Question1: Software-defined networking (SDN) is intended to separate different network capabilities and allow for the granting of granular configurations, permissions, and features to non- network staff or customers. Which network capability is separated from forwarding of traffic?
Response:
Question2: Which of the following in a federated environment is responsible for consuming authentication tokens?
Question3: Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:
Question4: From a security perspective, what component of a cloud computing infrastructure represents the biggest concern?
Question5: Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP network traffic instead?
Question6: What does the REST API use to protect data transmissions?
Question7: What aspect of data center planning occurs first?
Question8: Which concept pertains to cloud customers paying only for the resources they use and consume, and only for the duration they are using them?
Question9: What concept and operational process must be spelled out clearly, as far as roles and responsibilities go, between the cloud provider and cloud customer for the mitigation of any problems or security events?
Question10: Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it?
Question11: Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ____________.
Response:
Question12: Which of the following frameworks focuses specifically on design implementation and management?
Question13: Database activity monitoring (DAM) can be:
Question14: At which phase of the SDLC process should security begin participating?
Question15: Just like the risk management process, the BCDR planning process has a defined sequence of steps and processes to follow to ensure the production of a comprehensive and successful plan.
Which of the following is the correct sequence of steps for a BCDR plan?
Question16: What is the major difference between authentication/authorization?
Response:
Question17: Which of the following is characterized by a set maximum capacity?
Question18: During the assessment phase of a risk evaluation, what are the two types of tests that are performed?
Response:
Question19: A DLP solution/implementation has three main components.
Which of the following is NOT one of the three main components?
Question20: Although performing BCDR tests at regular intervals is a best practice to ensure processes and documentation are still relevant and efficient, which of the following represents a reason to conduct a BCDR review outside of the regular interval?
Question21: You are developing a new process for data discovery for your organization and are charged with ensuring that all applicable data is included. Which of the following is NOT one of the three methods of data discovery?
Response:
Question22: Which of the following is not a feature of SAST?
Question23: Which of the following are considered to be the building blocks of cloud computing?
Question24: If bit-splitting is used to store data sets across multiple jurisdictions, how may this enhance security?
Response:
Question25: A variety of security systems can be integrated within a network--some that just monitor for threats and issue alerts, and others that take action based on signatures, behavior, and other types of rules to actively stop potential threats.
Which of the following types of technologies is best described here?
Question26: In the wake of many scandals with major corporations involving fraud and the deception of investors and regulators, which of the following laws was passed to govern accounting and financial records and disclosures?
Question27: Although encryption can help an organization to effectively decrease the possibility of data breaches, which other type of threat can it increase the chances of?
Question28: Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?
Question29: When using a SaaS solution, what is the capability provided to the customer?
Question30: In attempting to provide a layered defense, the security practitioner should convince senior management to include security controls of which type?
Response:
Question31: What are SOC 1/SOC 2/SOC 3?
Question32: Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind?
Question33: What is the term used to describe loss of access to data because the cloud provider has ceased operation?
Response:
Question34: Within a SaaS environment, what is the responsibility on the part of the cloud customer in regard to procuring the software used?
Question35: Which of the following storage types is most closely associated with a traditional file system and tree structure?
Question36: Identity and access management (IAM) is a security discipline that ensures which of the following?
Question37: Which of the following actions will NOT make data part of the "create" phase of the cloud data lifecycle?
Question38: Halon is now illegal to use for data center fire suppression. What is the reason it was outlawed?
Question39: Which of the following areas of responsibility would be shared between the cloud customer and cloud provider within the Software as a Service (SaaS) category?
Question40: The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, all of the following activity can result in data loss except ____________.
Question41: Which of the following is NOT a core component of an SIEM solution?
Question42: SOX was enacted because of which of the following?
Question43: Tokenization requires at least ____ database(s).
Question44: Which value refers to the amount of time it takes to recover operations in a BCDR situation to meet management's objectives?
Question45: When an organization considers cloud migrations, the organization's software developers will need to know which _______ and _______ which the organization will be using, in order to properly and securely create suitable applications.
Question46: IRM solutions allow an organization to place different restrictions on data usage than would otherwise be possible through traditional security controls.
Which of the following controls would be possible with IRM that would not with traditional security controls?
