Question 1

Assume that an organization implements WPA2 for securing its Wi-Fi network, which includes
multiple routers configured with encryption protocols. Despite these measures, the network
experiences intermittent security breaches, especially during peak hours when many devices are
connected. Upon investigation, it is found that some connected devices are vulnerable to DNS-
cache poisoning, leading to compromised connections.

Which specific approach, if implemented alongside WPA2, can most effectively mitigate these
breaches without altering the current encryption settings, while ensuring secure connections
across all devices? Analyze the given choices and select the correct answer.

Options:

o Regularly updating the router's firmware to patch known vulnerabilities and

implementing MAC address filtering to restrict device access.
o Deploying a WIPS to continuously monitor the network for unauthorized access points
and automatically disconnect compromised devices.
o Integrating a VPN across the network to encrypt all traffic between connected devices
and external servers, preventing man-in-the-middle attacks.
o Configuring firewalls on each router to filter out traffic from suspicious IP addresses and
preventing DNS queries from being redirected.

Question 2

Assume that a company’s security audit revealed that several cryptographic keys had not been
rotated for over two years, highlighting potential vulnerabilities. The security team decides to
update their key management policy to ensure regular key rotation, secure distribution, and
compliance with best practices.

Which of the following actions should the security team prioritize to align the key rotation
process with secure key management principles, focusing on minimizing the risk of exposure or
compromise during the transition? Analyze the given choices and select the correct answer.

Options:

o Conduct a simultaneous update of all cryptographic keys and distribute them to users
through an automated script to minimize downtime.
o Generate and distribute new keys securely to authorized users before revoking old keys,
while monitoring the rotation process for unusual activities.
o Retire the old keys immediately after generating the new keys, without waiting for the
distribution of the new keys to authorized users, to reduce the risk of key compromise.
o Store the old keys and new keys together in the same key store temporarily during the
rotation process to maintain accessibility and reduce operational complexity.

Here is the text extracted from the image:

Networking Security and Cloud

Question 3

Assume that in a secure messaging application, two parties, Alice and Bob, want to communicate
using symmetric encryption. Alice sends an encrypted message to Bob using a secret key. After
receiving the encrypted message, Bob realizes that the decryption process has failed because the
output is not intelligible.

Given that both parties use the same encryption algorithm, which of the following could be the
most likely cause of this failure? Analyze the given choices and select the correct answer.

Options:

The secret key used by Bob was altered during transmission.

The encryption algorithm used by Alice was different from what Bob expected.

The encrypted message was modified or corrupted during transmission.

The secret key used by Alice was longer than the key length supported by the algorithm.

Question 4

Assume that a scenario in a cloud environment where an organization has implemented security
measures including encrypted data transfer, network segmentation, and intrusion detection
systems. Despite these controls, an unauthorized data access incident occurred. The incident
report indicates that the unauthorized access was performed by an unauthorized party through a
publicly exposed cloud service. Given that the cloud provider's access management tools were in
place, the security breach was unexpected.

Which of the following is the most likely reason for the security breach, and why did the existing
controls fail to prevent it? Analyze the given choices and select the correct answer.

Options:

o The network segmentation rules were not updated to reflect changes in the cloud service's
IP addresses, leading to unintended exposure of data to external networks.
o The intrusion detection system was configured to monitor internal traffic only, missing
the external access attempts that led to the breach.
o The encrypted data transfer was configured incorrectly, allowing the data to be
transmitted in plaintext during certain automated backup processes.
o The access management tools were not synchronized with the cloud service's API,
causing outdated permissions to remain active, which allowed unauthorized access.
Question 5:

Assume that in a cloud infrastructure using both serverless computing and private cloud
services, a serverless function experiences latency when interacting with a private cloud
service.

Assertion: The latency is due to the serverless function's rapid scaling, which the private
cloud cannot match.

Reason: Private cloud services may scale more slowly, causing delays in response times.

