CERTMASTER CE SECURITY+ DOMAIN 3.0
SECURITY ARCHITECTURE ASSESSMENT
QUESTION WITH 100% CORRECT ANSWERS
A network security administrator's responsibilities include enhancing the enterprise's network
infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their
defense strategy. The enterprise mixes internal and external services, including a web
application and a virtual private network (VPN) for remote access. Which of the following
should the administrator primarily consider when implementing the NGFW to ensure effective
security without disrupting normal operations?
Set the NGFW to operate in a fail-open mode, ensuring continuous network service even if the
firewall fails.
Position the NGFW as a jump server to manage secure access for all network services.
Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity.
Use the NGFW as a load balancer, distributing network traffic across multiple servers. -
✔️✔️Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining
connectivity.
A company is developing a system that requires instantaneous response to certain inputs. The
system will incorporate into a larger device and will not have many resources. What type of
system is likely to be MOST suitable for this scenario?
Real-time operating system
Windows operating system
Linux operating system
Embedded systems - ✔️✔️Real-time operating system
A network engineer is segmenting a company's network to improve security. In terms of routing
infrastructure, which of the following strategies would the engineer employ to segment
different types of hosts attached to the same switch?
Assign a different internet protocol (IP) address to each host on the switch.
Group hosts into VLANs based on department, function, or security requirements.
, Use the Address Resolution Protocol to map each host's IP interface to a different media access
control address.
Use the same VLAN IDs and subnets for all hosts. - ✔️✔️Group hosts into VLANs based on
department, function, or security requirements.
A company transmits source code from its headquarters to a partnered third-party contract
group via the internet. The network administrator wants to enhance the security of this code
while it is in transit. The selected method converts data into a coded format that can only be
accessed with a key and password. Which technique is being used in this scenario?
Hashing
Obfuscation
Tokenization
Encryption - ✔️✔️Encryption
An organization plans to implement a load balancer as part of its network infrastructure to
manage the increased web traffic to its services. The organization tasks a network administrator
with ensuring that the load balancer is configured in line with best security practices to reduce
the attack surface and secure the enterprise infrastructure. The network administrator's
responsibilities include evaluating the network appliances, securing connectivity, and
considering device placement. What is the MOST effective security measure in this scenario?
Implement a Web Application Firewall alongside the load balancer.
Configure the load balancer to operate in a fail-open mode.
Use a proxy server in combination with the load balancer.
Place the load balancer in the screened subnet. - ✔️✔️Implement a Web Application Firewall
alongside the load balancer.
A large organization is planning to restructure its network infrastructure to create better
security boundaries and enhance control over network traffic as it undergoes expansion with an
increasing number of remote employees. What should the company implement to meet these
requirements?
Scalability
Logical segmentation
SECURITY ARCHITECTURE ASSESSMENT
QUESTION WITH 100% CORRECT ANSWERS
A network security administrator's responsibilities include enhancing the enterprise's network
infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their
defense strategy. The enterprise mixes internal and external services, including a web
application and a virtual private network (VPN) for remote access. Which of the following
should the administrator primarily consider when implementing the NGFW to ensure effective
security without disrupting normal operations?
Set the NGFW to operate in a fail-open mode, ensuring continuous network service even if the
firewall fails.
Position the NGFW as a jump server to manage secure access for all network services.
Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity.
Use the NGFW as a load balancer, distributing network traffic across multiple servers. -
✔️✔️Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining
connectivity.
A company is developing a system that requires instantaneous response to certain inputs. The
system will incorporate into a larger device and will not have many resources. What type of
system is likely to be MOST suitable for this scenario?
Real-time operating system
Windows operating system
Linux operating system
Embedded systems - ✔️✔️Real-time operating system
A network engineer is segmenting a company's network to improve security. In terms of routing
infrastructure, which of the following strategies would the engineer employ to segment
different types of hosts attached to the same switch?
Assign a different internet protocol (IP) address to each host on the switch.
Group hosts into VLANs based on department, function, or security requirements.
, Use the Address Resolution Protocol to map each host's IP interface to a different media access
control address.
Use the same VLAN IDs and subnets for all hosts. - ✔️✔️Group hosts into VLANs based on
department, function, or security requirements.
A company transmits source code from its headquarters to a partnered third-party contract
group via the internet. The network administrator wants to enhance the security of this code
while it is in transit. The selected method converts data into a coded format that can only be
accessed with a key and password. Which technique is being used in this scenario?
Hashing
Obfuscation
Tokenization
Encryption - ✔️✔️Encryption
An organization plans to implement a load balancer as part of its network infrastructure to
manage the increased web traffic to its services. The organization tasks a network administrator
with ensuring that the load balancer is configured in line with best security practices to reduce
the attack surface and secure the enterprise infrastructure. The network administrator's
responsibilities include evaluating the network appliances, securing connectivity, and
considering device placement. What is the MOST effective security measure in this scenario?
Implement a Web Application Firewall alongside the load balancer.
Configure the load balancer to operate in a fail-open mode.
Use a proxy server in combination with the load balancer.
Place the load balancer in the screened subnet. - ✔️✔️Implement a Web Application Firewall
alongside the load balancer.
A large organization is planning to restructure its network infrastructure to create better
security boundaries and enhance control over network traffic as it undergoes expansion with an
increasing number of remote employees. What should the company implement to meet these
requirements?
Scalability
Logical segmentation