Question47: Which cloud service category most commonly uses client-side key management systems?
Question48: The Restatement (Second) Conflict of Law refers to which of the following?
Question49: Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?
Question50: Which of the following is NOT a major regulatory framework?
Question51: Which of the following pertains to a macro level approach to data center design rather than the traditional tiered approach to data centers?
Question52: Which of the following is not one of the types of controls?
Question53: Virtual machine (VM) configuration management (CM) tools should probably include
____________.
Response:
Question54: Although the REST API supports a wide variety of data formats for communications and exchange, which data formats are the most commonly used?
Question55: Which of the following concepts is NOT one of the core components to an encryption system architecture?
Question56: To protect data on user devices in a BYOD environment, the organization should consider requiring all the following, except:
Question57: Anonymization is the process of removing from data sets.
Response:
Question58: Which of the following is NOT one of the security domains presented within the Cloud Controls Matrix?
Response:
Question59: Which of the following methods of addressing risk is most associated with insurance?
Response:
Question60: Cryptographic keys should be secured ________________ .
Question61: Which of the following is considered an external redundancy for a data center?
Question62: What is used for local, physical access to hardware within a data center?
Question63: Which of the following would NOT be included as input into the requirements gathering for an application or system?
Question64: A virtual network interface card (NIC) exists at layer __________ of the OSI model.
Question65: When using an IaaS solution, what is the capability provided to the customer?
Question66: Humidity levels for a data center are a prime concern for maintaining electrical and computing resources properly as well as ensuring that conditions are optimal for top performance.
Which of the following is the optimal humidity level, as established by ASHRAE?
Question67: The Cloud Security Alliance's (CSA's) Cloud Controls Matrix (CCM) addresses all the following security architecture elements except ____________.
Question68: Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Question69: What strategy involves replacing sensitive data with opaque values, usually with a means of mapping it back to the original value?
Question70: In addition to whatever audit results the provider shares with the customer, what other mechanism does the customer have to ensure trust in the provider's performance and duties?
Question71: There are two reasons to conduct a test of the organization's recovery from backup in an environment other than the primary production environment. Which of the following is one of them?
Response:
Question72: What expectation of data custodians is made much more challenging by a cloud implementation, especially with PaaS or SaaS?
Question73: Which of the cloud cross-cutting aspects relates to the oversight of processes and systems, as well as to ensuring their compliance with specific policies and regulations?
Question74: What is a cloud storage architecture that manages the data in a hierarchy of files?
Question75: Who would be responsible for implementing IPsec to secure communications for an application?
Question76: DRM solutions should generally include all the following functions, except:
Question77: TLS provides and ________ for ________ communications.
Question78: Which of the following would NOT be considered part of resource pooling with an Infrastructure as a Service implementation?
Question79: Many different common threats exist against web-exposed services and applications. One attack involves attempting to leverage input fields to execute queries in a nested fashion that is unintended by the developers.
What type of attack is this?
Question80: What are third-party providers of IAM functions for the cloud environment?
Question81: Cryptographic keys for encrypted data stored in the cloud should be ______________.
Response:
Question82: Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials?
Question83: Many aspects and features of cloud computing can make eDiscovery compliance more difficult or costly.
Which aspect of cloud computing would be the MOST complicating factor?
Question84: Which attribute of data poses the biggest challenge for data discovery?
Question85: DLP solutions can aid in deterring loss due to which of the following?
Question86: Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
Question87: Many activities within a cloud environment are performed via programmatic means, where complex and distributed operations are handled without the need to perform each step individually.
Which of the following concepts does this describe?
Question88: Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?
Question89: Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?
Question90: Who is the entity identified by personal data?
Question91: What must be secured on physical hardware to prevent unauthorized access to systems?
Question92: A data custodian is responsible for which of the following?
Question93: In which of the following situations does the data owner have to administer the OS?
Response:
Question94: Which format is the most commonly used standard for exchanging information within a federated identity system?
Question95: Which of the following is NOT a function performed by the record protocol of TLS?
Question96: There is a large gap between the privacy laws of the United States and those of the European Union. Bridging this gap is necessary for American companies to do business with European companies and in European markets in many situations, as the American companies are required to comply with the stricter requirements.
