Certmaster CE Security+ Domain 3.0 Security Architecture Assessment
Questions and Answers Rated A
An organization plans to implement a load network security. The firm has been dealing with
balancer as part of its network infrastructure to intrusions where raw User Datagram Protocol
manage the increased web traffic to its services. (UDP) packets bypass open ports due to a virus.
The organization tasks a network administrator The specialist will analyze packet data to verify
with ensuring that the load balancer configures in that the application protocol corresponds to the
line with best security practices to reduce the port. The company also wants to track the state
attack surface and secure the enterprise of sessions and prevent fraudulent session
infrastructure. The network administrator's initiations. Which of the following tools should the
responsibilities include evaluating the network IT specialist prioritize deploying? -
appliances, securing connectivity, and ANSWER -D. Deep packet inspection
considering device placement. What is th - firewall
ANSWER -A. Implement a Web Application
Firewall alongside the load balancer.
A manufacturing firm is exploring the
implementation of an isolated network system for
A multinational corporation handles human- its plant floor operations. The goal is to prevent
readable and non-human-readable data. What any unauthorized or accidental communication
are the implications for security operations and with other networks. The firm plans to manage
controls? - ANSWER -A. Security large-scale, real-time processes using this
measures for non-human-readable data: system. Which type of infrastructure will BEST fit
encryption, access controls, intrusion the firm's needs? - ANSWER -D.
detection/prevention, and secure data exchange ICS/SCADA infrastructure
(incorrect)
B. Security measures for human-readable data:
monitoring, user awareness, encryption, and A medium-sized organization elects to redesign
secure data exchange (incorrect) its network security infrastructure. The IT
manager is considering implementing a proxy
server to enhance security and improve client
The IT manager of a medium-sized organization performance. The organization's network
is designing a new network infrastructure to includes a virtual private network (VPN) for
secure its enterprise infrastructure by remote access, multiple security zones, and a
implementing an Intrusion Prevention System Unified Threat Management (UTM) system.
(IPS) and an Intrusion Detection System (IDS). Which of the following is the primary benefit of
The manager is considering different deployment implementing a proxy server in this scenario? -
methods for the IPS/IDS to optimize their ANSWER -B. The proxy server can perform
effectiveness. The organization's network application-layer filtering, enhancing network
includes multiple security zones, a virtual private traffic security.
network (VPN) for remote access, and a web
application firewall (WAF). Which deployment
method - ANSWER -C. Deploy the IPS/IDS A global e-commerce company faces challenges
devices in inline mode at the network perimeter. with its legacy monolithic application. The
application is becoming increasingly difficult to
maintain due to its intertwined components and
An IT specialist working for a multinational struggles to scale quickly enough to handle
confectionery company needs to fortify its sudden traffic surges during big sales events.
1/8
, Certmaster CE Security+ Domain 3.0 Security Architecture Assessment
Questions and Answers Rated A
The company has already invested in cloud a disaster. Which course of action would BEST
technology and on-premises infrastructure but serve these objectives? - ANSWER -C.
still faces scalability and manageability issues. Organizing tabletop exercises
What would MOST effectively address these
challenges? - ANSWER -A. Microservices
A cloud administrator wants to directly connect a
cloud server instance with another cloud server
A large multinational corporation is restructuring instance privately on Amazon Web Services
its IT division. The corporation defines roles, (AWS). How can the administrator configure
responsibilities, and levels of authority for them without going through an internet gateway?
different tasks across various teams. What type - ANSWER -B. By using a virtual private
of tool is the corporation likely to use to cloud (VPC) peering connection
document this information? - ANSWER -B.
Responsibility matrix
A global banking institution instructs its
cybersecurity team to minimize the network's
The IT department of a healthcare provider vulnerability to cyber threats. The team has
maintains a database containing personal health divided the network into secure segments,
information for its patients. Which classification initiated port security protocols, and physically
BEST suits this type of data? - ANSWER - segregated key servers. The team now wishes to
D. Regulated manage the flow of traffic between the security
segments to reduce the threat of attack. What
approach should the cybersecurity team adopt? -
A corporation is experiencing frequent power ANSWER -B. Enforce role-based access
failures in its data center, which are causing control for traffic policies between zones.
downtime and resulting in high recovery costs.
Which strategy could the corporation employ to
minimize the impact of these power failures? - A hospital is putting measures in place to protect
ANSWER -D. Implement a UPS system patient records. Which term BEST describes how
the hospital should classify patient data? -
ANSWER -B. Sensitive
An organization wants to improve the security of
sensitive customer information stored on its
servers. This sensitive customer information is A healthcare institution is building a new patient
"data at rest" and not currently accessed or information system. It wants to ensure the system
processed. Which method should the can handle the projected volume of patient
organization consider for protecting this data? - records and requests, especially during peak
ANSWER -C. Encryption hours, without compromising the accuracy of
information and system performance. Which of
the following is the MOST effective way to
During an annual review, a health services confirm the system's ability to manage the
company's leadership aims to scrutinize its expected demand? - ANSWER -B. Running
disaster response and data recovery protocols. a simulation of the system
They focus on effectiveness, hidden
weaknesses, and clarity of employee roles during
2/8
Questions and Answers Rated A
An organization plans to implement a load network security. The firm has been dealing with
balancer as part of its network infrastructure to intrusions where raw User Datagram Protocol
manage the increased web traffic to its services. (UDP) packets bypass open ports due to a virus.
