Chapter 62 · Quiz

Secure Infrastructures Quiz

10 questions covering security zones, device placement, attack surface, and secure connectivity.

Question 1 of 6
What is the primary security advantage of zone-based policies over IP-address-based firewall rules?
Question 2 of 6
A company hosts a public e-commerce website. The web server must accept traffic from the internet and query a backend database with customer order data. Which zone placement BEST limits the blast radius of a web server compromise?
Question 3 of 6
A security team deploys a server inside the internal network that mimics a production file share. The server contains no real data and serves no legitimate function. The team receives an immediate alert whenever any device connects to it. Which security technology is this?
Question 4 of 6
An attacker compromises an administrator's workstation. The attacker attempts SSH directly to production servers — all connections are blocked. The attacker then tries to SSH to a hardened intermediary host and is challenged for a one-time token they do not possess. Which control stopped the lateral movement?
Question 5 of 6
Which component of the attack surface CANNOT be fully eliminated and must instead be managed by limiting its blast radius through zone segmentation, least-privilege access, and peer review?
Question 6 of 6
A company needs to protect all traffic between its headquarters and a branch office that connects via a third-party WAN provider. The protection must be transparent to applications and must encrypt all traffic on the link, including protocols that do not natively support encryption. Which technology is MOST appropriate?

Matching

Match each description to the secure infrastructure concept it best represents.

1. A network zone containing public-facing web servers and mail relay that accept internet connections but are restricted from accessing internal systems directly
2. A hardened host that is the sole authorized path for all administrative SSH and RDP sessions; enforces MFA and logs every command
3. A server with no real data or legitimate function that generates a high-confidence alert when any device connects to it — zero false positives by design
4. A Layer 3 encryption protocol that creates an encrypted tunnel between two network sites, protecting all traffic regardless of application-layer encryption
A. Jump Server
B. Honeypot
C. Screened Zone (DMZ)
D. IPsec