Which US program was designed to help companies overcome these differences?
Question97: Tokenization requires two distinct _________________ .
Question98: You are the security manager for a software development firm. Your company is interested in using a managed cloud service provider for hosting its testing environment. Previous releases have shipped with major flaws that were not detected in the testing phase; leadership wants to avoid repeating that problem.
What tool/technique/technology might you suggest to aid in identifying programming errors?
Question99: Your company has just been served with an eDiscovery order to collect event data and other pertinent information from your application during a specific period of time, to be used as potential evidence for a court proceeding.
Which of the following, apart from ensuring that you collect all pertinent data, would be the MOST important consideration?
Response:
Question100: TLS uses ___________ to authenticate a connection and create a shared secret for the duration of the session.
Question101: Which SSAE 16 report is purposefully designed for public release (for instance, to be posted on a company's website)?
Question102: Which security concept, if implemented correctly, will protect the data on a system, even if a malicious actor gains access to the actual system?
Question103: Which technology is most associated with tunneling?
Response:
Question104: When crafting plans and policies for data archiving, we should consider all of the following, except:
Question105: Which of the following is a management role, versus a technical role, as it pertains to data management and oversight?
Question106: Penetration testing is a(n) __________ form of security assessment.
Question107: You are the security subject matter expert (SME) for an organization considering a transition from the legacy environment into a hosted cloud provider's data center. One of the challenges you're facing is whether the provider will have undue control over your data once it is within the provider's data center; will the provider be able to hold your organization hostage because they have your data?
This is a(n) _________ issue.
Question108: Which of the following statements accurately describes VLANs?
Question109: Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?
Question110: Which of the following is NOT a criterion for data within the scope of eDiscovery?
Question111: Every cloud service provider that opts to join the CSA STAR program registry must complete a
___________.
Question112: Which of the following is not a reason for conducting audits?
Question113: In order to prevent cloud customers from potentially consuming enormous amounts of resources within a cloud environment and thus having a negative impact on other customers, what concept is commonly used by a cloud provider?
Question114: What is the primary security mechanism used to protect SOAP and REST APIs?
Question115: What are the phases of a software development lifecycle process model?
Question116: How is an object stored within an object storage system?
Question117: Deviations from the baseline should be investigated and __________________.
Question118: What type of redundancy can we expect to find in a datacenter of any tier?
Response:
Question119: With a cloud service category where the cloud customer is provided a full application framework into which to deploy their code and services, which storage types are MOST likely to be available to them?
Question120: Which aspect of cloud computing serves as the biggest challenge to using DLP to protect data at rest?
Question121: Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?
Question122: Which if the following is NOT one of the three components of a federated identity system transaction?
Question123: You are the security manager for an online retail sales company with 100 employees and a production environment hosted in a PaaS model with a major cloud provider. Your company policies have allowed for a BYOD workforce that work equally from the company offices and their own homes or other locations. The policies also allow users to select which APIs they install and use on their own devices in order to access and manipulate company data.
Of the following, what is a security control you'd like to implement to offset the risk(s) incurred by this practice?
Question124: Which of the following storage types are used with an Infrastructure as a Service (IaaS) solution?
Question125: Which of the following is a file server that provides data access to multiple, heterogeneous machines/users on the network?
Question126: Which cloud storage type requires special consideration on the part of the cloud customer to ensure they do not program themselves into a vendor lock-in situation?
Question127: The Brewer-Nash security model is also known as which of the following?
Response:
Question128: What type of identity system allows trust and verifications between the authentication systems of multiple organizations?
Response:
Question129: Which of the following is not a risk management framework?
Question130: Which technology can be useful during the "share" phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?
Question131: Which of the following types of organizations is most likely to make use of open source software technologies?
Question132: Which of the following BCDR testing methodologies is least intrusive?
Question133: Which of the following is NOT a component of access control?
Question134: You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition.
Which of the following cloud concepts would this pertain to?
Question135: The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, an organization that suffers a data breach might suffer all of the following negative effects except __________.
Question136: Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?
Question137: Which of the following is not included in the OWASP Top Ten web application security threats?
