CCSK

Question 1

Core of Big Data, the 3 V’s

Answer 1

Volume
Velocity
Variety

Question 2

5 Essentials of Cloud Computing per NIST

Answer 2

Broad Network Access, Rapid elasticity, Measured Service, On Demand Self Service, Resource Pooling

Question 3

3 A’s of Vulnerability

Answer 3

Authentication
Authorization
Accounting

Question 4

Service Models

Answer 4

Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)

Question 5

Deployment Models

Answer 5

Public
Private
Hybrid
Community

Question 6

IaaS

Answer 6

provider is responsible for foundational security, while the cloud user is responsible for everything they build on the infrastructure. Unlike PaaS, this places far more responsibility on the client

Question 7

PaaS

Answer 7

Cloud provider is responsible for the security of the platform, while the consumer is responsible for everything they implement on the platform, including how they configure any offered security features

Question 8

SaaS

Answer 8

cloud provider is responsible for nearly all security

Question 9

Logical Model

Answer 9

Infrastructure
Metastructure
Infostructure
Applistructure

Question 10

Cloud Security Process Model

Answer 10

Identify Requirements
Select Provider
Define Architecture
Assess Security Controls
Identify Gaps
Design and Implement Controls 
Manage Changes

Question 11

Cloud Security Models

Answer 11

Conceptual Model/Framework
Control Model/Framework
Reference Architecture
Design Patterns

Question 12

Design patterns

Answer 12

are reusable solutions to problems

Question 13

Reference architectures

Answer 13

templates for implementing cloud security, typically generalized They can be very abstract, bordering on conceptual, or quite detailed

Question 14

Controls models or frameworks

Answer 14

specific cloud security controls or

categories of controls, such as the CSA CCM

Question 15

Conceptual models or frameworks

Answer 15

visualizations and descriptions used to explain cloud security concepts and principles

Question 16

Infrastructure

Answer 16

Core components of a computing system: compute, network, and storage foundation that everything else is built on

Question 17

Metastructure

Answer 17

protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The Glue that holds it all together. Main difference between cloud and traditional computing

Question 18

Infostructure

Answer 18

data and information. Content in a database, file storage, etc.

Question 19

Applistructure

Answer 19

applications deployed in the cloud and the underlying application services used to build them

Question 20

Three main aspects of BC/DR

Answer 20

• Ensuring continuity and recovery. tools and techniques to best architect cloud deployment, keep things running.
• Preparing for and managing provider outages.
• Considering options for portability in case you need to migrate providers or platforms

Question 21

BC/DR

Answer 21

is a shared responsibility takes a risk-based approach must account for the entire logical stack

Question 22

Enterprise risk management (ERM)

Answer 22

includes managing overall risk for the organization, aligned to the organization’s governance and risk tolerance. Enterprise risk management includes all areas of risk, not merely those concerned with technology
Based on Shared Responsibility Model

Question 23

Governance

Answer 23

(Cannot be Outsourced)
includes the policy, process, and internal controls that comprise how an organization is run. Everything from the structures and policies to the leadership and other mechanisms for management

Question 24

Information risk management

Answer 24

covers managing the risk to information, including information technology

Question 25

Information security

Answer 25

is the tools and practices to manage risk to information

Question 26

Contracts:

Answer 26

primary tool of governance is the contract between a cloud provider and a cloud customer (this is true for public and private cloud). The contract is your only guarantee of any level of service or commitment—assuming there is no breach of contract

Question 27

Supplier Assessments:

Answer 27

assessments are performed by the potential cloud customer using available information and allowed processes techniques. They combine contractual and manual research with third-party attestations and technical research

Question 28

Attestation

Answer 28

legal statements often used to communicate the results of an assessment or audit

Question 29

Compliance reporting

Answer 29

The documentation on a provider’s internal (i.e. self) and external compliance assessments Can be performed by provider, customer or 3rd party (preferred)

Question 30

Cloud Security Alliance STAR Registry

Answer 30

an assurance program and documentation registry for cloud provider assessments based on the CSA Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire

Question 31

Risk tolerance

Answer 31

amount of risk that the leadership and stakeholders of an organization are willing to accept. It varies based on asset and you shouldn’t make a blanket risk decision about a particular provider; rather, assessments should align with the value and requirements of the assets involved

Question 32

Cloud Risk Management Tools

Answer 32

• Request or acquire documentation.
• Review their security program and documentation.
• Review any legal, regulatory, contractual, and jurisdictional requirements for both the provider and yourself.
• Evaluate the contracted service in the context of your information assets.
• Separately evaluate the overall provider, such as finances/stability, reputation, and outsourcers.

