3. Cloud Data Security Flashcards
Naomi is working on a list that will include data obfuscation options for her organization. Which of the following is not a type of data obfuscation technique?
A. Tokenization
B. Data hiding
C. Anonymization
D. Masking
Answer: B. Data hiding
Data hiding is not a data obfuscation technique. It is used in programming to restrict data class access. Tokenization, masking, and anonymization are all obfuscation techniques.
The goals of SIEM solution implementations include all of the following except ___________________.
A. Centralization of log streams
B. Trend analysis
C. Dashboarding
D. Performance enhancement
Answer: D. Performance enhancement
SIEM is not intended to provide any enhancement of performance; in fact, a SIEM solution may decrease performance because of additional overhead. All the rest are goals of SIEM implementations.
Wei’s organization uses Lambda functions as part of a serverless application inside of its Amazon-hosted environment. What storage type should Wei consider the storage associated with the instances to be?
A. Long-term
B. Medium term
C. Ephemeral
D. Instantaneous
Answer: C. Ephemeral
The CCSP Exam Outline (Candidate Information Bulletin) describes three types of storage: long term, ephemeral, and raw. Lambda functions use storage that will be destroyed
when they are re- instantiated, making this storage ephemeral storage.
Selah wants to securely store her organization’s encryption keys. What solution should she ask her cloud service provider about?
A. A PKI
B. A DLP
C. A Cloud HSM
D. A CRL
Answer: C. A Cloud HSM
Cloud hardware security modules, or HSMs, are used to create, store, and manage encryption keys and other secrets. Selah should ask her cloud service provider if they have
an HSM service or capability that suits her organization’s needs. A PKI is a public key infrastructure. and is used to create and manage certificates, a DLP is a data loss prevention tool, and a CRL is a certificate revocation list.
Jim’s organization wants to ensure that it has the right information available in case of an attack against its web server. Which of the following data elements is not commonly used and thus shouldn’t be expected to be logged?
A. The version of the executable run
B. The service name
C. The source IP address of the traffic
D. The destination IP address of the traffic
Answer: A. The version of the executable run
Versions of executables for a service are not typically logged. While it may be useful to track patch status, versions of applications and services are not tracked via event logs. IP addresses for both source and destination for events and queries and the service name itself are often logged to identify what happened and where traffic was going.
Susan wants to ensure that files containing credit card numbers are not stored in her organization’s cloud-based file storage. If she deploys a DLP system, what method should she use to identify files with credit card numbers to have the best chance of finding them, even if she may encounter some false positives?
A. Manually tag files with credit card numbers at creation.
B. Require users to save files containing credit card numbers with specific file- naming conventions.
C. Scan for credit card numbers based on a pattern match or algorithm.
D. Tag files with credit card numbers at destruction.
Answer: C. Scan for credit card numbers based on a pattern match or algorithm.
Scanning for credit card numbers using the DLP tool and a pattern match or algorithm is most likely to find all occurrences of credit card numbers, despite some false positives. Tagging files that have credit card numbers manually is likely to be error-prone, finding them at destruction or deletion won’t help during the rest of the lifecycle, and, of course, requiring users to use specific filenames is likely to lead to mistakes as well.
Rhonda is outlining the threats to her cloud storage environment. Which of the following is not a common threat to cloud storage?
A. Credential theft or compromise
B. Infection with malware or ransomware
C. Privilege reuse
D. Human error
Answer: C. Privilege reuse
While privilege escalation is a concern, privilege reuse is not a typical threat. Privileged users will use their credentials as appropriate or necessary. Credential theft or compromise,
infection with malware, and human error are all common threats to both cloud and on-premises storage.
Ben wants to implement tokenization for his organization’s data. What will he need to be able to implement it?
A. Authentication factors
B. Databases
C. Encryption keys
D. Personnel
Answer: B. Databases
In order to implement tokenization, there will need to be two databases: the database containing the raw, original data and the token database containing tokens that map to the original
data. Having two-factor authentication is nice but certainly not required. Encryption keys are not necessary for tokenization. Two-person integrity does not have anything to do with tokenization.
Yasmine’s organization has identified data masking as a key security control. Which of the following functions will it provide?
A. Secure remote access
B. Enforcing least privilege
C. Testing data in sandboxed environments
D. Authentication of privileged users
Answer: C. Testing data in sandboxed environments
Data masking is very useful when testing. It doesn’t provide features that help with remote access, least privilege, or authentication.
Megan wants to improve the controls provided by her organization’s data loss prevention (DLP) tool. What additional tool can be combined with her DLP to most effectively enhance data controls?
A. IRM
B. SIEM
C. Kerberos
D. Hypervisors
Answer: A. IRM
DLP can be combined with IRM tools to protect intellectual property; both are designed to deal with data that falls into special categories. SIEMs are used for monitoring event logs,
not live data movement. Kerberos is an authentication mechanism. Hypervisors are used for virtualization.
