ISC2-ISSAP Domain 2: Security Architecture Modeling Welcome to your ISC2-ISSAP Domain 2: Security Architecture Modeling 1. ISSAP: Security Architecture Modeling Which of the following best describes the concept of "Defense in Depth" in the context of security architecture modeling? A. Implementing a single, robust security measure to protect the entire system. B. Deploying multiple security measures at the network perimeter only. C. Layering multiple security controls throughout an IT system. D. Focusing on physical security controls to protect data centers. None 2. ISSAP: Security Architecture Modeling In the context of security architecture, what is the primary purpose of a "Threat Model"? A. To document an organization's acceptable level of risk. B. To identify, assess, and prioritize potential threats to the system. C. To define the budget for security investments. D. To track the performance of installed security solutions. None 3. ISSAP: Security Architecture Modeling What role does "Security Architecture Review" play in the development lifecycle of an application? A. It ensures compliance with coding standards only. B. It verifies that security controls are operating effectively post-deployment. C. It assesses the application architecture for security risks at the design stage. D. It focuses on the physical security of the development environment. None 4. ISSAP: Security Architecture Modeling Which of the following best exemplifies the use of "Security Zones" in network design? A. Assigning all users the same access rights to simplify management. B. Segmenting the network based on organizational structure, without regard to data sensitivity. C. Dividing the network into segments based on sensitivity and function to apply appropriate controls. D. Placing all servers in a single, highly secured network segment. None 5. ISSAP: Security Architecture Modeling In security architecture modeling, what is the primary function of "Identity and Access Management" (IAM)? A. To monitor network traffic and prevent unauthorized data exfiltration. B. To provide a backup solution for data recovery. C. To manage user identities and control access to resources based on roles. D. To encrypt data at rest and in transit. None 6. ISSAP: Security Architecture Modeling Which technique is most effective for ensuring data confidentiality and integrity in a cloud computing environment? A. Multi-tenancy B. Data tokenization C. Virtual Private Network (VPN) usage D. Encryption of data at rest and in transit None 7. ISSAP: Security Architecture Modeling In the context of security architecture, what is the purpose of "Zero Trust" architecture? A. To eliminate the need for security controls within an IT system. B. To trust all users within the organization but not external users. C. To require continuous verification of all users and devices, regardless of their location. D. To focus exclusively on external threats, ignoring insider threats. None 8. ISSAP: Security Architecture Modeling Which of the following best represents the concept of "Privacy by Design" in security architecture? A. Prioritizing user privacy in the initial design phase of products and systems. B. Implementing privacy controls only after a data breach occurs. C. Focusing on privacy for marketing purposes, without integrating it into systems. D. Addressing privacy concerns exclusively through user training and awareness. None 9. ISSAP: Security Architecture Modeling In the creation of a secure architecture, what is the significance of "Data Flow Diagrams" (DFDs)? A. They outline the physical layout of the network infrastructure. B. They depict how data moves through the system, identifying potential security vulnerabilities. C. They are used exclusively for documenting firewall rules. D. They map out the user interface design for applications. None 10. ISSAP: Security Architecture Modeling What is the primary benefit of implementing "Microsegmentation" in a network security architecture? A. It simplifies network management by reducing the number of security controls. B. It enhances the performance of network applications by minimizing latency. C. It increases the granularity of security controls to isolate workloads and minimize the attack surface. D. It decreases the cost of network infrastructure by utilizing fewer physical devices. None 11. ISSAP: Security Architecture Modeling In security architecture, how does "Attribute-Based Access Control" 'ABAC' differ from "Role-Based Access Control" 'RBAC'? A. ABAC is based on the roles within an organization, while RBAC is based on user attributes. B. ABAC uses encryption to secure data, while RBAC uses permissions. C. ABAC allows for permissions to be granted based on a wide range of attributes, including context and environment, whereas RBAC grants access based on predefined roles. D. ABAC is used exclusively in physical security systems, while RBAC is used in IT systems. None 12. ISSAP: Security Architecture Modeling In the deployment of a Public Key Infrastructure (PKI), what role does the Certificate Authority 'CA' play? A. It encrypts data using public key algorithms. B. It generates private keys for users. C. It issues and manages digital certificates. D. It acts as a repository for storing public keys. None 13. ISSAP: Security Architecture Modeling What is the main objective of implementing "Microsegmentation" in a data center security architecture? A. To increase the physical security of the data center. B. To reduce the overall cost of the IT infrastructure. C. To limit the lateral movement of attackers within the network. D. To simplify network management and maintenance. None 14. ISSAP: Security Architecture Modeling In the context of security architecture, what is the significance of "Cross-Domain Solutions" (CDS)? A. They enable unrestricted data flow between networks of differing security levels. B. They provide mechanisms to securely transfer data between networks of different security classifications. C. They focus exclusively on physical security measures between different organizational units. D. They eliminate the need for network segmentation and access controls. None 15. ISSAP: Security Architecture Modeling What role does "Attribute-Based Access Control" 'ABAC' play in security architecture? A. It grants access based solely on the roles assigned to users within an organization. B. It enables access decisions to be made based on attributes of users, resources, and the environment. C. It restricts access to resources based on the network segment a user is connected to. D. It allows unrestricted access to resources within the same domain. None 16. ISSAP: Security Architecture Modeling In security architecture modeling, what is the primary concern when implementing "Security Information and Event Management" (SIEM) systems? A. Reducing the physical footprint of data center hardware. B. Managing the storage requirements for log data. C. Correlating and analyzing security data from different sources to identify anomalies. D. Simplifying user access controls across the network. None 17. ISSAP: Security Architecture Modeling How does "Secure Multi-Tenancy" impact the design of cloud security architectures? A. It eliminates the need for encryption in cloud storage. B. It ensures that the data and applications of one tenant are isolated and cannot be accessed by other tenants. C. It allows all tenants to share the same applications and data for cost efficiency. D. It requires all cloud tenants to use the same security controls and policies. None 18. ISSAP: Security Architecture Modeling What is the purpose of "Security Orchestration, Automation, and Response" (SOAR) in security architecture? A. To manually respond to security incidents as they are identified. B. To automate the integration and management of different security tools and processes. C. To eliminate the need for human intervention in the security monitoring process. D. To focus solely on the physical security automation of data centers. None 19. ISSAP: Security Architecture Modeling In the context of "Data Sovereignty" within security architecture, what is a primary consideration? A. Ensuring all data is encrypted with the same algorithms globally. B. Designing systems so that data does not cross geographical boundaries where different legal requirements may apply. C. Maintaining a single global standard for data access and control. D. Focusing solely on the physical location of data centers. None 20. ISSAP: Security Architecture Modeling What is the impact of "Quantum Computing" on the future design of cryptographic security architectures? A. It will make current encryption methods obsolete, requiring the development of quantum-resistant algorithms. B. It will reduce the effectiveness of network segmentation as a security control. C. It will eliminate the need for multi-factor authentication mechanisms. D. It will simplify the management of digital identities and access controls. None 1 out of 20 Time is Up! Time's up