Question 33

Residual risk

Answer 33

after all your assessments and the controls that you implement yourself there is still residual risk your only options are to transfer it,
accept the risk, or avoid it

Question 34

Data Protection

Answer 34

Laws and regulations vary greatly depending on location of provider, user, servers, data subject, treaties

Question 35

Cross-border Data Transfers

Answer 35

countries prohibit or restrict the transfer of information out of their borders. In most cases, the transfer is permitted only if the country to which the data is transferred offers an “adequate level of protection”

Question 36

General Data Protection Regulation (GDPR)

Answer 36

directly binding on any corporation that processes the data of EU citizens, and will be adjudicated by the data supervisory authorities or the courts of the member states that have the closest relationship with the individuals or the entities on both sides of the dispute

Question 37

Applicability

Answer 37

processing of personal data in the context of the activities of an establishment of a controller or processor

Question 38

Processing of personal data is allowed if?

Answer 38

(a) the data subject has freely given specific, informed, and unambiguous indication of his/her consent to the processing of his/her personal data or
(b) the processing is authorized by a statutory provision

Question 39

Accountability Obligations

Answer 39

requirements placed companies to keep records of their data processing activities

Question 40

Data Subjects’ Rights

Answer 40

subjects have rights to information regarding the processing of their data: the right to object to certain uses of their personal data; to have their data corrected or erased; to be compensated for damages suffered because of unlawful processing; the right to be forgotten; and the right to data portability

Question 41

Network Information Security Directive

Answer 41

framework to enable networks and information systems to resist, at a given level of confidence

Question 42

Scope of Preservation

Answer 42

Data that a requesting part is entitled to. It is hosted in the cloud and contains, or is reasonably calculated to lead to, relevant, probative information for the legal issue at hand

Question 43

Dynamic and Shared Storage

Answer 43

cloud environment that programmatically modifies or purges data, or one where the data is shared with people unaware of the need to preserve, preservation can be more difficult.

Question 44

Access and Bandwidth

Answer 44

Clients ability to access it own data.
Determined by Service Level Agreements.
Ability to collect large volumes of data quickly and in a forensically sound manner may be limited

Question 45

Forensics

Answer 45

by-bit imaging of a cloud data source is generally difficult or impossible. For obvious security reasons, providers are reluctant to allow access to their hardware, particularly in a multitenant environment where a client could gain access to other clients’ data

Question 46

Reasonable Integrity

Answer 46

reasonable steps to validate that its collection from its cloud provider is complete and accurate, especially were ordinary business procedures for the request are unavailable and litigation-specific measures are being used to obtain the information

Question 47

Limits to Accessibility:

Answer 47

When Cloud customer cannot access their data due to access rights, privileges and how data is stored

Question 48

Compliance

Answer 48

validates awareness of and adherence to corporate obligations (e.g., corporate social responsibility, ethics, applicable laws, regulations, contracts, strategies, and policies)

Question 49

Audits

Answer 49

key tool for proving (or disproving) compliance

Question 50

pass-through audits

Answer 50

providers certified for various regulations and industry requirements, such as PCI DSS, SOC1, SOC2, HIPAA, best practices/frameworks like CSA CCM, and global/regional regulations like the EU GDPR

Question 51

Artifacts

Answer 51

The logs, documentation, and other materials needed for audits and compliance; they are the evidence to support
compliance activities

Question 52

Multitenancy data governance

Answer 52

data is stored in the public cloud, it’s stored on shared infrastructure with other, untrusted tenants

