question: 1
Which of the following architectural frameworks is most focused on aligning IT with business strategy?
A. SABSA
B. TOGAF
C. Zachman
D. NIST Cybersecurity Framework

correct answer: B
✨ Explanation:
🧠 TOGAF (The Open Group Architecture Framework) is primarily concerned with aligning IT infrastructure and systems with overall business strategy through its Architecture Development Method (ADM).

question: 2
In an identity and access management architecture, which of the following ensures federated identity across multiple domains?
A. LDAP
B. SAML
C. OAuth
D. RADIUS

correct answer: B
✨ Explanation:
🔐 SAML (Security Assertion Markup Language) enables federated authentication by allowing identity providers and service providers to exchange authentication and authorization data securely.

question: 3
Which security design principle ensures that access is granted only when explicitly allowed?
A. Separation of Duties
B. Fail-Safe Defaults
C. Defense in Depth
D. Least Privilege

correct answer: B
✨ Explanation:
🛑 Fail-Safe Defaults means systems should deny access by default and only allow it when permission is explicitly granted, reducing the attack surface.

question: 4
Which of the following models is best for aligning security controls with business drivers in an enterprise environment?
A. ISO/IEC 27001
B. SABSA
C. COBIT
D. COSO

correct answer: B
✨ Explanation:
📊 SABSA (Sherwood Applied Business Security Architecture) is specifically designed to ensure that security controls are directly linked to business requirements, risk management, and assurance needs.

question: 5
What is the main focus of the Zachman Framework in the context of security architecture?
A. Operational incident response
B. Role-based access control implementation
C. Classification of system artifacts and stakeholders
D. Lifecycle risk management

correct answer: C
✨ Explanation:
🧩 The Zachman Framework helps in organizing and classifying enterprise architecture artifacts (e.g., data, people, functions) from different stakeholders’ perspectives.

question: 6
Which principle of security architecture is most associated with using layers of defense to protect information assets?
A. Layered Control
B. Least Privilege
C. Separation of Duties
D. Security Zoning

correct answer: A
✨ Explanation:
🛡️ Layered Control (Defense in Depth) involves using multiple security layers (physical, technical, administrative) so if one layer is compromised, others still provide protection.

question: 7
What does the “Conceptual Architecture” layer in security design primarily define?
A. Protocols and platforms
B. Specific devices and IP addresses
C. High-level structure and security goals
D. Physical connections

correct answer: C
✨ Explanation:
📐 The conceptual architecture provides a broad, high-level overview of the system’s functions, security objectives, and how major components interact.

question: 8
Which of the following is most critical when architecting a secure cloud infrastructure?
A. Direct database access from users
B. Ignoring multi-tenancy concerns
C. Shared responsibility model
D. Single authentication factor

correct answer: C
✨ Explanation:
☁️ In cloud architecture, understanding the shared responsibility model is essential—it defines which security aspects are handled by the cloud provider vs. the customer.

question: 9
Which of the following would best help to architect for scalability and modularity in a secure system?
A. Tight coupling of components
B. Monolithic design
C. Service-oriented architecture (SOA)
D. Static configuration

correct answer: C
✨ Explanation:
⚙️ SOA (Service-Oriented Architecture) supports modularity and scalability, allowing individual components to be updated, secured, or replaced without affecting the entire system.

question: 10
What is the purpose of security domains in enterprise architecture?
A. To isolate traffic for performance
B. To enforce network topologies
C. To segregate systems based on trust levels and access needs
D. To assign encryption protocols

correct answer: C
✨ Explanation:
🔒 Security domains help define boundaries based on trust, sensitivity, and access, allowing architects to apply appropriate controls and policies to each domain.

question: 11
Which of the following is a benefit of using modular security architecture?
A. Tightly coupled components
B. Easier security auditing and updates
C. Increased complexity in deployment
D. Reduces the need for defense-in-depth

correct answer: B
✨ Explanation:
🧱 Modular architecture allows individual components to be updated or replaced without affecting the entire system, making security audits and improvements more manageable.

question: 12
In the context of security architecture, which layer of the OSI model is most associated with packet filtering?
A. Data Link
B. Session
C. Network
D. Application

correct answer: C
✨ Explanation:
🌐 Packet filtering happens at the Network layer (Layer 3) where routers and firewalls examine IP addresses and protocols.