Options:

o Both Assertion and Reason are true, and Reason is the correct explanation for Assertion.
o Both Assertion and Reason are true, but Reason is not the correct explanation for
Assertion.
o Assertion is true, but Reason is false.
o Assertion is false, but Reason is true.

Question 6:

Assume that a proposal involves using an automated process that dynamically migrates
applications between the private and public cloud to improve resource availability.
However, after implementing this strategy, the organization has experienced latencies
during peak hours, particularly when the private cloud resources are heavily utilized.

Given this scenario, which of the following best explains the reason for these latencies?
Analyze the given choices and select the correct answer.

Options:

o The automated process prioritizes migration to public cloud resources, which introduces
network delays due to increased data transfer over the Internet.
o The process fails to account for the security protocols needed during migration, leading to
additional overhead during application transitions.
o The migration strategy lacks proper synchronization between cloud environments,
causing resource contention during high-demand periods.
o The automated process does not consider existing workload distribution, leading to
resource underutilization in the public cloud and overutilization in the private cloud.
 Question 7:

Assume that a system must efficiently manage resource allocation, such as CPU,
memory, and storage, while minimizing performance overhead. The developer decides to
use a hypervisor-based solution to virtualize the environment and expects 95% to run as
if it were on its dedicated machine. During testing, the system shows a significant drop in
performance when more virtual machines are added, particularly when running I/O-
intensive tasks.

What approach should be taken to address the performance degradation, ensuring that
each operating system maintains optimal performance? Analyze the given choices and
select the correct answer.

Options:

o Implementing a type of software that creates an abstraction layer, directly allocating

hardware resources without involving any additional software layers.
o Reducing the number of virtual machines to ensure sufficient resource allocation, thereby
avoiding the need for complex resource scheduling mechanisms.
o Utilizing a technique to create virtual disks that allows shared access to physical disks
without needing to allocate an entire physical disk to each instance.
o Adjusting the CPU scheduling algorithm within the virtual environment to prioritize I/O-
bound tasks, allowing better resource utilization across multiple systems.

Question 8:

Assume that a company is transitioning to a cloud-based environment, setting up multiple

VMs on a server sharing physical resources. Each VM requires different resource
allocations. The goal is to ensure all VMs run independently and handle resource spikes
without affecting each other's performance using a hypervisor for management.

Which configuration option best ensures independent operation and performance stability
for all VMs? Analyze the given choices and select the correct answer.

Options:

o Configuring resource reservations to guarantee a minimum amount of CPU and RAM.

o Setting up a dynamic resource pool that adjusts allocations based on real-time demand.
o Enabling resource over commitment to share resources dynamically across all VMs.
o Allocating fixed resources based on average usage to prevent any single VM from
consuming too much.

I'll provide the text content from all four questions:

 Question 9:

Assume that an encryption system applies a method three times in sequence using a
specific combination of keys to enhance security. Despite the use of a longer key, the
system still faces vulnerabilities that increase cryptographic attacks and maintain
efficiency, which key combination approach would be most effective?

encrypted_data = AES_Encrypt(AES_Encrypt(data, key1), key2), key3)

Options:

o Use three distinct keys for each encryption step.

o Use the same key for the first and third steps, with a different key in the middle.
o Apply two identical keys in the first and last steps, with a unique key in the middle.
o Use a single key for all three encryption steps.

Question 10:

Assume that a block cipher mode of operation is required to ensure both data integrity
and security over an unreliable network. The system transmits sensitive data in such a
way that any modification of a single bit of the transmitted ciphertext does not propagate
to the entire block, yet the encryption mode must also resist replay and manipulation
attacks and ensure that identical plaintext blocks do not yield the same ciphertext.

Given these requirements, which approach to implementing the encryption mode would
best satisfy these conditions? Analyze the given choices and select the correct answer.