Question 53

Shared security responsibility

Answer 53

Data is now more likely to be owned and managed by different teams or even organizations

Question 54

Ownership

Answer 54

Owner of the data, may not always be clear and depends on laws, contracts, and policies

Question 55

Custodianship

Answer 55

Refers to who is managing the data

Question 56

Jurisdictional boundaries and data sovereignty

Answer 56

Locations where the data is stored

Question 57

3 things that are impacted by cloud due to the combination of a third-party provider and jurisdictional changes

Answer 57

Compliance, regulations, and privacy policies

Question 58

Destruction and removal of data

Answer 58

ties into the technical capabilities of the cloud platform. Can you ensure the destruction and removal of data in accordance with policy

Question 59

Information Classification

Answer 59

Tied to compliance, determines how and where data can and cannot be stored. (Personnel files, Medical files etc.)

Question 60

Information Management Policies

Answer 60

tie to classification and the cloud needs to be added if you have them. They should also cover the different SPI tiers, since sending data to a SaaS vendor versus building your own IaaS app is very different

Question 61

Data Security Lifecycle

Answer 61

Create, Store, Use, Share, Archive, Destroy ↻

Question 62

Create

Answer 62

Creation is the generation of new digital content, or the alteration/updating/modifying of existing content

Question 63

Store

Answer 63

Storing is the act committing the digital data to some sort of storage repository and typically occurs nearly simultaneously with creation

Question 64

Use

Answer 64

Data is viewed, processed, or otherwise used in some sort of activity, not including modification

Question 65

Share

Answer 65

Information is made accessible to others, such as between users, to customers, and to partners

Question 66

Archive

Answer 66

Data leaves active use and enters long-term storage

Question 67

Destroy

Answer 67

Data is permanently destroyed using physical or digital means (e.g., cryptoshredding)

Question 68

3 Function with Data

Answer 68

Read: ad the data, including creating, copying, file transfers, dissemination, and other exchanges
Process: transaction on the data; update it, use it
Store. Hold the data (in a file, database, etc.)

Question 69

management plane

Answer 69

is the single most significant security difference between traditional infrastructure and cloud computing
• The cloud provider is responsible for ensuring the management plane is secure and necessary security features are exposed to the cloud user, such as granular entitlements to control what someone can do even if they have management plane access.
• The cloud user is responsible for properly configuring their use of the management plane, as well as for securing and managing their credentials

Question 70

Architect for Failure

Answer 70

Do not rely on traditional strategies (lift and shift) when migrating to the cloud. They will be less resilient. Leverage new cross platform and isolation technologies to improve failover

Question 71

Ways to access the Management Plane

Answer 71

APIs and web consoles are the way the management plane is delivered

Question 72

Software Development Kits (SDKs) and Command Line Interfaces (CLIs)

Answer 72

Tools provided by the cloud provider to make integration easier

Question 73

Identity and Access Management (IAM)

Answer 73

identification, authentication, and authorizations. How you determine who can do what within your cloud

Question 74

authentication mechanisms in REST

Answer 74

HTTP request signing and OAuth are the most common; both leverage cryptographic techniques to validate

Question 75

Protecting from attacks against the management plane’s components itself, such as the web and API servers. It includes both lower-level network defenses as well as higher-level defenses against application attacks

Answer 75

Perimeter Security

Question 76

Customer authentication

Answer 76

Providing secure mechanisms for customers to authenticate to the management plane should support MFA as an option or requirement

Question 77

Internal authentication and credential passing

Answer 77

mechanisms your own employees use to connect with the non-customer-facing portions of the management plane

Question 78

Authorization and entitlements

Answer 78

Right and access given to customer and administrators.

