2
CompTIA CertMaster Security+ SY0-701 Domain 3.0 || || || || || ||
Security Architecture Assessment Exam with verified || || || || || ||
solutions
A company is deploying a software service to monitor traffic and enforce security policies in its
|| || || || || || || || || || || || || || || ||
cloud environment. Considering the need for responsiveness, which technology should the
|| || || || || || || || || || ||
company consider using? - ✔✔Serverless platforms and software-defined networking (SDN)
|| || || || || || || || ||
The IT manager of a medium-sized organization is designing a new network infrastructure to
|| || || || || || || || || || || || || ||
secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an
|| || || || || || || || || || || || ||
Intrusion Detection System (IDS). The manager is considering different deployment methods for
|| || || || || || || || || || || ||
the IPS/IDS to optimize their effectiveness. The organization's network includes multiple security
|| || || || || || || || || || || ||
zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF).
|| || || || || || || || || || || || || || ||
Which deployment method provides the MOST comprehensive protection in this scenario? -
|| || || || || || || || || || || ||
✔✔Deploy the IPS/IDS devices in inline mode at the network perimeter. || || || || || || || || || ||
A hospital is putting measures in place to protect patient records. Which term BEST describes
|| || || || || || || || || || || || || || ||
how the hospital should classify patient data? - ✔✔Sensitive
|| || || || || || || ||
A multinational company is improving its data security strategy and asks an IT professional to
|| || || || || || || || || || || || || || ||
apply different protective measures, ensuring that the data remains secure, whether stored,
|| || || || || || || || || || || ||
transferred, or processed. What refers to the various aspects of data, such as "at rest", "in transit",
|| || || || || || || || || || || || || || || || ||
or "in use"? - ✔✔Data states
|| || || || ||
A company is redesigning its network architecture and wants to implement a zone-based security
|| || || || || || || || || || || || || ||
model. Which of the following is the MOST accurate statement about hosts within the same zone?
|| || || || || || || || || || || || || || ||
- ✔✔Hosts within the same zone should be subject to the same access control requirements.
|| || || || || || || || || || || || || || ||
A global banking institution instructs its cybersecurity team to minimize the network's
|| || || || || || || || || || || ||
vulnerability to cyber threats. The team has divided the network into secure segments, initiated || || || || || || || || || || || || || ||
port security protocols, and physically segregated key servers. The team now wishes to manage
|| || || || || || || || || || || || || ||
the flow of traffic between the security segments to reduce the threat of attack. What approach
|| || || || || || || || || || || || || || || ||
, 2
should the cybersecurity team adopt? - ✔✔Enforce role-based access control for traffic policies
|| || || || || || || || || || || || ||
between zones. ||
A cyber analyst drafts a briefing sheet on the application of security principles to secure enterprise
|| || || || || || || || || || || || || || ||
infrastructures with an emphasis on device attributes. What is directly attributed to detective and
|| || || || || || || || || || || || || || ||
preventive security controls that use an agent or network configuration to monitor hosts? -
|| || || || || || || || || || || || || ||
✔✔Active security control || ||
A small logistics company is contemplating certain steps for its data centers in its quest to fortify
|| || || || || || || || || || || || || || || || ||
its systems against long-term power outages. What is the MOST suitable measure the company
|| || || || || || || || || || || || || ||
could undertake? - ✔✔Deploying onsite generators
|| || || || ||
A medium-sized organization is upgrading its network infrastructure to secure its enterprise
|| || || || || || || || || || || ||
infrastructure by implementing an intrusion prevention system (IPS) and an intrusion detection || || || || || || || || || || || ||
system (IDS). The organization has sensitive data in different security zones, and the IT manager
|| || || || || || || || || || || || || || ||
has concerns regarding the attack surface and network connectivity. Which of the following
|| || || || || || || || || || || || ||
placements of the IPS/IDS devices would be MOST effective in this scenario? - ✔✔Place the
|| || || || || || || || || || || || || || ||
IPS/IDS devices at the network perimeter to monitor inbound and outbound traffic.
|| || || || || || || || || || ||
A financial organization is currently handling a document that contains sensitive customer
|| || || || || || || || || || || ||
information, which is protected by a non-disclosure agreement. According to data classifications,
|| || || || || || || || || || || ||
how should the financial organization categorize this data? - ✔✔Confidential data
|| || || || || || || || || ||
A security engineer is updating the company's cyber security strategy. Which of the following
|| || || || || || || || || || || || || ||
strategies is the MOST effective in reducing the company's network attack surface? -
|| || || || || || || || || || || || ||
✔✔Establish multiple control categories and functions to enforce multiple layers of protection. || || || || || || || || || || ||
A multinational corporation wants to standardize and automate the setup of its Information
|| || || || || || || || || || || || ||
Technology (IT) infrastructure across various branches. This would reduce manual setup errors
|| || || || || || || || || || || ||
and allow for quicker deployment and scaling of resources as per demand. Which methodology
|| || || || || || || || || || || || || ||
should the corporation adopt to accomplish this? - ✔✔Infrastructure as code
|| || || || || || || || || ||
CompTIA CertMaster Security+ SY0-701 Domain 3.0 || || || || || ||
Security Architecture Assessment Exam with verified || || || || || ||
solutions
A company is deploying a software service to monitor traffic and enforce security policies in its
|| || || || || || || || || || || || || || || ||
cloud environment. Considering the need for responsiveness, which technology should the
|| || || || || || || || || || ||
company consider using? - ✔✔Serverless platforms and software-defined networking (SDN)
|| || || || || || || || ||
The IT manager of a medium-sized organization is designing a new network infrastructure to
|| || || || || || || || || || || || || ||
secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an
|| || || || || || || || || || || || ||
Intrusion Detection System (IDS). The manager is considering different deployment methods for
|| || || || || || || || || || || ||
the IPS/IDS to optimize their effectiveness. The organization's network includes multiple security
|| || || || || || || || || || || ||
zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF).