Response:
Question138: Which of the following threat types involves an application that does not validate authorization for portions of itself beyond when the user first enters it?
Question139: What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?
Question140: When a data center is configured such that the backs of the devices face each other and the ambient temperature in the work area is cool, it is called ___________.
Question141: An audit scope statement defines the limits and outcomes from an audit. Which of the following would NOT be included as part of an audit scope statement?
Question142: If a key feature of cloud computing that your organization desires is the ability to scale and expand without limit or concern about available resources, which cloud deployment model would you MOST likely be considering?
Question143: What type of device is often leveraged to assist legacy applications that may not have the programmatic capability to process assertions from modern web services?
Question144: Access should be based on ____________.
Response:
Question145: Your company operates in a highly competitive market, with extremely high-value data assets.
Senior management wants to migrate to a cloud environment but is concerned that providers will not meet the company's security needs.
Which deployment model would probably best suit the company's needs?
Response:
Question146: Which aspect of data poses the biggest challenge to using automated tools for data discovery and programmatic data classification?
Question147: What is a data custodian responsible for?
Question148: Which of the following is NOT a common component of a DLP implementation process?
Question149: Which of the following standards primarily pertains to cabling designs and setups in a data center?
Question150: What is the best source for information about securing a physical asset's BIOS?
Question151: Which of the following is the primary purpose of an SOC 3 report?
Question152: Which key storage solution would be the BEST choice in a situation where availability might be of a particular concern?
Question153: What is the term that describes the situation when a malicious user/attacker can exit the restrictions of a single host and access other nodes on the network?
Question154: Which of the following is the best example of a key component of regulated PII?
Question155: Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?
Question156: Which cloud storage type resembles a virtual hard drive and can be utilized in the same manner and with the same type of features and capabilities?
Question157: Which cloud service category offers the most customization options and control to the cloud customer?
Question158: You are the security manager for a small retail business involved mainly in direct e- commerce transactions with individual customers (members of the public). The bulk of your market is in Asia, but you do fulfill orders globally.
Your company has its own data center located within its headquarters building in Hong Kong, but it also uses a public cloud environment for contingency backup and archiving purposes. Your company has decided to expand its business to include selling and monitoring life-support equipment for medical providers.
What characteristic do you need to ensure is offered by your cloud provider?
Response:
Question159: What type of solution is at the core of virtually all directory services?
Question160: All of the following entitles are required to use FedRAMP-accredited Cloud Service Providers except ___________.
Question161: What is the intellectual property protection for the logo of a new video game?
Question162: All of the following are terms used to described the practice of obscuring original raw data so that only a portion is displayed for operational purposes, except:
Question163: Which of the following is a method for apportioning resources that involves setting maximum usage amounts for all tenants/customers within the environment?
Question164: Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?
Question165: Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers.
Which of the following is NOT a unit covered by limits?
Question166: The various models generally available for cloud BC/DR activities include all of the following except:
Question167: You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
Which of these activities should you perform before deploying the tool?
Question168: Which of the following is a possible negative aspect of bit-splitting?
Question169: Which of the following are not examples of personnel controls?
Question170: Which of the following storage types is most closely associated with a database-type storage implementation?
Question171: While an audit is being conducted, which of the following could cause management and the auditors to change the original plan in order to continue with the audit?
Question172: You are the security policy lead for your organization, which is considering migrating from your on- premises, legacy environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization. What is probably the best benefit offered by the CCM?
Question173: Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?
Question174: Your IT steering committee has, at a high level, approved your project to begin using cloud services. However, the committee is concerned with getting locked into a single cloud provider and has flagged the ability to easily move between cloud providers as a top priority. It also wants to save costs by reusing components.
Which cross-cutting aspect of cloud computing would be your primary focus as your project plan continues to develop and you begin to evaluate cloud providers?
Question175: Being in a cloud environment, cloud customers lose a lot of insight and knowledge as to how their data is stored and their systems are deployed.
Which concept from the ISO/IEC cloud standards relates to the necessity of the cloud provider to inform the cloud customer on these issues?
Question176: Modern web service systems are designed for high availability and resiliency. Which concept pertains to the ability to detect problems within a system, environment, or application and programmatically invoke redundant systems or processes for mitigation?
