CCSP Domain 2: Architecture and Design Flashcards

Question

Henry wants to follow the OWASP guidelines for key storage. Which of the following is not a best practice for key storage? A. Keys must be stored in plaintext to allow for access. B. Keys must be protected in both volatile and persistent memory. C. Keys stored in databases should be encrypted using key encryption keys. D. Keys should be protected in storage to ensure that they are not modified or changed inadvertently. Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 28). Wiley. Kindle Edition.

Answer 1

A. Keys must be stored in plaintext to allow for access. Explanation: Keys should never be stored in plaintext format and should instead be stored in a secure manner - typically encrypted in a hardware security module or other key vault

Answer 2

C. Share Explanation: While IRMs are useful through many of the phases of the cloud data lifecycle, Marco knows that sharing data is when an IRM is most heavily used to ensure that data is not inadvertently exposed or misused

Answer 3

B. Semi-structured data Explanation: JSON is an example of semi structure data. Other examples include CSV files, XML, NoSQL databses and HTML files

Answer 4

A. It may be slow and costly due to how archival storage is designed and priced. Explanation: Cloud archival storage is typically designed primary as a storage location with infrequent and smaller scale access, not for large scale interactive access like a discovery process will use. It is likely to be a slow and potentially costly effort if the data is scanned while in the archival location

Answer 5

B. Matching fields in one database to fields in another database Explanation: Data mapping is the process of matching fields in databases to allow them to be integrated or for purposes such as data migration

Answer 6

C. Add labels to the file metadata. Explanation: Adding labels as part of the files metadata is a common practice and is less likely to be changed than including them in the file name

Answer 7

D. The data is lost and Nina cannot recover it. Explanation: Key escrow and backup is incredibly important, and once a key is lost, it cannot be recovered and the data should be considered lost. Generating a new key will not decrypt the data, the passphrase isnt sufficient to recover keys and hashing is not a form of encryption and cannot be reversed

Answer 8

D. Structured data Explanation: Madani knows that structured data is well defined and organized and will be the easiest to perform discovery actions on

Answer 9

A. Documenting chain of custody Explanation: Ashley is documenting the chain of custody for the image to ensure it can be used in court.

Answer 10

D. Mapping data Explanation: Data mapping is a term used to describe matching fields in databases to allow data migration or integration. Data classification policies do identify classification levels, assign responsibilities and define roles

Answer 11

B. Automated labeling at the data creation stage Explanation: Labeling data at creation ensures that it can be properly handled through the rest of its lifecycle. Automated labeling is preferable where possible to avoid human error and to accommodate the volume of data that most organizations create

Answer 12

A. Anonymize access using the key Explanation: Anonymizing access using a key removes the ability to provide accountability and works against organizational best practices. Identifying the key, the user and when and how it is used supports accountability for usage

Answer 13

B. Crypto-shredding Explanation: Cryptoshredding is the only viable option in environments controlled or managed by a third party organization in most circumstances. Physical destruction is not permitted or supported by third party provider, nor is degaussing, which will also not work on many modern drives

Answer 14

B. He will need two distinct databases. Explanation: Tokenization relies on two distinct databases, one with actual data and one with tokenized data. Token servers then pull the data the token represents from the real data database when needed. This process does not require encryption, specify FIPS requirements or involve deidentification practices

Answer 15

A. Data discovery to identify sensitive data Explanation: With the source database ready and a tokenization database prepared to be populated, the next step is to identify which data should be tokenized. Not all data is sensitive and thus not all data needs to be tokenized. Once you know what data will be tokenized, you can tokenize it - sometimes by hashing the data. Randomization is not part of this process

Answer 16

C. Dataflow diagrams Explanation: Dataflow diagrams are a critical part of organizational understanding of how data is created, moves and is used throughout an organization. They often include details like ports, protocols, data elements and classification and other details that can help you understand not only where data is but how it gets there and what data is in use

Answer 17

A. Data mapping Explanation: Annie should map the data between the database fields and then use the mappings to help her sort and manage data as needed. Data labeling is used to tag data with important information like classification, creation date or time, or other elements. Column consolidation and columnar aggregation were made up

Answer 18

D. Data lifespan information Explanation: Data lifespan is not a typical entry in a dataflow diagram, since they focus on flows, not policies. Data types, fields of names, services, systems, ports, protocols, and security details are all commonly included in dataflow diagrams