Options:

o Using a feedback mechanism where the output of the block cipher is fed back into the
encryption process, ensuring that the encryption of each block depends on the previous
blocks.
o Applying a mode that uses a counter value for each block of plaintext and XORs it with
the encrypted counter value to achieve encryption, ensuring no dependencies between
blocks.
o Encrypting each block of plaintext independently without any relation to the previous
blocks, allowing for parallel encryption and ensuring speed and simplicity in the
encryption process.
o Utilizing a mode where the plaintext is combined with the previous ciphertext before
encryption, ensuring that each block encryption is dependent on all preceding blocks.
 Question 11:

Assume that during the deployment of a WPA3-Enterprise secured wireless network in a

corporate environment, an IT administrator encounters a situation where several
authorized devices fail to connect after a server certificate renewal. Despite the correct
configuration of the server certificates, only devices that were manually re-enrolled are
successfully connecting.

Considering the advanced security protocols and the necessity of individual encryption
per device, identify the most likely cause of this issue.

Options:

o The server certificate's new public key was not properly propagated across all access
points, causing a mismatch in authentication.
o The old certificates were not removed from the devices, leading to a conflict between
cached and new credentials during the re-authentication process.
o The network's SSID was changed after the certificate renewal, resulting in devices
attempting to connect to a previously cached SSID with old encryption keys.
o The authentication server did not update its CRL (Certificate Revocation List),
preventing the devices from verifying the validity of the new certificate.

Question 12:

Assume that in a financial transaction system using AES for encryption, session keys are
generated and shared securely between Client A and Client B for each transaction. After
a breach where encrypted data was deciphered by an unauthorized entity, it was
discovered that session keys were being leaked.

Given this scenario, what is the most likely reason for the security breach? Analyze the
given choices and select the correct answer.

Options:

o The secret key was not properly destroyed after each session, allowing the unauthorized
entity to reuse it.
o The AES algorithm was not implemented correctly, resulting in predictable key
generation.
o The ciphertext was transmitted over an unsecured channel, which allowed the
interception and decryption of data.
o The same secret key was accidentally reused across multiple sessions, compromising the
encryption's security.
 Question 13:

Assume that an organization employs a third-party API for encrypted data transmission,
but they rely on the cloud provider's default encryption for data at rest. The financial data
is subjected to daily backups using automated scripts, which also store logs of these
operations. A recent audit revealed that despite the multi-region setup, certain regions
exhibit inconsistencies in data integrity after transmission, and some logs show signs of
tampering, raising concerns about the overall security posture.

Given this scenario, identify the most probable cause of these issues and select the
appropriate remedial action to prevent future occurrence.

Options:

o The automated scripts might not be verifying the integrity of the transmitted data,
necessitating additional integrity checks post-replication.
o The organization might be facing issues due to the cloud provider's default encryption at
rest, requiring a custom encryption mechanism to ensure data security.
o The third-party API might be insufficient for secure transmission, and an in-house
solution might be necessary to safeguard sensitive financial data.
o The multi-region setup could be leading to synchronization delays, so a different backup
strategy should be adopted to ensure consistent data integrity.

Question 14:

Assume that an application needs to balance control over infrastructure with efficient
resource scaling to handle peak loads. Which strategy should be implemented to address
these issues?

class ResourceAllocator:
def allocate_resources(self, process):
if process.requires_high_control():
# Allocate resources based on a model that provides high control
else:
# Allocate using the current strategy

Options:

o Dynamically scale resources with a focus on controlling physical infrastructure.

o Adopt a cloud service model that abstracts infrastructure while ensuring scalability.
o Pre-allocate resources for peak times to ensure availability.
o Predict transaction volumes and adjust resource allocation accordingly.
 Question 15:

Assume that a company is migrating its legacy data sources to a new cloud-based
platform while maintaining operations without downtime. During the migration, they
need to ensure that data from both the old and new systems can be accessed
simultaneously for real-time reporting and analytics, with data being logically integrated
without physical movement.

