Certified Cloud Security Professional Study Guide Chapter 3 Review Questions (Ben Masilow) Flashcards
All of these are methods of data discovery, except:
A. Content-based
B. User-based
C. Label-based
D. Metadata-based
B. User-based
Explanation:
All the others are valid methods of data discovery; user-based is a red herring with no meaning
Data labels could include all the following, except:
A. Date data was created
B. Data Owner
C. Data Value
D. Date of scheduled destruction
C. Data Value
Explanation:
All the others might be included in data labels, but we do not usually include data value since it is prone to change frequently and because it might not be information we want to disclose to anyone who does not have need to know
Data labels could include all the following except:
A. Source
B. Delivery Vendor
C. Handling Restrictions
D. Jurisdiction
B. Delivery Vendor
Explanation:
All the others might be included in data labels, but we do not include delivery vendor, which is nonsense in this context
Data labels could include all the following, except:
A. Confidentiality level
B. Distribution limitations
C. Access Restrictions
D. MFA
D. MFA
Explanation:
All the others might be included in data labels, but multifactor authentication is a procedure used for access control, not a label
All of the following are data analytic modes except:
A. Real-time analytics
B. Datamining
C. Agile Business Intelligence
D. Refractory iterations
D. Refractory iterations
Explanation:
All the others are data analytics methods, but refractory iterations is a nonsense term thrown in as a distractor
In the cloud, the data owner is usually:
A. In another jurisdiction
B. The cloud customer
C. The cloud provider
D. The cloud access security broker
B. The cloud customer
Explanation:
The data owner is usually considered the cloud customer in a cloud configuration; the data in question is the customers information, being processed in the cloud.
The cloud provider is only leasing services and hardware to the customer.
The cloud access security broker (CASB) only handles access control on behalf of the cloud customer and is not in direct contact with the production data
In the cloud, the data processor is usually:
A. The party that assigns access rights
B. The cloud customer
C. The cloud provider
D. The cloud access security broker
C. The cloud provider
Explanation:
In legal terms, when data processor is defined, it refers to anyone who stores, handles, moves or manipulates data on behalf of the data owner or controller.
In the cloud computing realm, this is the cloud provider
Which of the following is not an acceptable means of sanitizing hardware?
A. Burning
B. Deletion
C. Industrial Shredding
D. Drilling
B. Deletion
Explanation:
Hardware cannot be sanitized by deleting data.
Deleting, as an operation, does not erase the data; it simply removes the logical pointers to the data for processing purposes.
Burning, deletion and drilling can all be used to sufficiently destroy the hardware to the point where data becomes irrecoverable
All policies within the organization should include a section that includes all the following, except:
A. Policy maintenance
B. Policy monitoring
C. Policy enforcement
D. Policy transference
D. Policy transference
Explanation:
All the elements except transference need to be addressed in each policy.
Transference is not an element of policy
The most pragmatic option for data disposal in the cloud is which of the following?
A. Melting
B. Crypto-shredding
C. Cold-fusion
D. Overwriting
B. Crypto-shredding
Explanation:
We do not have physical ownership, control, or even access to the hardware devices holding the data, so physical destruction, including melting, is not an option.
Overwriting is a possibility, but it is complicated by the difficulty of locating all the sectors and storage areas that might have contained our data and by the likelihood that constant backups in the cloud increase the chance we will miss something as it’s being overwritten.
Crypto-shredding is the only reasonable alternative.
Cold fusion is a distractor
What is the intellectual property protection for the tangible expression of a creative idea?
A. Copyright
B. Patent
C. Trademark
D. Trade Secret
A. Copyright
Copyrights are protected tangible expressions of creative works.
The other options listed are answers to subsequent questions
What is the intellectual property protection for a useful manufacturing innovation?
A. Copyright
B. Patent
C. Trademark
D. Trade Secret
B. Patent
Explanation:
Patents protect processes (as well as inventions, new plant life, and decorative patterns)
The other options listed are answer to other questions
What is the intellectual property protection for a very valuable set of sales leads?
A. Copyright
B. Patent
C. Trademark
D. Trade Secret
D. Trade Secret
Explanation:
Confidential sales and marketing materials unique to the organization are trade secrets.
The other options listed are answers to other questions
What is the intellectual property protection for a confidential recipe for muffins?
A. Copyright
B. Patent
C. Trademark
D. Trade Secrets
D. Trade Secrets
Explanation:
Confidential recipes unique to the organization are trade secrets.
The other options listed are answers to the other questions
What is the intellectual property protection for the logo of a new video game?
A. Copyright
B. Patent
C. Trademark
D. Trade Secret
C. Trademark
Explanation:
Logos, symbols, phrases, and color schemes that describe brands and trademarks.
The other options listed are answers to other questions
What is the aspect of the DMCA that has often been abused and places the burden of proof on the accused?
A. Toll Exemption
B. Decryption Program Prohibition
C. Takedown Notice
D. Puppet Platisicity
C. Takedown Notice
Explanation:
The DMCA provision for takedown notices allows copyright holders to demand removal of suspect content from the web, and puts the burden of proof on whoever posted the material; this function has been abused by griefers, trolls and overzealous content produces
There is no toll exemption in the DMCA.
The decryption program prohibition makes DeCSS and other similar programs illegal.
Puppet plasticity is a nonsense term used for a distractor
What is the federal agency that accepts applications for new patents?
A. USDA
B. UPSTO
C. OSHA
D. SEC
B. UPSTO
Explanation:
The US Patent and Trademark Office accepts, reviews and approves applications for new patents.
The USDA creates and enforces agriculture regulation.
OSHA oversees workplace safety regulations.
The SEC regulates publicly traded corporations
IRM tools use a variety of methods for enforcement of intellectual property rights.
These include all the following except:
A. Support-based licensing
B. Local Agent Enforcement
C. Dip Switch Validity
D. Media-Present Checks
C. Dip Switch Validity
Explanation:
IRM Solutions use all these methods except for dip switch validity, which is nonsense term
Which of the following does not have a personal privacy law that limits the way all citizens and entities can share personal data?
A. Japan
B. Belgium
C. Argentina
D. United States
D. United States
Explanation:
The US does not have a single, overarching personal privacy law; instead the US often protects personal information by industry (HIPAA, GLBA, FERPA and so forth)
Belgium, like all EU member countries, adheres to the GDPR.
Argentina’s Personal Data Protection Act cleaves to the EU regulation, as does Japans Act on the Protection of Personal Information
IRM solutions should generally include all the following functions, except:
A. Persistency
B. Automatic Self-Destruct
C. Automation Expiration
D. Dynamic Policy Control
B. Automatic Self-Destruct
Explanation:
IRM tools should include all the functions listed except for self-destruction, which might hurt someone