Question 79

Logging, monitoring, and alerting

Answer 79

Are essential for effective security and compliance Alerting of unusual events is an important security control to ensure that monitoring is actionable

Question 80

Chaos Engineering

Answer 80

used to help build resilient cloud deployments. Since everything cloud is API-based, Chaos Engineering uses tools to selectively degrade portions of the cloud to continuously test business continuity

Question 81

two macro layers to infrastructure

Answer 81

Fundamental resources and abstract/virtual layer

Question 82

Cloud Network Types

Answer 82

service network for communications between virtual machines and the Internet
&
storage network to connect virtual storage to virtual machine
&
management network for management and API traffic

Question 83

Software Defined Networking (SDN):

Answer 83

complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data plane

Question 84

Challenges of Virtual Appliances

Answer 84

Bottlenecks, resource consumption, auto-scaling, geographical location, resiliency

Question 85

SDN Security Benefits

Answer 85

Isolation is easier, firewalls with more flexible parameters and more granular

Question 86

Microsegmentation

Answer 86

leverages virtual network topologies to run more, smaller, and more isolated networks without incurring additional hardware costs that historically make such models prohibitive

Question 87

3 Parts of Software Defined Perimeter (SDP)

Answer 87

SDP controller for authenticating and authorizing
SDP clients and configuring the connections to
SDP gateways for terminating

Question 88

Bastion

Answer 88

Hybrid cloud architecture to allow connections to multiple cloud networks to data centers using a single hybrid connection

Question 89

Containers

Answer 89

code execution environments that run within an operating system only has access to the processes and capabilities defined in the container configuration

Question 90

Platform-based workloads

Answer 90

Stored procedure running inside a multitenant database, or a machine-learning job running on a machine-learning Platform as a Service

Question 91

Serverless computing

Answer 91

any situation were the cloud user doesn’t manage any of the underlying hardware or virtual machines, and just accesses exposed functions

Question 92

Immutable workloads Benefits

Answer 92

No longer patching running systems
You can, and should, disable remote logins to running workloads
faster to roll out updated versions
easier to disable services and whitelist applications/processes
security testing can be managed during image creation, reducing the need for vulnerability assessment

Question 93

Immutable requirements

Answer 93

Constant image creation
Security testing built into image creation
Image config needs to be able to disable logins
Increased complexity to manage

Question 94

Challenges to Vulnerability Assessment

Answer 94

Cloud owner will typically require notification of assessments and place limits on the nature of assessments
Default deny networks further limit the potential effectiveness of an automated network Assessment
Assessments can be run during the image creation process for immutable workloads
Penetration testing is less affected since it still uses the same scope as an attacker

Question 95

Cloud Provider Compute Virtualization responsibilities

Answer 95

Ensure isolation

Secure underlying infrastructure and virtualization technology

Question 96

Cloud User Compute Virtualization responsibilities

Answer 96

Security settings, such as identity management, to the virtual resources
Monitoring and logging
Image asset management
Use of dedicated hosting, if available

(Everything they build on top of the providers network )

Question 97

Cloud Overlay Networks

Answer 97

Special kind of WAN virtualization technology for created networks that span multiple “base” networks

Question 98

2 main types of Storage virtualization

Answer 98

Storage Area Network (SAN) and Network-Attached Storage (NAS)

Question 99

3 components of a Container

Answer 99

Execution environment
Orchestration and scheduling
Repository for execution

Question 100

Incident Response Lifecycle

Answer 100

Preparation
Detection & Analysis
Containment, Eradication, Recovery
Post-Mortem

Question 101

Preparation:

Answer 101

Establishing an incident response capability so that the organization is ready to
respond to incidents.
• Process to handle the incidents.
• Handler communications and facilities.
• Incident analysis hardware and software.
• Internal documentation (port lists, asset lists, network diagrams, current baselines of
network traffic).
• Identifying training.
• Evaluating infrastructure by proactive scanning and network monitoring, vulnerability
assessments, and performing risk assessments.
• Subscribing to third-party threat intelligence services.

Question 102

Detection and Analysis

Answer 102

• Alerts, indicators of compromise, baseline and anomaly detection
• Validate alerts (reducing false positives) and escalation.
• Estimate the scope of the incident.
• Assign an Incident Manager who will coordinate further actions.
• Designate a spokes person to communicate to senior management.
• Build a timeline of the attack.
• Determine the extent of the potential data loss.
• Notification and coordination activities.

