CompTIA Security+ Domain 3: Architecture and Design Welcome to your CompTIA Security+ Domain 3: Architecture and Design 1. CompTIA Security+: Architecture and Design In the context of secure network design, what is the primary purpose of a Demilitarized Zone (DMZ)? A. To isolate internal network services from the external network B. To encrypt data transmission across networks C. To provide a backup for network services D. To serve as the primary storage for sensitive data None 2. CompTIA Security+: Architecture and Design Which of the following is a security concept that ensures that data is only modified by authorized users and in authorized ways? A. Confidentiality B. Integrity C. Availability D. Non-repudiation None 3. CompTIA Security+: Architecture and Design What is the primary function of a network-based Intrusion Detection System (NIDS)? A. To encrypt network traffic B. To filter malicious network traffic C. To detect and alert on potential network security breaches D. To serve as a primary firewall None 4. CompTIA Security+: Architecture and Design In a security context, what is the main purpose of employing a honeypot in a network? A. To serve as the main firewall B. To attract and analyze potential attacks C. To encrypt sensitive data D. To provide redundancy for data storage None 5. CompTIA Security+: Architecture and Design Which security principle is primarily concerned with minimizing the amount of damage that can be done in the event of a security breach? A. Risk Management B. Least Privilege C. Defense in Depth D. Segmentation None 6. CompTIA Security+: Architecture and Design What is the primary purpose of Data Loss Prevention (DLP) technology? A. To encrypt data transmissions B. To detect and prevent data breaches/exfiltration C. To provide a secure data backup D. To monitor network performance None 7. CompTIA Security+: Architecture and Design In cloud computing, what is the primary security concern of a Multi-Tenancy environment? A. Data redundancy B. Increased network traffic C. Data isolation D. Resource allocation None 8. CompTIA Security+: Architecture and Design What is the main purpose of using a Security Information and Event Management (SIEM) system? A. To manage network devices B. To encrypt data storage C. To analyze and aggregate security logs and alerts D. To serve as a primary firewall None 9. CompTIA Security+: Architecture and Design Which of the following best describes the concept of 'Zero Trust' in network security? A. Trusting no external systems B. Never changing security protocols C. Not requiring authentication for internal systems D. Verifying everything, regardless of location None 10. CompTIA Security+: Architecture and Design In the context of virtualization security, what is the main purpose of a hypervisor? A. To act as a firewall for virtual machines B. To manage and create virtual machines C. To encrypt virtual machine data D. To monitor network traffic for virtual machines None 11. CompTIA Security+: Architecture and Design In Secure Software Development Life Cycle SDLC models, which phase primarily focuses on defining security requirements and goals? A. Implementation B. Design C. Deployment D. Planning None 12. CompTIA Security+: Architecture and Design What is the primary security function of a WAF (Web Application Firewall)? A. To encrypt web traffic B. To monitor network bandwidth C. To protect web applications by filtering and monitoring HTTP traffic D. To act as a reverse proxy None 13. CompTIA Security+: Architecture and Design In the context of cloud computing, what is the main purpose of a Cloud Access Security Broker CASB? A. To provide additional network bandwidth B. To manage virtual machine deployments C. To act as an intermediary for security policy enforcement D. To encrypt data stored in the cloud None 14. CompTIA Security+: Architecture and Design What is the primary function of Secure Sockets Layer (SSL) / Transport Layer Security (TLS) in network security? A. To manage user access to network resources B. To provide secure, encrypted communications over a computer network C. To serve as a primary firewall D. To monitor network traffic None 15. CompTIA Security+: Architecture and Design In cybersecurity, what is the primary purpose of employing containerization? A. To encrypt data transmissions B. To provide physical security for servers C. To isolate applications for security and dependency management D. To monitor system performance None 16. CompTIA Security+: Architecture and Design Which of the following best describes the concept of defense in depth in network security? A. Implementing multiple layers of security controls throughout an IT system B. Using a single, robust security measure to protect all network assets C. Focusing exclusively on perimeter security D. Concentrating security efforts on internal threats None 17. CompTIA Security+: Architecture and Design In network security, what is the main purpose of a VLAN (Virtual Local Area Network)? A. To increase the physical network speed B. To segment a physical network into multiple logical networks C. To serve as the main method for encrypting network traffic D. To provide a backup for network data None 18. CompTIA Security+: Architecture and Design What is the primary purpose of implementing an IDS (Intrusion Detection System) in tandem with an IPS (Intrusion Prevention System)? A. To exclusively encrypt network traffic B. To provide redundancy for network hardware C. To detect and actively prevent network intrusions D. To manage network bandwidth and data flow None 19. CompTIA Security+: Architecture and Design Which technology is primarily used for isolating network traffic to improve security and performance in a virtualized environment? A. Network Function Virtualization (NFV) B. Software-Defined Networking (SDN) C. Virtual Private Network (VPN) D. Network Attached Storage (NAS) None 20. CompTIA Security+: Architecture and Design In a cloud computing environment, what is the primary security benefit of implementing microsegmentation? A. To increase data storage capacity B. To improve application performance C. To enhance network traffic speed D. To strengthen security within a virtualized data center None 1 out of 20 Time is Up! Time's up