|| || || || || || || || || || || || || || ||
Which deployment method provides the MOST comprehensive protection in this scenario? -
|| || || || || || || || || || || ||
✔✔Deploy the IPS/IDS devices in inline mode at the network perimeter. || || || || || || || || || ||
A hospital is putting measures in place to protect patient records. Which term BEST describes
|| || || || || || || || || || || || || || ||
how the hospital should classify patient data? - ✔✔Sensitive
|| || || || || || || ||
A multinational company is improving its data security strategy and asks an IT professional to
|| || || || || || || || || || || || || || ||
apply different protective measures, ensuring that the data remains secure, whether stored,
|| || || || || || || || || || || ||
transferred, or processed. What refers to the various aspects of data, such as "at rest", "in transit",
|| || || || || || || || || || || || || || || || ||
or "in use"? - ✔✔Data states
|| || || || ||
A company is redesigning its network architecture and wants to implement a zone-based security
|| || || || || || || || || || || || || ||
model. Which of the following is the MOST accurate statement about hosts within the same zone?
|| || || || || || || || || || || || || || ||
- ✔✔Hosts within the same zone should be subject to the same access control requirements.
|| || || || || || || || || || || || || || ||
A global banking institution instructs its cybersecurity team to minimize the network's
|| || || || || || || || || || || ||
vulnerability to cyber threats. The team has divided the network into secure segments, initiated || || || || || || || || || || || || || ||
port security protocols, and physically segregated key servers. The team now wishes to manage
|| || || || || || || || || || || || || ||
the flow of traffic between the security segments to reduce the threat of attack. What approach
|| || || || || || || || || || || || || || || ||
, 2
should the cybersecurity team adopt? - ✔✔Enforce role-based access control for traffic policies
|| || || || || || || || || || || || ||
between zones. ||
A cyber analyst drafts a briefing sheet on the application of security principles to secure enterprise
|| || || || || || || || || || || || || || ||
infrastructures with an emphasis on device attributes. What is directly attributed to detective and
|| || || || || || || || || || || || || || ||
preventive security controls that use an agent or network configuration to monitor hosts? -
|| || || || || || || || || || || || || ||
✔✔Active security control || ||
A small logistics company is contemplating certain steps for its data centers in its quest to fortify
|| || || || || || || || || || || || || || || || ||
its systems against long-term power outages. What is the MOST suitable measure the company
|| || || || || || || || || || || || || ||
could undertake? - ✔✔Deploying onsite generators
|| || || || ||
A medium-sized organization is upgrading its network infrastructure to secure its enterprise
|| || || || || || || || || || || ||
infrastructure by implementing an intrusion prevention system (IPS) and an intrusion detection || || || || || || || || || || || ||
system (IDS). The organization has sensitive data in different security zones, and the IT manager
|| || || || || || || || || || || || || || ||
has concerns regarding the attack surface and network connectivity. Which of the following
|| || || || || || || || || || || || ||
placements of the IPS/IDS devices would be MOST effective in this scenario? - ✔✔Place the
|| || || || || || || || || || || || || || ||
IPS/IDS devices at the network perimeter to monitor inbound and outbound traffic.
|| || || || || || || || || || ||
A financial organization is currently handling a document that contains sensitive customer
|| || || || || || || || || || || ||
information, which is protected by a non-disclosure agreement. According to data classifications,
|| || || || || || || || || || || ||
how should the financial organization categorize this data? - ✔✔Confidential data
|| || || || || || || || || ||
A security engineer is updating the company's cyber security strategy. Which of the following
|| || || || || || || || || || || || || ||
strategies is the MOST effective in reducing the company's network attack surface? -
|| || || || || || || || || || || || ||
✔✔Establish multiple control categories and functions to enforce multiple layers of protection. || || || || || || || || || || ||
A multinational corporation wants to standardize and automate the setup of its Information
|| || || || || || || || || || || || ||
Technology (IT) infrastructure across various branches. This would reduce manual setup errors
|| || || || || || || || || || || ||
and allow for quicker deployment and scaling of resources as per demand. Which methodology
|| || || || || || || || || || || || || ||
should the corporation adopt to accomplish this? - ✔✔Infrastructure as code
|| || || || || || || || || ||