Question 103

Containment, Eradication, Recovery

Answer 103

• Containment: Taking systems offline. Considerations for data loss versus service
availability. Ensuring systems don’t destroy themselves upon detection.
• Eradication and Recovery: Clean up compromised devices and restore systems to normaloperation. Confirm systems are functioning properly. Deploy controls to prevent similar incidents.
• Documenting the incident and gathering evidence (chain of custody).

Question 104

Post Mortem

Answer 104

What could have been done better? Could the attack have been detected sooner? What
additional data would have been helpful to isolate the attack faster? Does the IR process
need to change? If so, how?

Question 105

Cloud jump kit

Answer 105

tools needed to investigate in a remote location

Question 106

Forensics and investigative support

Answer 106

Snapshotting the storage of the virtual machine.
Capturing any metadata at the time of alert
If your provider supports it, “pausing” the virtual machine, which will save the volatile memory state.

Question 107

Service Level Agreement (SLA)

Answer 107

Contract describing the level of support users will get from providers incase of an incident

Question 108

How often should IR Testing be done?

Answer 108

will be conducted at least annually or whenever there are significant changes to the application architecture

Question 109

Application Sec Opportunities

Answer 109

Higher baseline security.
Responsiveness
Isolated environments
Independent virtual machines
Elasticity
DevOps
Unified Interface

Question 110

Application Sec Challenges

Answer 110

Limited detailed visibility
Increased application scope.
Changing threat models
Reduced transparency

Question 111

Secure Software Development Lifecycle (SSDLC):

Answer 111

series of security activities during all phases of application development, deployment, and operations

Question 112

Five main phases in secure application design and development

Answer 112

Training
Define
Design
Develop
Test

Question 113

Benefits of DevOps and Continuous Integration/Continuous Deployment (CI/CD)

Answer 113

Standardization:
Automated testing:
Immutable: CI/CD pipelines
Improved auditing and change management:
SecDevOps/DevSecOps and Rugged DevOps:

Question 114

SSDLC Model

Answer 114

Secure Design and Development
Secure Deployment
Secure Operations

Question 115

Training

Answer 115

• Secure Coding Practices
• Writing security tests
• Provider/Platform Technical Training

Question 116

Define

Answer 116

When the cloud user determines the approved architectures or features/tools for the provider, security standards, and other requirements

Question 117

Design

Answer 117

Threat modeling

Secure design

Question 118

Develop

Answer 118

Code review
Unit testing
Static Analysis
Dynamic Analysis

Question 119

Test

Answer 119

• Vulnerability Assessment
• Dynamic Analysis
• Functional tests
• QA

Question 120

Secure Deployment

Answer 120

security and testing activities when moving code from an isolated
development environment into production such as
Code Review
Unit, regression, and functional testing
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)

Question 121

How Cloud Impacts Application Design and Architectures

Answer 121

Segregation by default
Immutable infrastructure
Increased use of micro-services
PaaS and “serverless” architectures

Question 122

Event driven security:

Answer 122

Management plane detects various activities—such as a file being uploaded to a designated object storage location or a configuration change to the network or identity management—which can in turn trigger code execution through a notification message, or via serverless hosted code

Question 123

Data security Buckets

Answer 123

Controlling what goes in
Protecting and Managing
Enforcing information lifecycle management security

Question 124

Data Storage types

Answer 124

Object: storage is like a file system
Volume storage: This is essentially a virtual hard drive
Database: Like any other database
Application/platform: Examples of these would be a content delivery network (CDN), files stored in SaaS, caching, and other novel options

Question 125

Data dispersion aka data fragmentation of bit splitting

Answer 125

redundant, durable storage mechanisms takes chunks of data, breaks them up, and then stores multiple copies on different physical storage to provide high durability

Question 126

Cloud Access and Security Brokers (CASB) aka Cloud Security Gateways

Answer 126

Used to discover internal use of cloud services using various mechanisms such as network monitoring, integrating with an existing network gateway or monitoring tool, or even by monitoring DNS queries