Answer 19

C. Encrypt the drive or volume at creation. Explanation: Encrypting the drive or volume at creation ensures that any data written to the drive or volume through its lifespan will be encrypted and that destruction of the encryption key will result in secure destruction of the data

Answer 20

C. Unstructured data Explanation: Unstructured data does not have the structure required to be easily stored in a database. Semi structured data and structured data is easier to store in a relational database since it has descriptors and elements that make it easier to map into fields

Answer 21

A. Retention periods, regulatory compliance requirements, data classification, data deletion and lifespan, and archiving and retrieval procedures Explanation: Retention policies often include retention periods, regulatory and compliance requirements, data classification impacts on retention, how and when data should be deleted, and archiving and retrieval processes. In addition, Olivia may want to include monitoring, maintenance, and enforcement

Answer 22

C. Check the IRM's certificate revocation list. Explanation: An IRM needs to maintain a certificate revocation list that allows users and applications to validate certificates, just like any other service that uses certificates. That means that Hui should be able to check to see if the revoked certificate is in the list to validate her actions. Issuing a new cert using the same info, accessing the data using her own cert, or deleting the private keys will not invalidate the existing certificate

Answer 23

D. Provisioning Explanation: The provisioning capability of IRM systems focuses on providing rights to individuals based on roles and job functions.

Answer 24

A. Criticality Explanation: Business impact analysis helps to determine what data is needed to continue the operations of the business. This is an assessment of the criticality of the data and Randy knows that the data he flags may be necessary in the event of a disaster or other business continuity issue

Answer 25

C. A dataflow diagram Explanation: Susan should prepare a dataflow diagram to share with her application developers and cloud architects to make sure that the application and service environment is correctly documented.

Answer 26

C. An outage at a provider may result in data not being available. Explanation: The most common risk, and thus the most impactful risk in this list, is the potential for a provider outage to result in the inability to access dispersed data

Answer 27

B. The need to install an agent on endpoint devices Explanation: Installation of a local agent is typically required by IRM systems to ensure data is properly handled on endpoint systems. The questions doesnt specify the use of a server either in the cloud or locally, and the endpoints mentioned are are not cloud based

Answer 28

A. Unstructured data Explanation: Unstructured data includes data like images, audio, video, word processing files and other data that does not have a formally defined structure like structured data does. There's no information that indicates that this is sensitive information, and there isnt any mention of labeling in the question

Answer 29

B. Ingress and egress fees for moving the data between cloud services Explanation: Ingress and egress fees are often some of the highest expenses involved in this effort Since the data is already contained in a storage tier, no new expenses should arise. Logs are text based and can be stored efficiently, so it is unlikely that log files will be a major cost driver

Answer 30

C. Make a copy of the original image, validate it, and then analyze the copy. Explanation: Amanda knows that the original drive should be preserved, and actions should only be taken on a forensic copy. Working with the original, regardless of the process, is not a forensic best practice

Answer 31

A. Preventing taking a screenshot or photo of the displayed text Explanation: While IRM systems can control actions on the system, taking a photo (or even a screenshot) of displayed text is typically outside of their capabilities. Preventing copying, printing and making copies are all common IRM features

Answer 32

B. Regulatory requirements will vary across different locations and may make compliance difficult during discovery. Explanation: Regulatory compliance is important for organizations and Felix needs to point out that discovery across multiple countries and regions may involve a complex set of regulations to comply with. Costs may vary in different regions, but that is not the primary concern Felix needs to raise. There isnt any mention in the question of whether data is structured or not, and while encryption import and export may be covered by law, discovery can be conducted using local tools in each region if necessary

Answer 33

B. Archive the data to a lower cost storage tier. Explanation: Archiving data to a lower cost and typically lower performance storage tier is a common strategy for cloud data retention. Examples like Amazons Glacier allow for long term storage with infreqeunt or slow access and may come with additional costs for retrieval, but optimize costs when data is unlikely to be accessed. Deleting the data does not allow it to be used, moving to a third party service provider is more complex, and moving to a higher performance storage tier does not meet his cost needs

Answer 34

B. Use Explanation: The Use phase of the data lifecycle often includes modification of data and thus will require labels to change or be added

Answer 35

D. TLS Explanation: TLS, or Transport Layer Security, is the encryption protocol of choice for web application traffic

Answer 36

A. Data dispersion Explanation: Data dispersion best fits this description, and bit splitting is a form of data dispersion, although it is one that is more frequently associated with malicious use to avoid forensic analysis and investigations