Question177: You work for a government research facility. Your organization often shares data with other government research organizations.
You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources.
In order to pass the user IDs and authenticating credentials of each user among the organizations, what protocol/language/motif will you most likely utilize?
Response:
Question178: ____________ can often be the result of inadvertent activity.
Question179: What is one of the reasons a baseline might be changed?
Question180: Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?
Question181: Which cloud service category brings with it the most expensive startup costs, but also the lowest costs for ongoing support and maintenance staff?
Question182: Although indirect identifiers cannot alone point to an individual, the more of them known can lead to a specific identity. Which strategy can be used to avoid such a connection being made?
Response:
Question183: Which of the following report is most aligned with financial control audits?
Question184: Which concept BEST describes the capability for a cloud environment to automatically scale a system or application, based on its current resource demands?
Question185: Which United States law is focused on PII as it relates to the financial industry?
Question186: Different certifications and standards take different approaches to data center design and operations. Although many traditional approaches use a tiered methodology, which of the following utilizes a macro- level approach to data center design?
Question187: Which of the following is NOT one of the main intended goals of a DLP solution?
Question188: Which data formats are most commonly used with the REST API?
Question189: Which of the following is a risk in the cloud environment that is not existing or is as prevalent in the legacy environment?
Question190: Which technology is NOT commonly used for security with data in transit?
Question191: When designing a cloud data center, which of the following aspects is not necessary to ensure continuity of operations during contingency operations?
Question192: On large distributed systems with pooled resources, cloud computing relies on extensive orchestration to maintain the environment and the constant provisioning of resources.
Which of the following is crucial to the orchestration and automation of networking resources within a cloud?
Question193: Which of the following is NOT a function performed by the handshake protocol of TLS?
Question194: Because cloud providers will not give detailed information out about their infrastructures and practices to the general public, they will often use established auditing reports to ensure public trust, where the reputation of the auditors serves for assurance.
Which type of audit reports can be used for general public trust assurances?
Question195: Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
Question196: At which layer does the IPSec protocol operate to encrypt and protect communications between two parties?
Question197: It is important to include _______ in the design of underfloor plenums if they are also used for wiring.
Response:
Question198: What aspect of a Type 2 hypervisor involves additional security concerns that are not relevant with a Type 1 hypervisor?
Response:
Question199: Digital rights management (DRM) tools can be combined with ___________, to enhance security capabilities.
Response:
Question200: What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud?
Question201: The Transport Layer Security (TLS) protocol creates a secure communications channel over public media (such as the Internet). In a typical TLS session, who initiates the protocol?
Question202: Typically, SSDs are ____________.
Response:
Question203: Your application has been a continued target for SQL injection attempts. Which of the following technologies would be best used to combat the likeliness of a successful SQL injection exploit from occurring?
Response:
Question204: Which of the following is an example of useful and sufficient data masking of the string "CCSP"?
Response:
Question205: Which of the following methods of addressing risk is most associated with insurance?
Question206: Which kind of SSAE report comes with a seal of approval from a certified auditor?
Response:
Question207: What concept does the "I" represent with the STRIDE threat model?
Question208: What is an often overlooked concept that is essential to protecting the confidentiality of data?
Question209: Which of the following service capabilities gives the cloud customer the most control over resources and configurations?
Question210: Which of the following APIs are most commonly used within a cloud environment?
Question211: A bare-metal hypervisor is Type ____________.
Question212: The physical layout of a cloud data center campus should include redundancies of all the following except ____________.
Question213: You work for a government research facility. Your organization often shares data with other government research organizations.
You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources.
If you don't use cross-certification, what other model can you implement for this purpose?
Question214: Which type of cloud-based storage is IRM typically associated with?
Response:
Question215: Which of the following is the recommended operating range for temperature and humidity in a data center?
Question216: The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes "security misconfiguration." Which of these is a technique to reduce the potential for a security misconfiguration?
Response:
Question217: What sort of legal enforcement may the Payment Card Industry (PCI) Security Standards Council not bring to bear against organizations that fail to comply with the Payment Card Industry Data Security Standard (PCI DSS)?
Question218: Which aspect of cloud computing will be most negatively impacted by vendor lock-in?
