Boot Camp Reference Material Flashcards

1
Q

Which of the following threat types involves an application that does not validate authorization for portions of
itself after the initial checks?

A

Missing function-level access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the management plane typically utilize to perform administrative functions on the hypervisors that it
has access to?

A

APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following standards primarily pertains to cabling designs and setups in a data center?

A

Building Industry Consulting Service International (BICSI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is used for local, physical access to hardware within a data center?

A

KVM (keyboard, video, mouse) switches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following roles is responsible for overseeing customer relationships and the processing of
financial transactions?

A

Cloud service business manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following roles involves the provisioning and delivery of cloud services?

A

Cloud service manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is an object stored within an object storage system?

A

Key value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the two protocols that TLS uses?

A

Handshake and record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following roles is responsible for peering with other cloud services and providers?

A

Inter-cloud provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The ____________ is responsible for peering with other cloud services and providers, as well as
overseeing and managing federations and federated services.

A

inter-cloud provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following storage types is most closely associated with a traditional file system and tree
structure?

A

Volume

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What must be secured on physical hardware to prevent unauthorized access to systems?

A

BIOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If you’re using iSCSI in a cloud environment, what must come from an external protocol or application?

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following pertains to a macro level approach to data center design rather than the traditional
tiered approach to data centers?

A

International Data Center Authority (IDCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The standards put out by the_____________ have established the Infinity
Paradigm, which is intended to be a comprehensive data center design and operations framework. The Infinity
Paradigm shifts away from many models that rely on tiered architecture for data centers, where each
successive tier increases redundancy. Instead, it emphasizes data centers being approached at a macro level,
without a specific and isolated focus on certain aspects to achieve tier status.

A

International Data Center Authority (IDCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the data encapsulation used with the SOAP protocol referred to?

A

Envelope

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following threat types involves an application developer leaving references to internal information
and configurations in code that is exposed to the client?

A

Insecure direct object references

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the three components of a federated identity system transaction?

A

Relying party
Identity provider
User

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

________________________is a measure of the amount of time it would take to recover operations in
the event of a disaster to the point where management’s objectives are met for BCDR.

A

The recovery time objective (RTO)

20
Q

________is the measure of data that can be lost in an outage without irreparably damage

A

Recovery point objective (RPO)

21
Q

______is how long an organization can suffer an outage before ceasing to be an organization.

A

Maximum allowable downtime (MAD)

22
Q

_____is the measure of how long an asset is expected to last

A

Mean time to failure (MTTF)

23
Q

What provides the information to an application to make decisions about the authorization level appropriate
when granting access?

A

Identity Provider

24
Q

Which entity requires all collection and storing of data on their citizens to be done on hardware that resides
within their borders?

A

Russia (Russian Law 526-FZ)

25
The European Union passed the first major regulation declaring data privacy to be a human right. In what year did it go into effect?
1995
26
Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?
recovery point objective (RPO)
27
Two very popular tools for maintaining configurations and versioning of software are
Puppet and Chef
28
___________is used within all clustering systems as the method for clusters to provide high availability, scaling, management, and workload distribution and balancing of jobs and processes. From a physical infrastructure perspective, DRS is used to balance compute loads between physical hosts in a cloud to maintain the desired thresholds and limits on the physical hosts.
Dynamic resource scheduling (DRS)
29
Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?
6 months
30
Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?
Confidentiality
31
Cloud Controls Matrix (CCM) Domains?
Application & Interface Security Audit and Assurance Business Continuity Mgmt & Op Resilience Change Control & Configuration Management Cryptography, Encryption and Key Management Data Security & Privacy Lifecycle Management Datacenter Security Governance, Risk Management and Compliance Human Resources Security Identity & Access Management Interoperability & Portability Logging and Monitoring Security Infrastructure & Virtualization Security Incident Management, E-Discovery & Cloud Forensics Supply Chain Management, Transparency & Accountability Universal EndPoint Management Threat & Vulnerability Management
32
Regardless of which cloud-hosting model is used, the cloud provider always has sole responsibility for the _________ environment.
physical
33
The SOC Type 2 audits include what five principles:
security, privacy, processing integrity, availability, and confidentiality.
34
What is the biggest challenge to data discovery in a cloud environment?
Location
35
What is the phrase used to describe the optimization of cloud computing and cloud services for a particular vertical (e.g., a specific industry) or specific application use.
A vertical cloud, or vertical cloud computing,
36
is an international standard that focuses on designing, implementing, and reviewing risk management processes and practices.
ISO/IEC 31000
37
covers information security management systems, including an overview and vocabulary.
ISO/IEC 27000
38
covers information security management for inter-sector and inter-organizational communications.
ISO/IEC 27010
39
covers the requirements for bodies providing audit and certification of information security management systems.
ISO/IEC 27006
40
determines the user’s right to access a certain resource.
Authorization
41
ensures that users can access relevant resources based on their credentials and characteristics of their identity.
Access management
42
ensures that a single user authentication process grants access to multiple information technology (IT) systems or even organizations.
Single sign-on (SSO)
43
provides the policies, processes, and mechanisms that manage identity and trusted access to systems across organizations.
Federated identity management (FIM)
44
What options are all actions that OWASP recommends for reducing the risk of XSS attacks
-Put untrusted data in only allowed slots of HTML documents. -HTML escape when including untrusted data in any HTML elements. -Use the attribute escape when including untrusted data in attribute elements.
45
What is usually considered the difference between business continuity (BC) efforts and disaster recovery (DR) efforts?
BC is about maintaining critical functions during a disruption of normal operations, and DR is about recovering to normal operations after a disruption.