Considering the requirements, which architectural layer would best handle the logical
integration and seamless access to data from both environments, ensuring minimal
disruption and secure data access? Analyze the given choices and select the correct
answer.

Options:

o Connection layer using direct database access protocols.

o Consumption layer utilizing middleware with abstracted APIs.
o Abstraction layer that logically unifies disparate data sources.
o Data caching layer storing temporary data replicas.

Question 16:

Assume that a systems process sensitive information, and it is crucial to avoid any
potential vulnerabilities. The expert considers the risk of brute-force attacks and other
cryptanalysis techniques. Given that advancements have significantly reduced the time
required to break this older encryption, the expert decides to implement additional
measures to counter potential.

Which of the following approaches is most effective in enhancing the security of these
systems without replacing the entire encryption infrastructure? Analyze the given choices
and select the correct answer.

Options:

o Integrating a multi-layered encryption process using a combination of different cipher

modes.
o Implementing an additional hashing algorithm to verify data integrity before encryption.
o Utilizing key rotation with frequent key changes and longer key lengths.
o Adding a secondary encryption layer with a different symmetric algorithm to increase
complexity.
 Question 17:

Assume that a company's security audit revealed that several cryptographic keys had not
been rotated for over two years, highlighting potential vulnerabilities. The security team
decides to ensure regular key rotation, secure distribution, and compliance with best
practices.

Which of the following approaches should the security team prioritize to align the key
rotation process with secure key management principles, focusing on minimizing the risk
of exposure or excessive downtime? Analyze the given choices and select the correct
answer.

Options:

o Conduct a simultaneous update of all cryptographic keys and distribute them to users
through an automated script to minimize downtime.
o Generate and distribute new keys securely to authorized users before revoking old keys,
while monitoring the rotation process for unusual activities. (Selected answer)
o Retire the old keys immediately after generating the new keys, without waiting for the
distribution of the new keys to authorized users, to reduce the risk of key compromise.
o Store the old keys and new keys together in the same key store temporarily during the
rotation process to maintain accessibility and reduce operational complexity.

Question 18 :

Assume that a company is transitioning its existing Service-Oriented Architecture (SOA)-

based infrastructure to integrate with new SaaS offerings. The goal is to maintain the
principles of SOA while leveraging the flexibility of SaaS to reduce maintenance
overhead. The team must ensure that the integration layer is designed to support seamless
communication between SOA components and the SaaS applications without
compromising system decoupling and scalability.

Given these requirements, which approach should be prioritized in the integration layer
design? Analyze the given choices and select the correct answer.

Options:

o Utilize RESTful APIs for direct and efficient communication between SOA and SaaS,
minimizing latency.
o Implement a web services-based approach to maintain loose coupling between SOA
components and SaaS, ensuring easier updates and scalability. (Selected answer)
o Establish a direct database connection between the SOA infrastructure and SaaS for real-
time data exchange.
o Use a middleware solution to translate API calls into SOAP requests for backward
compatibility with SOA.
 Question 19

Assume that in a secure communication system that utilizes a Columnar Transposition

Cipher for encrypting and decrypting messages, it is crucial to ensure that the integrity of
the encrypted message is maintained even if some parts of the message are lost or
corrupted during transmission. The system must be capable of detecting and correcting
errors within the transposition process. The encryption process involves filling a matrix
based on the key and reading the encrypted message column by column in a specific
order.

Given this setup, which method should be implemented to ensure the system correctly
identifies and recovers from errors without modifying the original encrypted message?

Options:

o Implement a checksum method for each column and compare it before and after
transmission.
o Use a parity bit for each row and check for inconsistencies during decryption.
o Introduce a redundant row to store the sum of ASCII values for error detection and
correction. (Selected answer)
o Perform an additional transposition step after encryption to ensure structural integrity.