question: 13
Which access control model is based on roles within an organization?
A. DAC
B. MAC
C. RBAC
D. ABAC

correct answer: C
✨ Explanation:
👥 Role-Based Access Control (RBAC) assigns permissions based on a user’s job function or role, making access management scalable and aligned with organizational structure.

question: 14
Which of the following best describes a logical security architecture?
A. Defines high-level business objectives
B. Specifies the physical placement of security controls
C. Focuses on software, protocols, and data flows
D. Establishes user awareness programs

correct answer: C
✨ Explanation:
🧠 Logical architecture deals with data flows, network segmentation, encryption, and protocol use—not the physical layout of the system.

question: 15
Which concept in secure architecture ensures that users are given only the minimum access needed to perform their duties?
A. Segregation of Duties
B. Least Privilege
C. Defense in Depth
D. Role Aggregation

correct answer: B
✨ Explanation:
🔐 Least Privilege means users only get the access they absolutely need, reducing potential damage from compromise or misuse.

question: 16
What is the primary goal of a secure network design using a DMZ (Demilitarized Zone)?
A. Encrypt internal communications
B. Enable high-speed data transmission
C. Isolate public-facing services from internal networks
D. Allow unrestricted external access

correct answer: C
✨ Explanation:
🛡️ A DMZ isolates public-facing services (like web servers) from internal networks to limit exposure if those services are compromised.

question: 17
In the context of cloud architecture, which of the following is a shared security responsibility of both the provider and the customer?
A. Physical data center security
B. Network traffic encryption
C. Virtualization host security
D. HVAC and power infrastructure

correct answer: B
✨ Explanation:
☁️ In the shared responsibility model, encryption of traffic (e.g., TLS/SSL) is typically a shared duty between the cloud provider and the customer.

question: 18
Which of the following security principles best helps reduce the attack surface of a system?
A. Complexity
B. Obfuscation
C. Minimization
D. Replication

correct answer: C
✨ Explanation:
🧼 Minimization means reducing unnecessary services, features, and open ports, which directly decreases the attack surface.

question: 19
What does the application layer in a layered security architecture typically protect against?
A. Hardware failures
B. ARP spoofing
C. SQL injection and input validation flaws
D. MAC flooding

correct answer: C
✨ Explanation:
🛠️ The application layer is where user inputs are handled—this is where threats like SQL injection and XSS need to be mitigated.

question: 20
Which of the following frameworks provides security controls and assessment procedures for federal information systems?
A. COBIT
B. NIST SP 800-53
C. ITIL
D. PCI-DSS

correct answer: B
✨ Explanation:
📘 NIST SP 800-53 defines a comprehensive catalog of security and privacy controls for federal IT systems and organizations.

question: 21
Which of the following frameworks is best suited for performing risk-based security architecture decisions?
A. COBIT
B. SABSA
C. ISO/IEC 27005
D. NIST CSF

correct answer: B
✨ Explanation:
📐 SABSA is a risk-driven enterprise security architecture framework. It ensures that business requirements are tied to security controls, emphasizing risk management at every layer.

question: 22
Which of the following best describes a Security Architecture Blueprint?
A. Technical policy document for access control
B. Visual map of existing security tools
C. High-level view of security domains and their interconnections
D. List of security vendor products used

correct answer: C
✨ Explanation:
📊 A security architecture blueprint provides a high-level graphical representation of security domains, controls, and how they interconnect, enabling a strategic view of the environment.

question: 23
Which identity-related concept is central to the architecture of Single Sign-On (SSO) solutions?
A. Federation
B. Repudiation
C. Hashing
D. Zoning

correct answer: A
✨ Explanation:
🔁 Federation allows users to authenticate once and gain access to multiple systems across domains or organizations through trust relationships.

question: 24
Which concept ensures that no single person has complete control over a critical process?
A. Role-Based Access
B. Defense in Depth
C. Separation of Duties
D. Least Privilege

correct answer: C
✨ Explanation:
🔍 Separation of Duties (SoD) ensures that multiple individuals are required to complete critical tasks, reducing the risk of fraud or error.