Question 127

URL filtering

Answer 127

Tool to monitor network traffic, gateway may help you understand which cloud services your users are using

Question 128

Data Loss Prevention (DLP)

Answer 128

tool may also help detect data migrations to cloud services

Question 129

Cloud Data Access Controls 3 layers

Answer 129

Management plane
Public and internal sharing controls
Application-level controls

Question 130

Encryption

Answer 130

Encryption

protects data by applying a mathematical algorithm that “scrambles” the data, which then can only be recovered by running it through an unscrambling (decryption) process with a corresponding key

Question 131

Tokenization

Answer 131

takes the data and replaces it with a random value. often used when the format of the data is important

Question 132

Instance-managed encryption

Answer 132

encryption engine runs within the instance, and the key is stored in the volume but protected by a passphrase
or keypair

Question 133

Externally managed encryption

Answer 133

Encryption engine runs in the instance, but the keys are managed externally and issued to the instance on request

Question 134

Key management options

Answer 134

HMS/Appliance
Virtual Appliance
Cloud Provider
Hybrid

Question 135

HSM/appliance

Answer 135

Traditional hardware security module needs to be on-premises, and deliver the keys to the cloud over a dedicated connection

Question 136

Virtual appliance/software

Answer 136

Software-based key manager in the cloud

Question 137

Cloud provider Encryption

Answer 137

Key management service offered by the cloud provider understand the security model and SLAs to understand if
your key could be exposed

Question 138

Hybrid Encryption

Answer 138

combination, such as using a HSM as the root of trust for keys but then delivering application-specific keys to a virtual appliance

Question 139

Digital Rights Management (DRM)/Enterprise Rights Management (ERM)

Answer 139

are based on encryption and existing tools may break cloud capabilities especially in SaaS

Question 140

Full DRM

Answer 140

Full digital rights management using an existing tool

Question 141

Provider-based control:

Answer 141

cloud platform may be able to enforce controls very similar to full DRM by using native capabilities

Question 142

Data Masking and Test Data Generation

Answer 142

These are techniques to protect data used in development and test environments, or to limit real-time
access to data in applications

Question 143

Test data generation

Answer 143

creation of a database with non-sensitive test data based on a “real” database

Question 144

Dynamic masking

Answer 144

rewrites data on the fly, typically using a proxy mechanism, to mask all or part of data delivered to a user

Question 145

Managing data location/residency

Answer 145

Ability to disable unneeded locations and protect the data even it it changes locations

Question 146

Identity:

Answer 146

the unique expression of an entity within a given namespace. An entity can have
multiple digital identities

Question 147

Entity

Answer 147

the person or “thing” that will have an identity. It could be an individual, a system, a device, or application code.

Question 148

Identifier

Answer 148

how an identity can be asserted. For digital identities this is often a cryptological token

Question 149

Attributes:

Answer 149

facets of an identity

Question 150

Persona:

Answer 150

the expression of an identity with attributes that indicates context

Question 151

Role

Answer 151

identities can have multiple roles which indicate context

Question 152

Authentication

Answer 152

the process of confirming an identity (Username and password)

Question 153

Multifactor Authentication (MFA):

Answer 153

use of multiple factors in authentication. Common options include one-time passwords generated by a physical or virtual device/token (OTP)

Question 154

Access control

Answer 154

restricting access to a resource

Question 155

Authorization:

Answer 155

allowing an identity access to something

Question 156

Entitlement:

Answer 156

mapping an identity (including roles, personas, and attributes) to an authorization

Question 157

Federated Identity Management

Answer 157

the process of asserting an identity across different systems (Single Sign on)

Question 158

Authoritative source

Answer 158

the “root” source of an identity, such as the directory server that manages employee identities

Question 159

Identity Provider

Answer 159

the source of the identity in federation

Question 160

Relying Party

Answer 160

the system that relies on an identity assertion from an identity provider

Question 161

IAM Standards

Answer 161

SAML
OAuth
OpenID
XACML
SCIM

Question 162

Security Assertion Markup Language (SAML)

