ISC2-ISSAP Domain 3: Infrastructure Security Architecture Welcome to your ISC2-ISSAP Domain 3: Infrastructure Security Architecture 1. ISSAP: Infrastructure Security Architecture Which of the following best describes the purpose of a demilitarized zone (DMZ) in network architecture? A. To provide a secure area for data storage and processing. B. To act as a buffer zone between the internal network and untrusted external networks. C. To encrypt traffic between different segments of the internal network. D. To monitor and filter outbound traffic from the internal network to the internet. None 2. ISSAP: Infrastructure Security Architecture In the context of infrastructure security, what is the primary function of a network intrusion detection system (NIDS)? A. To prevent unauthorized access to network resources. B. To detect and alert on potential malicious activity within the network. C. To encrypt data traffic on the network. D. To provide a backup for network data. None 3. ISSAP: Infrastructure Security Architecture Which of the following technologies is MOST effective in preventing eavesdropping on data in transit within a corporate network? A. Firewall B. Intrusion Detection System (IDS) C. Virtual Private Network (VPN) D. Antivirus software None 4. ISSAP: Infrastructure Security Architecture What is the primary security concern addressed by implementing network segmentation? A. Increasing network speed and efficiency. B. Reducing the cost of network maintenance. C. Limiting the spread of attacks within a network. D. Simplifying network management. None 5. ISSAP: Infrastructure Security Architecture Which of the following best describes the function of a Web Application Firewall (WAF)? A. To protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. B. To prevent unauthorized access to web servers at the network layer. C. To encrypt web application data stored on the server. D. To monitor and prevent internal users from accessing malicious websites. None 6. ISSAP: Infrastructure Security Architecture In the context of securing a virtualized infrastructure, what is the main purpose of hypervisor-level security controls? A. To increase the storage capacity of virtual machines (VMs). B. To manage the network traffic between VMs more efficiently. C. To protect the hypervisor and its VMs from attacks and unauthorized access. D. To enhance the graphical performance of VMs. None 7. ISSAP: Infrastructure Security Architecture What is the primary benefit of using Security Information and Event Management (SIEM) in an organization's infrastructure? A. To provide real-time analysis of security alerts generated by applications and network hardware. B. To increase the data processing capacity of the infrastructure. C. To automate the patch management process for all devices. D. To encrypt data stored within the organization's infrastructure. None 8. ISSAP: Infrastructure Security Architecture Which of the following is a key security consideration when implementing an Internet of Things (IoT) infrastructure? A. Ensuring all IoT devices have a graphical user interface (GUI) for user interaction. B. Reducing the power consumption of IoT devices to extend battery life. C. Securing data transmission to and from IoT devices to prevent interception and manipulation. D. Maximizing the data storage capacity of IoT devices. None 9. ISSAP: Infrastructure Security Architecture In the design of a secure network architecture, what role does the principle of 'least privilege' play? A. It ensures that all users have unrestricted access to network resources to maximize productivity. B. It restricts user access rights to only those necessary to perform their job functions. C. It mandates the use of the strongest encryption methods for all data. D. It requires that all network communications be conducted in clear text for transparency. None 10. ISSAP: Infrastructure Security Architecture What is the significance of implementing an endpoint detection and response (EDR) solution in an organizational infrastructure? A. To enhance the efficiency of the organization's email system. B. To monitor and respond to advanced threats on endpoints in real-time. C. To provide unlimited data storage capacity for endpoint devices. D. To reduce the bandwidth usage on the organization's network. None 11. ISSAP: Infrastructure Security Architecture Which of the following best describes the purpose of using a network access control 'NAC' system in an enterprise network? A. To increase the network's bandwidth and throughput. B. To manage the allocation of IP addresses within the network. C. To monitor the performance of network devices. D. To enforce security policies by controlling access to the network based on device compliance and user authentication. None 12. ISSAP: Infrastructure Security Architecture In the context of infrastructure security, which of the following is the primary goal of a Secure Socket Layer (SSL) VPN? A. To facilitate secure remote administrative access to network devices. B. To provide a secure connection between web browsers and web servers. C. To encrypt end-to-end communication for users accessing network resources from outside the corporate firewall. D. To ensure secure wireless communication within the corporate premises. None 13. ISSAP: Infrastructure Security Architecture What is the main security benefit of using Multi-factor Authentication 'MFA' in an identity and access management system? A. It eliminates the need for passwords, thus reducing the risk of password theft. B. It simplifies the user login process, making it faster and more efficient. C. It adds layers of security by requiring two or more verification methods, significantly reducing the risk of unauthorized access. D. It allows users to choose their preferred method of authentication, increasing flexibility. None 14. ISSAP: Infrastructure Security Architecture Which of the following best describes the purpose of a Network-based Application Recognition (NBAR) protocol in managing infrastructure security? A. To dynamically allocate bandwidth to different applications based on usage. B. To identify and classify applications using network infrastructure, enabling policy enforcement for security and QoS. C. To encrypt application data traffic to ensure confidentiality. D. To monitor network health and performance metrics in real-time. None 15. ISSAP: Infrastructure Security Architecture In a secure network architecture, what is the primary function of an IPsec tunnel mode? A. To authenticate and encrypt individual IP packets without creating a secure tunnel. B. To provide end-to-end encryption and authentication of all traffic between two network gateways. C. To secure only the payload of an IP packet, leaving the header unencrypted. D. To prioritize certain types of traffic to ensure quality of service. None 16. ISSAP: Infrastructure Security Architecture What is the main security feature of using a Host-based Intrusion Detection System (HIDS) in an organization's infrastructure? A. To control access to network resources based on the user's role. B. To monitor and analyze internal system activities to detect and respond to malicious activities on a host. C. To filter and block malicious web traffic before it reaches the user's browser. D. To manage encryption keys for data at rest and in transit. None 17. ISSAP: Infrastructure Security Architecture In the deployment of a Public Key Infrastructure (PKI), what is the primary role of a Certificate Authority 'CA'? A. To distribute public keys to users within the network. B. To provide a secure channel for communication between clients and servers. C. To issue, revoke, and manage digital certificates that verify the ownership of a public key. D. To encrypt data using asymmetric cryptography algorithms. None 18. ISSAP: Infrastructure Security Architecture Which of the following is a primary security advantage of implementing Software-Defined Networking (SDN) in an enterprise infrastructure? A. It reduces the overall cost of network hardware and software. B. It provides a centralized control plane to manage network traffic and enforce security policies dynamically. C. It eliminates the need for manual configuration of network devices. D. It increases the bandwidth available for application traffic. None 19. ISSAP: Infrastructure Security Architecture What is the significance of implementing an incident response plan (IRP) specifically tailored for infrastructure security breaches? A. To ensure legal compliance with international data protection regulations. B. To provide a structured approach for detecting, responding to, and recovering from security incidents to minimize impact on the infrastructure. C. To automate the backup process for critical data. D. To facilitate the seamless integration of new technologies into the existing infrastructure. None 20. ISSAP: Infrastructure Security Architecture In the context of securing cloud-based infrastructure, what is the primary function of Cloud Access Security Brokers (CASBs)? A. To increase cloud storage capacity for enterprise data. B. To manage the bandwidth consumption of cloud applications. C. To serve as intermediaries that enforce security policies between cloud users and cloud service providers. D. To provide virtual networking capabilities for cloud environments. None 1 out of 20 Time is Up! Time's up