Answer 37

C. Continue to preserve the data to meet the legal hold requirements. Explanation: Legal holds normally take precedence over other deletion requirements. While Gurleen should check with her organizations legal counsel, in general she should continue to preserve the data

Answer 38

D. The storage will be wiped and reclaimed by the provider to be allocated elsewhere. Explanation: Ephemeral storage that is associated with instances in most cloud providers infrastructure is wiped and reclaimed for reallocation when instances are terminated. If the instance were merely shut down, the storage would be retained for when the system was reactivated

Answer 39

A. 45 days Explanation: Ephemeral data is often kept for shorter time periods like 45 days, a time period sufficient to allow investigations without building up large volumes of data that will not be used and which can be expensive to store. Longer term storage may be required by law or contracts or due to specific contractual requirements

Answer 40

A. Destroy all copies of the encryption key. Explanation: While it may seem quite simple, securely erasing all copies of the encryption key is all that it takes to complete the destruction process for crypto shredding

Answer 41

A. Service outages Explanation: Service outages are the only direct threat to availability on this list

Answer 42

D. A certificate Explanation: Information rights management systems typically rely on certs to identify systems. They can be issued centrally and managed as well as used for digital signatures and encryption

Answer 43

C. Hashing Explanations: Dereks organization is using hashing, which uses a one way cryptographic function to replace data with values that can be referenced without exposing the actual data. Anonymization focuses on removing data that can be associated with specific users or individuals, masking uses alternate characters to conceal data and shuffling switches data around while retaining actual data for testing

Answer 44

A. Long-term storage Explanation Long term storage is storage that is intended to continue to exist and is often used for logs or data storage. Storage that is associated with an instance that will be destroyed when the instance is shut down is ephemeral storage. Raw storage is storage that you have direct access to like a hard drive or an SSD

Answer 45

C. Use a second instance in the original provider's cloud for the backup system. Explanation: OWASPs Secrets Management Cheatsheet describes three main requirements for break glass secrets backup environments: ensuring automated backups are in placed and executed regularly based on the number of secrets and their lifecycle, frequently testing the restore procedures, and encrypting backups and placing them on secure, monitored storage

Answer 46

B. Use standard test secrets and search for them. Explanation: Using standard test secrets makes them easier to detect if they are in an exposed location. Since Alaina specifically has an internal test environment, this is the right location to use standard secrets

Answer 47

D. Retrieval time Explanation: Retrieval time, the amount of time before data can be accessed, is a primary driver for the cost of archival storage in cloud environments

Answer 48

D. Data mapping Explanation: The figure shows a data mapping process between two database tables matching names, phone numbers and email addresses. String comparisons compares two strings to determine if they are the same.

Answer 49

B. Provisioning Explanation: Provisioning for IRM systems gives users the rights and permissions that they need to access files they have rights to.

Answer 50

B. Data access patterns Explanation: Data access patterns are one of the most important things to understand before selecting archival storage. Archival storage classes and services often focus on inexpensive, low frequency, slow access, but other options can include more dynamic access capabilities

Answer 51

B. The data owner Explanation: Data owners are defined by data classification policies and hold overall responsibility for data that they own. Data custodians are responsible for the data, ensuring access control, proper storage and other operational controls.

Answer 52

C. Tokenized data is only a concern if the database it is matched with is also exposed Explanation: Tokenized data is only a concern if the database with original data that it references is also exposed.

Answer 53

A. Enable versioning. Explanation: Versioning tools like those found in Amazons S3 environment allow you to revert to a previous version if an inadvertent change occurs, if data is corrupted, or if the file is deleted.

Answer 54

C. Maximize the rights of important secrets to reduce the total number of secrets required. Explanation: The concept of least privilege is used for secrets too, and maximizing it is a bad idea. Brian should instead seek to limit the rights a given secret provides to constrain the impact of a potential breach or misuse

Answer 55

B. Enable access logging. Explanation: Access logging will allow Chris to monitor for access to specific buckets by individuals, including privileged accounts

Answer 56

C. Content-based discovery Explanation: Jamie is performing content based discovery by searching for specific terms in unstructured data. Label based discovery would rely on data labels

Answer 57

B. Immediately revoke the certificate and add it to the certificate revocation list. Explanation: Mike should immediately revoke the cert so that any malicious use will be limited. He may then want to determine why the cert was exposed and issue a new cert to ensure that the user or owner can continue to perform their job

Answer 58

A. Tag data with its sensitivity level. Explanation: Tagging data will help the DLP manage it appropriately without having to rely on pattern matching. Reducing the overall amount of data may help, but Dans first priority should be using more effective methods.