Question 20:
Assume that in a wireless network environment where multiple devices are connected to an
Access Point (AP) following the 802.11 standards, a device is unable to establish a secure
connection despite having the correct credentials. The network administrator suspects that a
rogue AP is acting as an illegitimate AP, attempting to intercept authentication packets.
Given this scenario, which method would most effectively prevent the client from connecting to
the rogue AP and ensure the authentication process is secure? Analyze the given choices and
select the correct answer.
Options:
o Implementing a dedicated authentication server using 802.1x, which will verify
credentials at the network level and reject connections to unauthorized APs.
o Increasing the encryption key length in WEP to strengthen the security of the data being
transmitted between the client and AP.
o Deploying a MAC address filtering technique at the AP to allow only specific devices to
connect, thereby preventing rogue devices from impersonating legitimate APs.
o Configuring a dynamic WEP key rotation system that frequently changes the encryption
key, making it difficult for the rogue AP to keep up with the authentication process.
Question 21:
Assume that a system processes requests for sensitive financial data, ensuring compliance with
stringent regulatory standards. During an audit, it was found that an insider with non-
administrative access was able to gain unauthorized access to a high-security environment by
escalating privileges. The activity monitoring controls were not adequately logged. This resulted
in a temporary data breach that went undetected.
Which strategy should be implemented to prevent such unauthorized access in the future, and
why is it critical in cloud security environments? Analyze the given choices and select the
correct answer.
Options:
o Implement continuous monitoring of API calls with real-time alerts to detect and respond
to unusual activity patterns, ensuring all interactions are logged and monitored for
potential privilege escalation.
o Develop a more robust authentication mechanism that incorporates multi-factor
authentication for every access attempt, particularly for non-administrative users
interacting with high-security environments.
o Utilize a centralized access control policy that dynamically adjusts user permissions
based on the risk level of the requested resource, preventing privilege escalation through
real-time analysis.
o Enforce strict compartmentalization of resources, isolating sensitive data environments
from general access to ensure that even if privilege escalation occurs, it does not result in
access to critical systems.

Question 22:
Assume that in a system securing sensitive communications with symmetric encryption and
asymmetric key protection, what issue might arise if improper key management is used, given
the need for low latency and handling high transaction volumes? Analyze the given choices and
select the correct answer.
Options:
o The encryption process may lead to increased latency due to the added complexity of
asymmetric key exchange, causing delays in real-time data communication.
o The system could suffer from key exhaustion where the symmetric key is reused too
often, increasing the risk of potential cryptographic attacks.
o Incorrectly securing the symmetric key with a less efficient asymmetric algorithm might
overload the system's computing resources, resulting in slower transaction processing.
o Failure to properly manage the key rotation policy could lead to unauthorized access if
outdated keys are not securely discarded, compromising the entire encryption framework.
Question 23:
Assume that in a cloud-based financial system, a strategy is implemented to allocate resources by
sequentially assigning them in increasing order of their IDs to avoid resource contention during
peak loads. However, despite the strategy, slowdowns are still observed.
Which reasoning best justifies this strategy, and why might it still fail during high demand?
Analyze the given choices and select the correct answer.
Options:
o It prevents deadlocks, but may cause underutilization if resources are allocated out of
order.
o It minimizes contention, but may fail under unpredictable demand spikes where ID order
is irrelevant.
o It simplifies allocation, but might cause delays if demand patterns are unpredictable.
o It ensures high-priority tasks are not starved, but could lead to delays during contention.
Here's the exact text from each image:

Question 24:
Assume that a messaging system uses symmetric encryption to secure communication between
two parties. The encryption and decryption processes are as follows:
1. Each party encrypts messages before sending them using a shared secret key.
2. Messages are decrypted by the receiving party using the same shared secret key.

