Certified Cloud Security Professional Study Guide Chapter 3 Review Questions (Ben Masilow)

Question 1

All of these are methods of data discovery, except:

A. Content-based
B. User-based
C. Label-based
D. Metadata-based

Answer 1

B. User-based

Explanation:
All the others are valid methods of data discovery; user-based is a red herring with no meaning

Question 2

Data labels could include all the following, except:

A. Date data was created
B. Data Owner
C. Data Value
D. Date of scheduled destruction

Answer 2

C. Data Value

Explanation:
All the others might be included in data labels, but we do not usually include data value since it is prone to change frequently and because it might not be information we want to disclose to anyone who does not have need to know

Question 3

Data labels could include all the following except:

A. Source
B. Delivery Vendor
C. Handling Restrictions
D. Jurisdiction

Answer 3

B. Delivery Vendor

Explanation:
All the others might be included in data labels, but we do not include delivery vendor, which is nonsense in this context

Question 4

Data labels could include all the following, except:

A. Confidentiality level
B. Distribution limitations
C. Access Restrictions
D. MFA

Answer 4

D. MFA

Explanation:
All the others might be included in data labels, but multifactor authentication is a procedure used for access control, not a label

Question 5

All of the following are data analytic modes except:

A. Real-time analytics
B. Datamining
C. Agile Business Intelligence
D. Refractory iterations

Answer 5

D. Refractory iterations

Explanation:
All the others are data analytics methods, but refractory iterations is a nonsense term thrown in as a distractor

Question 6

In the cloud, the data owner is usually:

A. In another jurisdiction
B. The cloud customer
C. The cloud provider
D. The cloud access security broker

Answer 6

B. The cloud customer

Explanation:
The data owner is usually considered the cloud customer in a cloud configuration; the data in question is the customers information, being processed in the cloud.
The cloud provider is only leasing services and hardware to the customer.
The cloud access security broker (CASB) only handles access control on behalf of the cloud customer and is not in direct contact with the production data

Question 7

In the cloud, the data processor is usually:

A. The party that assigns access rights
B. The cloud customer
C. The cloud provider
D. The cloud access security broker

Answer 7

C. The cloud provider

Explanation:
In legal terms, when data processor is defined, it refers to anyone who stores, handles, moves or manipulates data on behalf of the data owner or controller.
In the cloud computing realm, this is the cloud provider

Question 8

Which of the following is not an acceptable means of sanitizing hardware?

A. Burning
B. Deletion
C. Industrial Shredding
D. Drilling

Answer 8

B. Deletion

Explanation:
Hardware cannot be sanitized by deleting data.
Deleting, as an operation, does not erase the data; it simply removes the logical pointers to the data for processing purposes.
Burning, deletion and drilling can all be used to sufficiently destroy the hardware to the point where data becomes irrecoverable

Question 9

All policies within the organization should include a section that includes all the following, except:

A. Policy maintenance
B. Policy monitoring
C. Policy enforcement
D. Policy transference

Answer 9

D. Policy transference

Explanation:
All the elements except transference need to be addressed in each policy.
Transference is not an element of policy

Question 10

The most pragmatic option for data disposal in the cloud is which of the following?

A. Melting
B. Crypto-shredding
C. Cold-fusion
D. Overwriting

Answer 10

B. Crypto-shredding

Explanation:
We do not have physical ownership, control, or even access to the hardware devices holding the data, so physical destruction, including melting, is not an option.
Overwriting is a possibility, but it is complicated by the difficulty of locating all the sectors and storage areas that might have contained our data and by the likelihood that constant backups in the cloud increase the chance we will miss something as it’s being overwritten.
Crypto-shredding is the only reasonable alternative.
Cold fusion is a distractor

Question 11

What is the intellectual property protection for the tangible expression of a creative idea?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

Answer 11

A. Copyright

Copyrights are protected tangible expressions of creative works.
The other options listed are answers to subsequent questions

Question 12

What is the intellectual property protection for a useful manufacturing innovation?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

Answer 12

B. Patent

Explanation:
Patents protect processes (as well as inventions, new plant life, and decorative patterns)
The other options listed are answer to other questions

Question 13

What is the intellectual property protection for a very valuable set of sales leads?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

Answer 13

D. Trade Secret

Explanation:
Confidential sales and marketing materials unique to the organization are trade secrets.
The other options listed are answers to other questions

Question 14

What is the intellectual property protection for a confidential recipe for muffins?

A. Copyright
B. Patent
C. Trademark
D. Trade Secrets

Answer 14

D. Trade Secrets

Explanation:
Confidential recipes unique to the organization are trade secrets.
The other options listed are answers to the other questions

Question 15

What is the intellectual property protection for the logo of a new video game?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

Answer 15

C. Trademark

Explanation:
Logos, symbols, phrases, and color schemes that describe brands and trademarks.
The other options listed are answers to other questions

Question 16

What is the aspect of the DMCA that has often been abused and places the burden of proof on the accused?

A. Toll Exemption
B. Decryption Program Prohibition
C. Takedown Notice
D. Puppet Platisicity

Answer 16

C. Takedown Notice

Explanation:
The DMCA provision for takedown notices allows copyright holders to demand removal of suspect content from the web, and puts the burden of proof on whoever posted the material; this function has been abused by griefers, trolls and overzealous content produces
There is no toll exemption in the DMCA.
The decryption program prohibition makes DeCSS and other similar programs illegal.
Puppet plasticity is a nonsense term used for a distractor

Question 17

What is the federal agency that accepts applications for new patents?

A. USDA
B. UPSTO
C. OSHA
D. SEC

Answer 17

B. UPSTO

Explanation:
The US Patent and Trademark Office accepts, reviews and approves applications for new patents.
The USDA creates and enforces agriculture regulation.
OSHA oversees workplace safety regulations.
The SEC regulates publicly traded corporations

Question 18

IRM tools use a variety of methods for enforcement of intellectual property rights.
These include all the following except:

A. Support-based licensing
B. Local Agent Enforcement
C. Dip Switch Validity
D. Media-Present Checks

Answer 18

C. Dip Switch Validity

Explanation:
IRM Solutions use all these methods except for dip switch validity, which is nonsense term

Question 19

Which of the following does not have a personal privacy law that limits the way all citizens and entities can share personal data?

A. Japan
B. Belgium
C. Argentina
D. United States

Answer 19

D. United States

Explanation:
The US does not have a single, overarching personal privacy law; instead the US often protects personal information by industry (HIPAA, GLBA, FERPA and so forth)
Belgium, like all EU member countries, adheres to the GDPR.
Argentina’s Personal Data Protection Act cleaves to the EU regulation, as does Japans Act on the Protection of Personal Information

Question 20

IRM solutions should generally include all the following functions, except:

A. Persistency
B. Automatic Self-Destruct
C. Automation Expiration
D. Dynamic Policy Control

Answer 20

B. Automatic Self-Destruct

Explanation:
IRM tools should include all the functions listed except for self-destruction, which might hurt someone