Answer 59

C. A unique tag for each system instance Explanation: Tags are important tool when working with ephemeral systems. While IP addresses may be reused and admin accounts are likley to be the same across systems, tags can be unique, allows events to be tracked to an instance. The systems deletion time should be logged, as should the time it is instantiated, but this obviously wouldnt be in every log event created by the machine

Answer 60

B. Preserve the data requested until the legal hold is over. Explanation: Legal holds typically override other agreements and lifecycles. Valerie should preserve only the data requested or covered by legal hold, and she should continue with normal practices for the remaining data

Answer 61

A. Establish DLP policies. Explanation: Heikkis next step will be to set up policies that apply appropriate controls to the data that he has categorized and labeled. Once those policies are set, he can train users and run the DLP

Answer 62

A. Metadata-based discovery Explanation: Kara is performing metadata-based discovery using the metadata that already exists in most digital photos. Content based discovery might compare the photos looking for specific subjects and label or tag based discovery would leverage data labels

Answer 63

D. The tokenized data can be looked up against a database that contains customer data. Explanation: Rick knows that tokenized data can be looked up against a database that contains the original customer data, allowing it to be accessed as needed. The actual customer data is stored in a separate database, meaning that a breach of the token database would not result in a customer data breach. The customer data is more secure but could still be breached if attackers leveraged the tokens and their lookup capability

Answer 64

B. Check hashes of machine instances against a hash of the original. Explanation: Hashes can be used to validate whether an image has been modified, but it is important to note that a running machine will have a different hash than the original. Jack may need to check specific file hashes instead. Cloud provider logs may not show changes to an instance, timestamps are time consuming to check and may be notified when files are copied, and rebuilding the machine will typically result in differences

Answer 65

B. Dispersion Explanation: Dispersion is the concept of ensuring that data is in multiple locations so that a single failure, event or loss cannot result in the destruction or loss of the data. Deduplication involves removing duplicates from a data set; protected supply and lifecycle management are how data is managed throughout its life and doesnt specifically describe where data is stored for redundancy

Answer 66

A. The need to ensure regulatory compliance Explanation: When data is created and used in other countries, it may be subject to regulations specific to those countries. Christina should point out that regulatory compliance is critical and could prove complex in this scenario. Exposure issues should be accounted for through best practices like using encryption for all transfers. Transfer speeds for archival data are typically not as critical as for operational data and permissions should be set to be appropriate for the data regardless of location

Answer 67

D. Use Explanation: The Use stage occurs after Classification and before Transfer or Archiving

Answer 68

D. Two different files can be hashed to the same output. Explanation: Ben knows that hashes are a one way functions and cannot be reverse. They generate fixed length output from variable length input, and identical files will generate identical output. Two different files should never generate the same output

Answer 69

C. Share Explanation: IRM can be particularly useful during the sharing stage of the cloud data lifecycle since information rights management tools can ensure privileges are access to data are appropriately managed as data moves around the organization and potentially leaves it

Answer 70

A. Storage Explanation: Storage occurs after creation in the cloud data lifecycle. Labeling is typically done as part of the creation process. Proivisioning may be done at any time but is often associated with use. Encryption is not a stage in the cycle

Answer 71

A. Anonymization Explanation: Naomi has attempted to anonymize the data by removing personally identifiable data. Hashes use a one way cryptographic function to reference data without having the data itself exposed or in use.

Answer 72

B. Data value Explanation: Data value is typically not included in a data retention policy. Instead, retention periods, compliance requirements and data classification are included as well as lifecycle requirements and arching and retrieval procedures

Answer 73

C. Raw storage Explanation: Raw storage is storage that you have direct access to like a hard drive or an SSD that has access to the underlying device. Long term storage is storage that is intended to continue to exist and is often used for logs or data storage.

Answer 74

C. They will need to open the files using tools that support IRM. Explanation: IRM tools require that client devices and applications support IRM or that they access files via web applications that can provide IRM controls

Answer 75

B. Extract and catalog metadata. Explanation: Using existing metadata will help Angelo with his data discovery process, so he should start with that. Once he has the metadata processed, he can use it to speed up other cataloging efforts like scanning for sensitive data, classifying data and mapping the data to compliance requirements

Answer 76

B. Raw storage Explanation: This is an example of raw storage, which directly presents underlying hardware to users