If an attacker can send a specially crafted message to one party and analyze the resulting
encrypted message, which of the following techniques is most likely to compromise the
secret key?
Options:
o Analyzing patterns in intercepted encrypted messages.
o Comparing the crafted message's encrypted output with previous encrypted
messages.
o Performing a brute-force attack on intercepted messages.
o Matching message lengths to guess the content.
Question 25:
Assume that an organization has implemented a cloud-based infrastructure where
multiple virtual networks co-exist over a single physical network. Each virtual network is
isolated and operates independently, while a virtual machine on one network requires
secure and high-speed communication with a virtual machine on another network within
the same physical infrastructure. The organization is considering different methods to
achieve this communication.

Given the constraints of virtualization and the need for maintaining security, which
method would be most appropriate to establish this inter-network communication?
Analyze the given choices and select the correct answer.

Options:
o Using a dedicated physical link between the networks to bypass the virtual layer
entirely.
o Configuring a software-defined networking (SDN) controller to dynamically
manage and optimize the routing between the virtual networks.
o Deploying a separate virtual machine as a gateway to handle communication
between the networks.
o Utilizing the physical network's VLAN capability to segment traffic between
virtual networks securely.

Question 25:
Assume that in a distributed cloud system using IaaS, virtual machines (VMs)
dynamically scale based on demand. During peak usage, some VMs fail to scale up,
causing delays. Investigation reveals that services on these VMs request resources in
sequence, leading to a resource deadlock when all VMs reach maximum capacity
simultaneously.

Which approach would best resolve this issue, and why? Analyze the given choices and
select the correct answer.

Options:
o Require services to declare maximum resource needs upfront to avoid deadlocks.
o Use a load balancer to evenly distribute incoming requests across VMs.
o Modify services to request resources in random order, preventing resource
interdependence between VMs.
o Preemptively release resources from lower-priority services to avoid contention.
Question 26:
Assume that a security engineer is setting up a secure IPSec connection using ESP with
authentication. The system must ensure data confidentiality, integrity, and proper packet
sequencing with minimal performance overhead.
Which configuration best meets these requirements? Analyze the given choices and select the
correct answer.
Options:
o Use AES encryption with SPI tracking, sequence numbering, and optional
authentication in ESP.
o Implement Triple DES with AH only, handling packet sequencing manually.
o Apply DES encryption with AH and ESP, using SPI for tracking and padding for
confidentiality.
o Use AES with ESP authentication, sequence numbering, and padding to ensure
data integrity.
Here's the exact text from each image:

Question 27:
Assume that in a secure communication system, a 64-bit data block is encrypted using the DES
algorithm. The initial 64-bit key is reduced to 56 bits by discarding certain bits, and during each
encryption round, the key is further processed. The key undergoes a shift operation followed by a
compression permutation before being XORed with the expanded right half of the data block.
Which operation ensures that each round uses a different sub-key, adding complexity to the
encryption process? Analyze the given choices and select the correct answer.
Options:
o The left shift of the key halves, varying with each round.
o The initial permutation of the key bits before sub-key generation.
o The expansion of the right half of the data block, varying per round.
o The compression permutation selecting different bits each round.
Question 28:
Assume that an embedded system encrypts data using a substitution cipher with a key-driven
method to minimize resource usage. After deployment, it is discovered that some messages in the
encrypted text are not correctly decrypted, leading to data loss.
What is the most likely cause of this issue? Analyze the given choices and select the correct
answer.
Options:
o The decryption may incorrectly handle negative indices during character remapping.
o The decryption process incorrectly uses the encryption key, leading to incorrect
character mapping.
o The encryption map creates duplicate character mappings due to key collision, causing
data loss.
o The length of the characters string causes an incorrect modulo operation during
remapping, leading to data corruption.