Question219: What are SOCI/SOCII/SOCIII?
Question220: Data labels could include all the following, except:
Question221: According to the (ISC)2 Cloud Secure Data Life Cycle, which phase comes soon after (or at the same time as) the Create phase?
Question222: Which of the following is not a component of contractual PII?
Question223: Which phase of the cloud data lifecycle would be the MOST appropriate for the use of DLP technologies to protect the data?
Question224: Which United States law is focused on accounting and financial practices of organizations?
Question225: BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the amount of data and services needed to reach the predetermined level of operations?
Question226: You are the security manager for a software development firm. Your company is interested in using a managed cloud service provider for hosting its testing environment. Management is interested in adopting an Agile development style.
This will be typified by which of the following traits?
Question227: What is the biggest negative to leasing space in a data center versus building or maintain your own?
Question228: You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
In order to increase the security value of the DLP, you should consider combining it with
____________.
Question229: Which of the following could be used as a second component of multifactor authentication if a user has an RSA token?
Question230: Which of the following would probably best aid an organization in deciding whether to migrate from a legacy environment to a particular cloud provider?
Question231: Maintenance mode requires all of these actions except:
Question232: Which of the following systems is used to employ a variety of different techniques to discover and alert on threats and potential threats to systems and networks?
Question233: A denial of service (DoS) attack can potentially impact all customers within a cloud environment with the continued allocation of additional resources. Which of the following can be useful for a customer to protect themselves from a DoS attack against another customer?
Question234: Which of the following are cloud computing roles?
Question235: The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what aspect of managed cloud services makes the threat of malicious insiders so alarming?
Question236: When beginning an audit, both the system owner and the auditors must agree on various aspects of the final audit report.
Which of the following would NOT be something that is predefined as part of the audit agreement?
Question237: Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?
Question238: Which of the following is NOT one of the official risk rating categories?
Question239: Each of the following is an element of the Identification phase of the identity and access management (IAM) process except _____________.
Question240: What type of masking strategy involves replacing data on a system while it passes between the data and application layers?
Question241: The cloud deployment model that features joint ownership of assets among an affinity group is known as:
Question242: With a federated identity system, where would a user perform their authentication when requesting services or application access?
Question243: In order to comply with regulatory requirements, which of the following secure erasure methods would be available to a cloud customer using volume storage within the IaaS service model?
Question244: Which security certification serves as a general framework that can be applied to any type of system or application?
Question245: Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?
Question246: An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer.
Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA?
Question247: Which of the following best describes SAML?
Question248: What category of PII data can carry potential fines or even criminal charges for its improper use or disclosure?
Question249: SOC Type 1 reports are considered "restricted use," in that they are intended only for limited audiences and purposes.
Which of the following is NOT a population that would be appropriate for a SOC Type 1 report?
Question250: Which of the following best describes the Organizational Normative Framework (ONF)?
Question251: What is the amount of fuel that should be on hand to power generators for backup datacenter power, in all tiers, according to the Uptime Institute?
Question252: In general, a cloud BCDR solution will be _________ than a physical solution.
Response:
Question253: Which of the following are the storage types associated with PaaS?
Question254: Which of the following terms is not associated with cloud forensics?
Question255: Which of the following is NOT something that an HIDS will monitor?
Question256: Which phase of the cloud data lifecycle involves processing by a user or application?
Question257: What can tokenization be used for?
Question258: Which of the following represents a prioritization of applications or cloud customers for the allocation of additional requested resources when there is a limitation on available resources?
Question259: Tokenization requires two distinct ______________.
Response:
Question260: Which United States law is focused on data related to health records and privacy?
Question261: A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it's best to lease space in a data center or build your own data center--and now with cloud computing, whether to purchase resources within a cloud.
What is the biggest advantage to leasing space in a data center versus procuring cloud services?
Question262: Which of the following is the optimal temperature for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?
Question263: For service provisioning and support, what is the ideal amount of interaction between a cloud customer and cloud provider?
Question264: Which type of cloud model typically presents the most challenges to a cloud customer during the
"destroy" phase of the cloud data lifecycle?