question: 25
What is the purpose of a trust model in security architecture?
A. Describes data encryption standards
B. Establishes shared credentials between users
C. Defines relationships and rules for secure communications
D. Implements firewall rulesets

correct answer: C
✨ Explanation:
🔐 A trust model defines how entities establish, evaluate, and manage trust relationships—such as certificate chains in PKI.

question: 26
Which architectural principle aims to ensure that security is part of every stage of system development?
A. Post-deployment scanning
B. Zero Trust
C. DevSecOps
D. Code obfuscation

correct answer: C
✨ Explanation:
⚙️ DevSecOps integrates security into the CI/CD pipeline, ensuring continuous and proactive security throughout development and deployment.

question: 27
Which security concept best supports logical segmentation of cloud workloads?
A. VPN tunneling
B. Containerization
C. Network Access Control
D. Microsegmentation

correct answer: D
✨ Explanation:
🧩 Microsegmentation enables granular control of network traffic between workloads, limiting lateral movement and isolating cloud or virtual environments.

question: 28
In architecting security for a hybrid cloud, which of the following is a key challenge?
A. Local backup
B. Centralized identity management
C. Data deduplication
D. Wi-Fi encryption

correct answer: B
✨ Explanation:
🌐 Managing identities and access across both on-premises and cloud environments is complex, making centralized identity a key architectural concern in hybrid models.

question: 29
Which principle ensures that all security events are traceable to a specific user or system?
A. Integrity
B. Availability
C. Auditability
D. Non-repudiation

correct answer: D
✨ Explanation:
🕵️ Non-repudiation ensures that actions cannot be denied by their originator, typically using logs, signatures, and tracking mechanisms to establish accountability.

question: 30
What is the main goal of using attribute-based access control (ABAC) in a secure architecture?
A. Simplify user provisioning
B. Rely only on group membership
C. Make access decisions based on dynamic context
D. Prevent brute force attacks

correct answer: C
✨ Explanation:
🎯 ABAC uses attributes (user, resource, environment) to make real-time, contextual access decisions, enabling fine-grained control in dynamic environments.

question: 31
Which of the following is the most effective way to ensure confidentiality in a security architecture?
A. Strong passwords
B. Secure protocols like TLS
C. Load balancing
D. Multi-cloud storage

correct answer: B
✨ Explanation:
🔒 Using secure protocols like TLS ensures data is encrypted in transit, maintaining confidentiality between systems.

question: 32
Which of the following security models prevents information flow from a higher classification level to a lower one?
A. Clark-Wilson
B. Bell-LaPadula
C. Biba
D. Brewer-Nash

correct answer: B
✨ Explanation:
🔐 The Bell-LaPadula model enforces confidentiality, preventing “write down” actions from high to low security levels.

question: 33
In a layered security architecture, which layer typically includes IDS/IPS and firewalls?
A. Physical
B. Application
C. Network
D. Data

correct answer: C
✨ Explanation:
🧱 Firewalls and IDS/IPS function at the network layer, monitoring and filtering traffic for suspicious activity.

question: 34
Which of the following concepts involves designing systems to continue operating even when part of the system fails?
A. Failover
B. Resilience
C. Scalability
D. Partitioning

correct answer: B
✨ Explanation:
🛠️ Resilience means building systems to withstand and recover from failures, ensuring continuous operations under stress.

question: 35
What is the primary advantage of Zero Trust Architecture (ZTA)?
A. Reduced need for authentication
B. Eliminates encryption overhead
C. Assumes no trust, even inside the network
D. Centralized access control

correct answer: C
✨ Explanation:
🚫 Zero Trust assumes no inherent trust within or outside the network perimeter. All access must be verified continuously.

question: 36
In security architecture, what is the primary purpose of data classification?
A. Determine network topology
B. Identify compliance responsibilities
C. Prioritize security controls
D. Optimize application performance

correct answer: C
✨ Explanation:
🗂️ Data classification helps prioritize where and how security controls should be applied based on sensitivity and value.

question: 37
Which of the following best describes a compensating control?
A. A backup control used when a primary control fails
B. A control that replaces physical access
C. An optional audit technique
D. A non-technical mitigation tool

correct answer: A
✨ Explanation:
🛡️ A compensating control is used when a primary control cannot be implemented as intended, offering equivalent risk mitigation.