Question 29:
Assume that in a hybrid cloud environment, a company experienced unauthorized data access
despite strong encryption and access controls. The breach occurred due to data being shared
between the public and private clouds, violating security protocols.
Which of the following most likely caused the unauthorized access, and how should it be
addressed? Analyze the given choices and select the correct answer.
Options:
o Insufficient data segregation between clouds; improve integration protocols.
o Weaker encryption in the private cloud; enhance its encryption standards.
o Disynchronized access control policies; unify and review policies.
o Inadequate SLA with the public cloud; negotiate better compliance terms.
Question 30
After a network audit, an organization discovers a rogue access point connected to its network,
potentially compromising security. What is the most effective method to prevent such
unauthorized devices from connecting?
Select an option
o MAC Address Filtering

o Disable SSID Broadcasting

o 802.1X Authentication

o Static IP Addressing

Question 31
Assume that to ensure that only authorized users can decrypt sensitive financial data, the server
encrypts the data using the users' public keys before transmission. However, a security analyst
observes that the system’s speed is significantly reduced when handling large amounts of data,
and there are concerns about the potential risk of a compromised certification authority.
Considering these factors, evaluate the assertion and reasoning below:
Assertion: The institution's choice to use asymmetric encryption for data transmission ensures
that only the intended recipient can decrypt the data.
Reasoning: The system's performance issues can be addressed by combining the public key
encryption method with a faster private key system while still maintaining security.
Analyse the given choices and select the correct answer.
Select an option
 Both the Assertion and Reasoning are true, and the Reasoning correctly explains the
Assertion.

 Both the Assertion and Reasoning are true, but the Reasoning does not correctly explain
the Assertion.

 The Assertion is true, but the Reasoning is false.

 The Assertion is false, but the Reasoning is true.

Question 32
Assume that in a system securing sensitive communications with symmetric encryption and
asymmetric key protection, what issue might arise if improper key management is used, given
the need for low latency and handling high transaction volumes? Analyze the given choices and
select the correct answer.
Select an option
 The encryption process may lead to increased latency due to the added complexity of
asymmetric key exchanges, causing delays in real-time data communication.

 The system could suffer from key exhaustion, where the symmetric key is reused too
often, increasing the risk of potential cryptographic attacks.

 Incorrectly securing the symmetric key with a less efficient asymmetric algorithm might
overload the system's computational resources, resulting in slower transaction processing.

 Failure to properly manage the key rotation policy could lead to unauthorized access if
outdated keys are not securely discarded, compromising the entire encryption framework.

Question 33
Assume that a financial application is deployed using microservices across multiple regions with
automated CI/CD pipelines. The security team needs to ensure that no unauthorized changes can
be made to the deployment environment. They have implemented policy-based access controls,
ensuring that developers can only modify specific resources. However, a recent audit revealed
that a microservice was unintentionally granted permissions to modify a critical database, which
was not aligned with the least privilege principle.
What could be the underlying issue in the policy implementation, and how can it be corrected to
align with the strict security requirements? Analyze the given choices and select the correct
answer.
Select an option
 The policy was configured at the microservice level without verifying all potential
dependencies, allowing broader access than intended. Introduce granular IAM policies
that restrict access based on exact resource requirements.

 The CI/CD pipeline was not configured to enforce security checks at each deployment
stage, leading to excessive permissions. Enforce security gates within the CI/CD pipeline
to validate and restrict permissions at each stage.

 The developers were granted roles with permissions that exceeded their actual needs due
to an incorrectly applied template. Review and apply role-based access controls (RBAC)
to limit permissions only to what is necessary.
  The policy framework does not support dynamic environments, leading to static
permission allocations that do not adapt to changes. Integrate a policy management
architecture that dynamically adjust permissions based on real-time workload behavior.

Question 34
Assume that in a hybrid cloud environment handling fluctuating workloads, a system prioritizes
on-premise resources but experiences inefficiencies during peak periods, leading to
underutilization and delays.
What is the most likely cause of this issue and how should it be addressed? Analyze the given
choices and select the correct answer.
Options:
 Option 1: Priority-based allocation is too rigid, not adapting to the dynamic hybrid
environment.

 Option 2: Integration between on-premise and external environments lacks

synchronization, causing delays.

 Option 3: The architecture fails to scale resources to external providers during high
demand, causing bottlenecks.