What phase of the cloud data lifecycle involves data labeling?
A. Create
B. Store
C. Use
D. Archive
Answer: A. Create
Data labeling should be done when data is created to ensure that it receives the proper labels and can immediately be processed and handled according to security rules for data
with that label. Labels may be modified during the Use, Store, and Archive phases to assist with lifecycle management
Charles wants to ensure that files in his cloud file system have not been changed. What technique can he use to compare files to determine if changes have been made?
A. Obfuscation
B. Masking
C. Tokenization
D. Hashing
Answer: D. Hashing
Hashes can be created for both original copies and current copies and can be compared. If the hashes are different, the file has changed. Obfuscation, masking, and tokenization all
describe methods of concealing data to prevent misuse.
Liam wants to store the private keys used to generate certificates for his organization. What security level should he apply to those keys?
A. The highest level of security possible.
B. The same or lower than the data the certificates protect.
C. The same or greater than the data that the certificates protect.
D. Private keys can be shared without issues.
Answer: C. The same or greater than the data that the certificates protect.
Private keys used for certificates should be stored at the same or greater level of protection than that of the data that they’re used to protect. Private keys should not be shared; public keys are intended to be shared. The highest level of security possible may be greater than the needed level of security depending on the organization’s practices and needs.
Best practices for key management include all of the following except___________________.
A. Having key recovery processes
B. Maintaining key security
C. Passing keys out of band
D. Ensuring multifactor authentication
Answer: D. Ensuring multifactor authentication
All of these are key management best practices except for requiring multifactor authentication. Multifactor authentication might be an element of access control for keys, but it is not specifically an element of key management.
Valerie wants to be able to refer to data contained in a database without having the actual values in use. What obfuscation technique should she select?
A. Masking
B. Tokenization
C. Anonymization
D. Randomization
Answer: B. Tokenization
Tokenization replaces data with tokens, allowing referential integrity while removing the actual sensitive data. Masking replaces digits with meaningless characters. Randomization
replaces data with randomized information with similar characteristics, preserving the ability to test with the data while attempting to remove any sensitivity, and anonymization removes potentially identifying data.
Samuel wants to check what country a file was accessed from. What information can he use to make a guess as accurate as possible, given information typically available in log entries?
A. The username
B. The source IP address of the request
C. The destination IP address of the request
D. The hostname
Answer: B. The source IP address of the request
The source IP address of a request combined with a geolocation or geoIP service will provide the best guess at where in the world the request came from. This can be inaccurate due to VPNs and other technologies, but having information contained in logs will provide Samuel with the best chance of identifying the location. Host names and usernames do not provide location data reliably.
What is the correct order of the phases of the data lifecycle?
A. Create, Store, Use, Archive, Share, Destroy
B. Create, Store, Use, Share, Archive, Destroy
C. Create, Use, Store, Share, Archive, Destroy
D. Create, Archive, Store, Share, Use, Destroy
Answer: B. Create, Store, Use, Share, Archive, Destroy
The cloud data lifecycle is Create, Store, Use, Share, Archive, Destroy.
Stanislaw wants to use log information to create accountability for data events. Which of the following data elements would be most useful for his purpose?
A. Time stamps
B. Host IP addresses
C. UserIDs
D. Certificate IDs
Answer: C. UserIDs
UserIDs are the most useful of these data elements when determining accountability for actions. If a UserID is paired with log entries, the individual (or at least their account) under-
took the action in the log. Time stamps and host IP addresses are both useful, but without a UserID, they don’t contain enough information to identify who performed the action. Certificate IDs may or may not be relevant depending on system and infrastructure design.
Nina replaces all but the last four digits of credit card numbers stored in a database with asterisks. What data obfuscation technique has she used?
A. Masking
B. Randomization
C. Tokenization
D. Anonymization
Answer: A. Masking
Masking replaces digits with meaningless characters. Randomization replaces data with randomized information with similar characteristics, preserving the ability to test with the data while attempting to remove any sensitivity. Tokenization replaces data with tokens, allowing referential integrity while removing the actual sensitive data, and anonymization removes potentially identifying data.
Greg has implemented logging for his company’s worldwide web services implementation running in Azure. What concern should Greg address when he enables logging of all web
requests?
A. Data lifecycle planning
B. Secrets management
C. Log volume
D. Geolocation of log events
Answer: C. Log volume
The first concern Greg will need to address with a large- scale web application environment with logging of all web requests is the sheer volume of the data captured. Once he has
addressed how his organization will store, analyze, and act on those log entries, he can think more fully about the lifecycle and life span of the data. Geolocation can be performed with
IP addresses in the logs, and secrets management may be required for services, but isn’t a primary concern in this scenario.