question: 38
Which of the following concepts supports data integrity at the architecture level?
A. Hashing
B. Firewall rules
C. Role-based access
D. Load balancing

correct answer: A
✨ Explanation:
🧮 Hashing provides a way to verify that data has not been altered, ensuring integrity during storage or transmission.

question: 39
Which protocol is commonly used to secure directory access in enterprise identity architectures?
A. SNMP
B. SMB
C. LDAPS
D. FTP

correct answer: C
✨ Explanation:
🔐 LDAPS (LDAP over SSL) is used to securely connect to directory services, protecting credentials and queries.

question: 40
Which of the following architectural elements is most closely associated with authentication and authorization decisions?
A. Load balancer
B. Security token service (STS)
C. Data warehouse
D. Caching proxy

correct answer: B
✨ Explanation:
🪪 A Security Token Service (STS) is responsible for issuing, validating, and managing identity tokens, enabling secure authentication and authorization in federated environments.

question: 41
Which cryptographic principle ensures that a message has not been altered during transmission?
A. Confidentiality
B. Authenticity
C. Integrity
D. Availability

correct answer: C
✨ Explanation:
🧾 Integrity is maintained using methods like hashing or digital signatures to verify that data remains unchanged in transit.

question: 42
Which architectural framework emphasizes security services aligned with business goals?
A. TOGAF
B. SABSA
C. Zachman
D. ITIL

correct answer: B
✨ Explanation:
🎯 SABSA (Sherwood Applied Business Security Architecture) integrates business-driven security controls, aligning IT security with organizational goals.

question: 43
Which of the following best defines the purpose of a security domain in architecture?
A. A network zone defined by VLANs
B. A logical grouping of systems with similar trust levels
C. A DMZ between internal and external networks
D. An isolated subnet for wireless devices

correct answer: B
✨ Explanation:
🏢 A security domain is a logical boundary where resources operate under a common security policy and trust level.

question: 44
Which concept describes a layered approach to security implementation?
A. DevSecOps
B. Zero Trust
C. Least Privilege
D. Defense in Depth

correct answer: D
✨ Explanation:
🛡️ Defense in Depth uses multiple security controls at various layers (network, application, physical) to mitigate threats.

question: 45
Which standard focuses on information security risk management and is commonly used in architecture planning?
A. ISO/IEC 27005
B. ISO/IEC 27001
C. NIST SP 800-53
D. COBIT 5

correct answer: A
✨ Explanation:
📉 ISO/IEC 27005 provides guidelines for information security risk management, making it highly relevant in security architecture.

question: 46
Which protocol is often used in federated identity environments for exchanging authentication data?
A. SAML
B. TLS
C. IPSec
D. Kerberos

correct answer: A
✨ Explanation:
🔐 SAML (Security Assertion Markup Language) enables federated SSO by securely exchanging authentication and authorization data across domains.

question: 47
Which architectural concern is directly addressed by disaster recovery planning (DRP)?
A. System scalability
B. Legal compliance
C. Data availability
D. Service monetization

correct answer: C
✨ Explanation:
⚠️ Disaster recovery ensures continued data availability and business continuity in the event of outages or failures.

question: 48
What is the primary purpose of using a security baseline in architecture?
A. Maximize data throughput
B. Provide a performance benchmark
C. Define minimum acceptable security configurations
D. Identify user access violations

correct answer: C
✨ Explanation:
🧱 A security baseline defines the minimum configuration standards and controls for securing systems consistently across the environment.

question: 49
Which of the following is most aligned with regulatory compliance in security architecture?
A. Risk transference
B. Data sovereignty
C. Tokenization
D. Service-level agreement

correct answer: B
✨ Explanation:
🌍 Data sovereignty ensures that data is stored and processed according to the laws of the country where it’s located, crucial for compliance.

question: 50
Which concept in architecture is used to detect security issues early in the development cycle?
A. Security audits
B. Static code analysis
C. Penetration testing
D. System hardening

correct answer: B
✨ Explanation:
🔍 Static code analysis helps identify vulnerabilities early by analyzing source code before deployment, improving security posture.