 Option 4: The system lacks dynamic scaling algorithms, leading to inefficient resource
usage and increased latency.

Question 35
Assume that a company is transitioning its existing Service-Oriented Architecture (SOA)-based
infrastructure to integrate with new SaaS offerings. The goal is to maintain the principles of SOA
while leveraging the flexibility of SaaS to reduce maintenance overhead. The team must ensure
that the integration layer is designed to support seamless communication between SOA
components and the SaaS applications without compromising system decoupling and scalability.
Given these requirements, which approach should be prioritized in the integration layer design?
Analyze the given choices and select the correct answer.
Options:
1. Utilize RESTful APIs for direct and efficient communication between SOA and SaaS,
minimizing latency.
2. Implement a web services-based approach to maintain loose coupling between SOA
components and SaaS, ensuring easier updates and scalability.

3. Establish a direct database connection between the SOA infrastructure and SaaS for real-
time data exchange.
 4. Use a middleware solution to translate API calls into SOAP requests for backward
compatibility with SOA.

Question 36
Assume that an application relies on a series of hardware peripherals and requires strict isolation
from other running containers to maintain data integrity and operational security. To ensure this,
the development team implements a kernel-level configuration where each container is allocated
specific hardware resources, limiting the visibility of non-allocated devices to prevent
unauthorized access.
What is the most critical factor in maintaining operational security and preventing resource
contention among containers? Analyse the given choices and select the correct answer.
Options:
1. Ensuring that the host operating system's scheduler prioritizes the allocation of CPU
cycles to all containers equally.

2. Configuring the kernel to enforce strict resource isolation and limit the peripheral access
to only the allocated devices for each container.

3. Using virtualization software to dynamically allocate additional memory resources to

containers as required by the application.

4. Allowing containers to share network interfaces to optimize data transmission rates while
maintaining individual access control lists.

Question 37
Assume that a messaging system uses symmetric encryption to secure communication between
two parties. The encryption and decryption processes are as follows:
1. Each party encrypts messages before sending them using a shared secret key.
2. Messages are decrypted by the receiving party using the same shared secret key.
If an attacker can send a specially crafted message to one party and analyze the resulting
encrypted message, which of the following techniques is most likely to compromise the secret
key?
Options:
1. Analyzing patterns in intercepted encrypted messages.
2. Comparing the crafted message's encrypted output with previous encrypted messages.
3. Performing a brute-force attack on intercepted messages.
4. Matching message lengths to guess the content.
Question 38
Assume that a company uses a single key for both encryption and decryption in their
communication system. They are concerned about the security risks associated with key
distribution and are considering using two different keys instead.
Which assertion and reasoning pair correctly addresses this concern? Analyze the given choices
and select the correct answer.
Options:
1. Assertion: The system's key distribution is vulnerable. Reasoning: Switching to
asymmetric cryptography, with a public and a private key, could mitigate this risk.

2. Assertion: The system's performance is low due to symmetric encryption. Reasoning:

Using asymmetric cryptography will improve speed and efficiency.

3. Assertion: Symmetric key cryptography is secure because it uses the same key.
Reasoning: This method is more efficient due to reduced complexity.

Question 39
Assume that a network administrator decides to replace the default network functionality of their
hypervisor with third party software to enhance control plane independence and scalability.
During the configuration, the administrator must ensure that the communication between virtual
networks does not involve routing frames and restricts management traffic while enforcing
specific rules for inter-tenant communication.
What configuration strategy should be adopted to achieve these requirements? Analyse the given
choices and select the correct answer.
Options:
1. Implement a virtual switch with encapsulation protocols that support layer-3 networks
and segregate traffic using third-party virtual networking tools.

2. Configure VLANs on physical switches to handle the segregation of tenant environments

and apply policies directly on physical routers to manage inter-tenant communication.

3. Utilize an overlay network protocol on the hypervisor to encapsulate virtual network

traffic, ensuring isolation while managing routing through service access points.