The organization tasks a network administrator The specialist will analyze packet data to verify
with ensuring that the load balancer configures in that the application protocol corresponds to the
line with best security practices to reduce the port. The company also wants to track the state
attack surface and secure the enterprise of sessions and prevent fraudulent session
infrastructure. The network administrator's initiations. Which of the following tools should the
responsibilities include evaluating the network IT specialist prioritize deploying? -
appliances, securing connectivity, and ANSWER -D. Deep packet inspection
considering device placement. What is th - firewall
ANSWER -A. Implement a Web Application
Firewall alongside the load balancer.
A manufacturing firm is exploring the
implementation of an isolated network system for
A multinational corporation handles human- its plant floor operations. The goal is to prevent
readable and non-human-readable data. What any unauthorized or accidental communication
are the implications for security operations and with other networks. The firm plans to manage
controls? - ANSWER -A. Security large-scale, real-time processes using this
measures for non-human-readable data: system. Which type of infrastructure will BEST fit
encryption, access controls, intrusion the firm's needs? - ANSWER -D.
detection/prevention, and secure data exchange ICS/SCADA infrastructure
(incorrect)
B. Security measures for human-readable data:
monitoring, user awareness, encryption, and A medium-sized organization elects to redesign
secure data exchange (incorrect) its network security infrastructure. The IT
manager is considering implementing a proxy
server to enhance security and improve client
The IT manager of a medium-sized organization performance. The organization's network
is designing a new network infrastructure to includes a virtual private network (VPN) for
secure its enterprise infrastructure by remote access, multiple security zones, and a
implementing an Intrusion Prevention System Unified Threat Management (UTM) system.
(IPS) and an Intrusion Detection System (IDS). Which of the following is the primary benefit of
The manager is considering different deployment implementing a proxy server in this scenario? -
methods for the IPS/IDS to optimize their ANSWER -B. The proxy server can perform
effectiveness. The organization's network application-layer filtering, enhancing network
includes multiple security zones, a virtual private traffic security.
network (VPN) for remote access, and a web
application firewall (WAF). Which deployment
method - ANSWER -C. Deploy the IPS/IDS A global e-commerce company faces challenges
devices in inline mode at the network perimeter. with its legacy monolithic application. The
application is becoming increasingly difficult to
maintain due to its intertwined components and
An IT specialist working for a multinational struggles to scale quickly enough to handle
confectionery company needs to fortify its sudden traffic surges during big sales events.
1/8
, Certmaster CE Security+ Domain 3.0 Security Architecture Assessment
Questions and Answers Rated A
The company has already invested in cloud a disaster. Which course of action would BEST
technology and on-premises infrastructure but serve these objectives? - ANSWER -C.
still faces scalability and manageability issues. Organizing tabletop exercises
What would MOST effectively address these
challenges? - ANSWER -A. Microservices
A cloud administrator wants to directly connect a
cloud server instance with another cloud server
A large multinational corporation is restructuring instance privately on Amazon Web Services
its IT division. The corporation defines roles, (AWS). How can the administrator configure
responsibilities, and levels of authority for them without going through an internet gateway?
different tasks across various teams. What type - ANSWER -B. By using a virtual private
of tool is the corporation likely to use to cloud (VPC) peering connection
document this information? - ANSWER -B.
Responsibility matrix
A global banking institution instructs its
cybersecurity team to minimize the network's
The IT department of a healthcare provider vulnerability to cyber threats. The team has
maintains a database containing personal health divided the network into secure segments,
information for its patients. Which classification initiated port security protocols, and physically
BEST suits this type of data? - ANSWER - segregated key servers. The team now wishes to
D. Regulated manage the flow of traffic between the security
segments to reduce the threat of attack. What
approach should the cybersecurity team adopt? -
A corporation is experiencing frequent power ANSWER -B. Enforce role-based access
failures in its data center, which are causing control for traffic policies between zones.
downtime and resulting in high recovery costs.
Which strategy could the corporation employ to
minimize the impact of these power failures? - A hospital is putting measures in place to protect
ANSWER -D. Implement a UPS system patient records. Which term BEST describes how
the hospital should classify patient data? -
ANSWER -B. Sensitive
An organization wants to improve the security of
sensitive customer information stored on its
servers. This sensitive customer information is A healthcare institution is building a new patient
"data at rest" and not currently accessed or information system. It wants to ensure the system
processed. Which method should the can handle the projected volume of patient
organization consider for protecting this data? - records and requests, especially during peak
ANSWER -C. Encryption hours, without compromising the accuracy of
information and system performance. Which of
the following is the MOST effective way to
During an annual review, a health services confirm the system's ability to manage the
company's leadership aims to scrutinize its expected demand? - ANSWER -B. Running
disaster response and data recovery protocols. a simulation of the system
They focus on effectiveness, hidden
weaknesses, and clarity of employee roles during
2/8