Answer 162

OASIS standard for federated identity management that supports both authentication and authorization. It uses XML to make assertions between an identity provider and a relying party

Question 163

OAuth

Answer 163

is an IETF standard for authorization that is very widely used for web services as it was designed for HTTP

Question 164

OpenID

Answer 164

is a standard for federated authentication that is very widely supported for web
services. It is based on HTTP with URLs

Question 165

eXtensible Access Control Markup Language (XACML)

Answer 165

is a standard for defining attribute-based access controls

Question 166

System for Cross-domain Identity Management (SCIM)

Answer 166

is a standard for exchanging identity information between domains

Question 167

Identity Broker Models

Answer 167

Hub and Spoke

Free Form

Question 168

Free-Form

Answer 168

internal identity providers/sources (often directory servers) connect directly to cloud providers

Question 169

Hub and spoke:

Answer 169

internal identity providers/sources communicate with a central broker or repository that then serves as the identity provider for federation to cloud providers

Question 170

Identity brokers

Answer 170

handle federating between identity providers and relying parties

Question 171

Security as a Service (SecaaS)

Answer 171

security products or services that are delivered as a cloud service meet the essential NIST characteristics

Question 172

SecaaS Benefits

Answer 172

Cloud-computing benefits
Staffing and expertise.
Intelligence-sharing.
Deployment flexibility.
Insulation of clients.
Scaling and cost

Question 173

SecaaS Concerns

Answer 173

Lack of visibility.
Regulation differences
Handling of regulated data
Data leakage
Changing providers
Migration to SecaaS.

Question 174

Intrusion Detection/Prevention (IDS/IPS)

Answer 174

monitoring behavior patterns using rule-based, heuristic, or behavioral models to detect anomalies in activity which might present risks to the enterprise

Question 175

Security Information & Event Management (SIEM)

Answer 175

Collecting (via push or pull mechanisms) log and event data from virtual and real networks, applications, and systems

Question 176

Big data

Answer 176

collection of technologies for working with extremely large datasets that traditional data-processing tools are unable to manage

Question 177

Distributed data collection:

Answer 177

Mechanisms to ingest large volumes of data, often of a streaming nature

Question 178

Distributed storage

Answer 178

ability to store the large data sets in distributed file systems

Question 179

Distributed processing

Answer 179

Tools capable of distributing processing jobs for the effective analysis of data sets so massive and rapidly changing that single origin processing can’t effectively handle them

Question 180

Internet of Things (IoT)

Answer 180

Blanket term for non-traditional computing devices used in the physical world that utilize Internet connectivity

Question 181

ENISA Security Benefits

Answer 181

SECURITY AND THE BENEFITS OF SCALE
SECURITY AS A MARKET DIFFERENTIATOR
STANDARDISED INTERFACES FOR MANAGED
RAPID, SMART SCALING OF RESOURCES
AUDIT AND EVIDENCE-GATHERING
MORE TIMELY, EFFECTIVE AND EFFICIENT UPDATES AND DEFAULTS
BENEFITS OF RESOURCE CONCENTRATION

Question 182

ENISA Risks

Answer 182

LOSS OF GOVERNANCE:
LOCK-IN:
ISOLATION FAILURE
COMPLIANCE RISKS
MANAGEMENT INTERFACE COMPROMISE
DATA PROTECTION
INSECURE OR INCOMPLETE DATA DELETION
MALICIOUS INSIDER

Question 183

CAIQ

Answer 183

is a standard template for cloud providers to document their security and compliance controls.

Question 184

Cloud Controls Matrix (CCM)

Answer 184

lists cloud security controls and maps them to multiple security and compliance standards

Question 185

True or False

NIS Directive establishes a framework to enable networks and information systems to resist at a given level of confidence actions that compromise the availability authenticity integrity or confidentiality of stored transmitted or processed data or the related services that are offered by or accessible through those networks and information systems

Answer 185

TRUE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Question 186

Granular Entitlements

Answer 186

Enable customers to securely manage their own users and administrators. Internally, granular entitlements reduce the impact of administrators’ accounts being compromised or employee abuse