention, and secure data exchange (incorrect)
B. Security measures for human-readable data: monitoring, user awareness, encryption,
and secure data exchange (incorrect)
The IT manager of a medium-sized organization is designing a new network
infrastructure to secure its enterprise infrastructure by implementing an Intrusion
Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is
, considering different deployment methods for the IPS/IDS to optimize their effectiveness.
The organization's network includes multiple security zones, a virtual private network
(VPN) for remote access, and a web application firewall (WAF). Which deployment
method (Correct Answer) - ✅ C. Deploy the IPS/IDS devices in inline mode at the
network perimeter.
An IT specialist working for a multinational confectionery company needs to fortify its
network security. The firm has been dealing with intrusions where raw User Datagram
Protocol (UDP) packets bypass open ports due to a virus. The specialist will analyze
packet data to verify that the application protocol corresponds to the port. The company
also wants to track the state of sessions and prevent fraudulent session initiations. Which
of the following tools should the IT specialist prioritize deploying? (Correct Answer) -
✅ D. Deep packet inspection firewall
A manufacturing firm is exploring the implementation of an isolated network system for
its plant floor operations. The goal is to prevent any unauthorized or accidental
communication with other networks. The firm plans to manage large-scale, real-time
processes using this system. Which type of infrastructure will BEST fit the firm's needs?
(Correct Answer) - ✅ D. ICS/SCADA infrastructure
A medium-sized organization elects to redesign its network security infrastructure. The
IT manager is considering implementing a proxy server to enhance security and improve
client performance. The organization's network includes a virtual private network (VPN)
for remote access, multiple security zones, and a Unified Threat Management (UTM)
system. Which of the following is the primary benefit of implementing a proxy server in
this scenario? (Correct Answer) - ✅ B. The proxy server can perform application-layer
filtering, enhancing network traffic security.
A global e-commerce company faces challenges with its legacy monolithic application.
The application is becoming increasingly difficult to maintain due to its intertwined
components and struggles to scale quickly enough to handle sudden traffic surges during
big sales events. The company has already invested in cloud technology and on-premises
