Scenario
A company is redesigning a customer portal. The design must protect web applications, keep public services separated from internal systems, protect payment data, and support recovery after an outage.
Your task: Select the best architecture, data protection, or recovery control.
| Asset | Requirement |
|---|---|
| Customer web app | Protect against web attacks |
| Cardholder data | Reduce exposure |
| Portal availability | Recover within hours |
Resilience and Data
Instructor Answer
- A WAF protects web applications from common Layer 7 attacks.
- A screened subnet separates public-facing services from internal networks.
- Fail-closed blocks traffic when the device cannot enforce policy.
- Tokenization replaces sensitive data with substitute values.
- Encryption at rest protects stored data.
- A warm site is partially prepared and faster than a cold site.
- Load balancing improves availability by distributing traffic.
- A tabletop exercise validates plans without disrupting production.