Question265: Your company maintains an on-premises data center for daily production activities but wants to use a cloud service to augment this capability during times of increased demand (cloud bursting).
Which deployment model would probably best suit the company's needs?
Response:
Question266: Which of the following is not typically included in the list of critical assets specified for continuity during BCDR contingency operations?
Question267: What is the primary reason that makes resolving jurisdictional conflicts complicated?
Question268: Cloud environments are based entirely on virtual machines and virtual devices, and those images are also in need of storage within the environment. What type of storage is typically used for virtual images?
Response:
Question269: A cloud data encryption situation where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a ____________.
Question270: Which of the following should occur at each stage of the SDLC?
Question271: Which security concept would business continuity and disaster recovery fall under?
Question272: Which of the following is the biggest concern or challenge with using encryption?
Question273: Which of the following may unilaterally deem a cloud hosting model inappropriate for a system or application?
Question274: Which of the following is not one of the defined security controls domains within the Cloud Controls Matrix, published by the Cloud Security Alliance?
Question275: A firewall can use all of the following techniques for controlling traffic except:
Question276: You are the IT director for a small contracting firm. Your company is considering migrating to a cloud production environment.
Which service model would best fit your needs if you wanted an option that reduced the chance of vendor lock-in but also did not require the highest degree of administration by your own personnel?
Question277: What are the two protocols that TLS uses?
Question278: Cryptographic keys for encrypted data stored in the cloud should be ________________ .
Question279: Three central concepts define what type of data and information an organization is responsible for pertaining to eDiscovery.
Which of the following are the three components that comprise required disclosure?
Question280: Gap analysis is performed for what reason?
Question281: What is the best approach for dealing with services or utilities that are installed on a system but not needed to perform their desired function?
Question282: Which of the following is considered an administrative control?
Question283: Which of the following roles involves the provisioning and delivery of cloud services?
Question284: Cloud vendors are held to contractual obligations with specified metrics by:
Response:
Question285: A UPS should have enough power to last how long?
Question286: Application virtualization can typically be used for ____________.
Question287: What does dynamic application security testing (DAST) NOT entail?
Question288: Who will determine data classifications for the cloud customer?
Question289: Cloud systems are increasingly used for BCDR solutions for organizations.
What aspect of cloud computing makes their use for BCDR the most attractive?
Question290: Which of the following is the best and only completely secure method of data destruction?
Question291: You work for a company that operates a production environment in the cloud. Another company using the same cloud provider is under investigation by law enforcement for racketeering. Your company should be concerned about this because of the cloud characteristic of ____________.
Response:
Question292: What strategy involves hiding data in a data set to prevent someone from identifying specific individuals based on other data fields present?
Question293: When using an IaaS solution, what is a key benefit provided to the customer?
Question294: What process is used within a clustered system to provide high availability and load balancing?
Question295: The president of your company has tasked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services.
Which of the cloud deployment models would you MOST likely be exploring?
Question296: What are the U.S. Commerce Department controls on technology exports known as?
Question297: Which of the following aspects of cloud computing would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?
Question298: SOC 2 reports were intended to be ____________.
Question299: Which of the following roles would be responsible for managing memberships in federations and the use and integration of federated services?
Question300: Which of these characteristics of a virtualized network adds risks to the cloud environment?
Question301: Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?
Question302: All of the following are usually nonfunctional requirements except ____________.
Question303: The destruction of a cloud customer's data can be required by all of the following except
___________.
Question304: Which of the following is a widely used tool for code development, branching, and collaboration?
Question305: When using an Infrastructure as a Service (IaaS) solution, what is the capability provided to the customer?
Response:
Question306: Why might an organization choose to comply with the ISO 27001 standard?
Response:
Question307: You are the security director for a chain of automotive repair centers across several states. Your company uses a cloud SaaS provider, for business functions that cross several of the locations of your facilities, such as: 1) ordering parts 2) logistics and inventory 3) billing, and 4) marketing.
The manager at one of your newest locations reports that there is a competing car repair company that has a logo that looks almost exactly like the one your company uses. What will most likely affect the determination of who has ownership of the logo?
Question308: The cloud deployment model that features organizational ownership of the hardware and infrastructure, and usage only by members of that organization, is known as:
Question309: DLP can be combined with what other security technology to enhance data controls?
