Certified Cloud Security Professional Study Guide Chapter 3 Review Questions (Ben Masilow) Flashcards

1
Q

All of these are methods of data discovery, except:

A. Content-based
B. User-based
C. Label-based
D. Metadata-based

A

B. User-based

Explanation:
All the others are valid methods of data discovery; user-based is a red herring with no meaning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data labels could include all the following, except:

A. Date data was created
B. Data Owner
C. Data Value
D. Date of scheduled destruction

A

C. Data Value

Explanation:
All the others might be included in data labels, but we do not usually include data value since it is prone to change frequently and because it might not be information we want to disclose to anyone who does not have need to know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data labels could include all the following except:

A. Source
B. Delivery Vendor
C. Handling Restrictions
D. Jurisdiction

A

B. Delivery Vendor

Explanation:
All the others might be included in data labels, but we do not include delivery vendor, which is nonsense in this context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data labels could include all the following, except:

A. Confidentiality level
B. Distribution limitations
C. Access Restrictions
D. MFA

A

D. MFA

Explanation:
All the others might be included in data labels, but multifactor authentication is a procedure used for access control, not a label

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

All of the following are data analytic modes except:

A. Real-time analytics
B. Datamining
C. Agile Business Intelligence
D. Refractory iterations

A

D. Refractory iterations

Explanation:
All the others are data analytics methods, but refractory iterations is a nonsense term thrown in as a distractor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In the cloud, the data owner is usually:

A. In another jurisdiction
B. The cloud customer
C. The cloud provider
D. The cloud access security broker

A

B. The cloud customer

Explanation:
The data owner is usually considered the cloud customer in a cloud configuration; the data in question is the customers information, being processed in the cloud.
The cloud provider is only leasing services and hardware to the customer.
The cloud access security broker (CASB) only handles access control on behalf of the cloud customer and is not in direct contact with the production data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the cloud, the data processor is usually:

A. The party that assigns access rights
B. The cloud customer
C. The cloud provider
D. The cloud access security broker

A

C. The cloud provider

Explanation:
In legal terms, when data processor is defined, it refers to anyone who stores, handles, moves or manipulates data on behalf of the data owner or controller.
In the cloud computing realm, this is the cloud provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is not an acceptable means of sanitizing hardware?

A. Burning
B. Deletion
C. Industrial Shredding
D. Drilling

A

B. Deletion

Explanation:
Hardware cannot be sanitized by deleting data.
Deleting, as an operation, does not erase the data; it simply removes the logical pointers to the data for processing purposes.
Burning, deletion and drilling can all be used to sufficiently destroy the hardware to the point where data becomes irrecoverable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

All policies within the organization should include a section that includes all the following, except:

A. Policy maintenance
B. Policy monitoring
C. Policy enforcement
D. Policy transference

A

D. Policy transference

Explanation:
All the elements except transference need to be addressed in each policy.
Transference is not an element of policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The most pragmatic option for data disposal in the cloud is which of the following?

A. Melting
B. Crypto-shredding
C. Cold-fusion
D. Overwriting

A

B. Crypto-shredding

Explanation:
We do not have physical ownership, control, or even access to the hardware devices holding the data, so physical destruction, including melting, is not an option.
Overwriting is a possibility, but it is complicated by the difficulty of locating all the sectors and storage areas that might have contained our data and by the likelihood that constant backups in the cloud increase the chance we will miss something as it’s being overwritten.
Crypto-shredding is the only reasonable alternative.
Cold fusion is a distractor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the intellectual property protection for the tangible expression of a creative idea?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

A

A. Copyright

Copyrights are protected tangible expressions of creative works.
The other options listed are answers to subsequent questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the intellectual property protection for a useful manufacturing innovation?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

A

B. Patent

Explanation:
Patents protect processes (as well as inventions, new plant life, and decorative patterns)
The other options listed are answer to other questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the intellectual property protection for a very valuable set of sales leads?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

A

D. Trade Secret

Explanation:
Confidential sales and marketing materials unique to the organization are trade secrets.
The other options listed are answers to other questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the intellectual property protection for a confidential recipe for muffins?

A. Copyright
B. Patent
C. Trademark
D. Trade Secrets

A

D. Trade Secrets

Explanation:
Confidential recipes unique to the organization are trade secrets.
The other options listed are answers to the other questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the intellectual property protection for the logo of a new video game?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

A

C. Trademark

Explanation:
Logos, symbols, phrases, and color schemes that describe brands and trademarks.
The other options listed are answers to other questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the aspect of the DMCA that has often been abused and places the burden of proof on the accused?

A. Toll Exemption
B. Decryption Program Prohibition
C. Takedown Notice
D. Puppet Platisicity

A

C. Takedown Notice

Explanation:
The DMCA provision for takedown notices allows copyright holders to demand removal of suspect content from the web, and puts the burden of proof on whoever posted the material; this function has been abused by griefers, trolls and overzealous content produces
There is no toll exemption in the DMCA.
The decryption program prohibition makes DeCSS and other similar programs illegal.
Puppet plasticity is a nonsense term used for a distractor

17
Q

What is the federal agency that accepts applications for new patents?

A. USDA
B. UPSTO
C. OSHA
D. SEC

A

B. UPSTO

Explanation:
The US Patent and Trademark Office accepts, reviews and approves applications for new patents.
The USDA creates and enforces agriculture regulation.
OSHA oversees workplace safety regulations.
The SEC regulates publicly traded corporations

18
Q

IRM tools use a variety of methods for enforcement of intellectual property rights.
These include all the following except:

A. Support-based licensing
B. Local Agent Enforcement
C. Dip Switch Validity
D. Media-Present Checks

A

C. Dip Switch Validity

Explanation:
IRM Solutions use all these methods except for dip switch validity, which is nonsense term

19
Q

Which of the following does not have a personal privacy law that limits the way all citizens and entities can share personal data?

A. Japan
B. Belgium
C. Argentina
D. United States

A

D. United States

Explanation:
The US does not have a single, overarching personal privacy law; instead the US often protects personal information by industry (HIPAA, GLBA, FERPA and so forth)
Belgium, like all EU member countries, adheres to the GDPR.
Argentina’s Personal Data Protection Act cleaves to the EU regulation, as does Japans Act on the Protection of Personal Information

20
Q

IRM solutions should generally include all the following functions, except:

A. Persistency
B. Automatic Self-Destruct
C. Automation Expiration
D. Dynamic Policy Control

A

B. Automatic Self-Destruct

Explanation:
IRM tools should include all the functions listed except for self-destruction, which might hurt someone