Question310: If a cloud computing customer wishes to guarantee that a minimum level of resources will always be available, which of the following set of services would compromise the reservation?
Question311: Which type of cloud service category would having a vendor-neutral encryption scheme for data at rest (DAR) be the MOST important?
Question312: Which one of the following is not one of the three common threat modeling techniques?
Question313: Which of the following is NOT an application or utility to apply and enforce baselines on a system?
Question314: Which kind of SSAE audit report is most beneficial for a cloud customer, even though it's unlikely the cloud provider will share it?
Question315: What is the biggest concern with hosting a key management system outside of the cloud environment?
Question316: Data labels could include all the following, except:
Question317: The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?
Question318: Which of the following aspects of the BC/DR process poses a risk to the organization?
Response:
Question319: Alice is the CEO for a software company; she is considering migrating the operation from the current on-premises legacy environment into the cloud.
In order to protect her company's intellectual property, Alice might want to consider implementing all these techniques/solutions except __________________.
Response:
Question320: Which of the following does NOT relate to the hiding of sensitive data from data sets?
Question321: Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?
Question322: The tasks performed by the hypervisor in the virtual environment can most be likened to the tasks of the ________ in the legacy environment.
Question323: You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
In order to get truly holistic coverage of your environment, you should be sure to include
__________ as a step in the deployment process.
Question324: Which of the following features is a main benefit of PaaS over IaaS?
Question325: What is a form of cloud storage where data is stored as objects, arranged in a hierarchal structure, like a file tree?
Question326: Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle?
Question327: Which of the following best describes the purpose and scope of ISO/IEC 27034-1?
Question328: What concept does the A represent within the DREAD model?
Question329: What type of PII is controlled based on laws and carries legal penalties for noncompliance with requirements?
Question330: Which of the following methods for the safe disposal of electronic records can always be used in a cloud environment?
Response:
Question331: BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the required amount of time to restore services to the predetermined level?
Question332: Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?
Question333: What is the concept of isolating an application from the underlying operating system for testing purposes?
Question334: Which of the following security measures done at the network layer in a traditional data center are also applicable to a cloud environment?
Question335: Countermeasures for protecting cloud operations against internal threats include all of the following except:
Question336: The management plane is used to administer a cloud environment and perform administrative tasks across a variety of systems, but most specifically it's used with the hypervisors. What does the management plane typically leverage for this orchestration?
Question337: Which protocol, as a part of TLS, handles negotiating and establishing a connection between two parties?
Question338: Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?
Question339: Which of the following are distinguishing characteristics of a managed service provider?
Question340: Which data state would be most likely to use digital signatures as a security protection mechanism?
Question341: Which cloud storage type uses an opaque value or descriptor to categorize and organize data?
Question342: A comprehensive BCDR plan will encapsulate many or most of the traditional concerns of operating a system in any data center.
However, what is one consideration that is often overlooked with the formulation of a BCDR plan?
Question343: During which phase of the cloud data lifecycle is it possible for the classification of data to change?
Question344: Of the following, which is probably the most significant risk in a managed cloud environment?
Question345: Hardening the operating system refers to all of the following except:
Question346: Clustered systems can be used to ensure high availability and load balancing across individual systems through a variety of methodologies.
What process is used within a clustered system to ensure proper load balancing and to maintain the health of the overall system to provide high availability?
Question347: When using a PaaS solution, what is the capability provided to the customer?
Question348: You are working for a cloud service provider and receive an eDiscovery order pertaining to one of your customers.
Which of the following would be the most appropriate action to take first?
Question349: Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?
Question350: Which kind of SSAE audit reviews controls dealing with the organization's controls for assuring the confidentiality, integrity, and availability of data?
Question351: What is the correct order of the phases of the data life cycle?
Question352: Which ISO standard refers to addressing security risks in a supply chain?
Question353: What concept does the "T" represent in the STRIDE threat model?
Question354: Which crucial aspect of cloud computing can be most threatened by insecure APIs?
Question355: Security best practices in a virtualized network environment would include which of the following?
Response:
Question356: The European Union passed the first major regulation declaring data privacy to be a human right.
In what year did it go into effect?