Certified Cloud Security Professional Study Guide Chapter 5 Review Questions (Ben Masilow) Flashcards
What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud?
A. Mobility
B. Elasticity
C. Obfuscation
D. Portability
D. Portability
Explanation:
Elasticity is the name for the benefit of cloud computing where resources can be apportioned as necessary where resources can be apportioned as necessary to meet customer demand.
Obfuscation is a technique to hide full raw data sets, either from personnel who do not have need to know or for use in testing.
Mobility is not a term pertinent to the CBK
The various models generally available for cloud BC/DR activities include all of the following except ______
A. Private Architecture, cloud backup
B. Cloud provider, backup from same provider
C. Cloud provider, backup from another cloud provider
D. Cloud provider, backup from private provider
D. Cloud provider, backup from private provider
Explanation:
This is not a normal configuration and would not likely provide genuine benefit
Countermeasures for protecting cloud operations against external attackers include all of the following except ______
A. Continual monitoring for anomalous activity
B. Detailed and extensive background checks
C. Hardened devices and systems, including servers, hosts, hypervisors and virtual machines
D. Regular and detailed configuration/change management activities
B. Detailed and extensive background checks
Explanation:
Background checks are controls for attenuating potential threats from internal actors; external threats arent likely to submit to background checks
All of the following are techniques to enhance the portability of cloud data in order to minimize the potential of vendor lock-in except _______
A. Avoid proprietary formats
B. Use IRM and DLP solutions widely throughout the cloud operation
C. Ensure there are no physical limitations to moving
D. Ensure favorable contract terms to support portability
B. Use IRM and DLP solutions widely throughout the cloud operation
Explanation:
IRM and DLP are used for increased authentication/access controls and egress monitoring, respectively, and would actually decrease portability instead of enhancing it
Which of the following is a technique used to attenuate risks to the cloud environment, resulting in loss or theft of a device used for aremote access?
A. Remote Kill Switch
B. Dual Control
C. Muddling
D. Safe Harbor
A. Remote Kill Switch
Explanation:
Dual control is not useful for remote access devices because we would have to assign two people for every device, which would decrease efficiency and productivity.
Muddling is a cocktail preparation technique that involves crushing ingredients.
Safe harbor is a policy provision that allows for compliance through an alternate method rather than the primary instruction
Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except _______
A. The cloud providers supplies
B. The cloud providers vendors
C. The cloud providers utilities
D. The cloud providers resellers
D. The cloud providers resellers
Explanation:
The cloud providers resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer
When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts.
One of these new factors is: ________
A. Legal liability cant be transferred to the cloud provider
B. Many states have data breach notification laws
C. Breaches can cause the loss of proprietary data
D. Breaches can cause the loss of intellectual property
A. Legal liability cant be transferred to the cloud provider
Explanation:
State notification laws and the loss of proprietary data/intellectual property preexisted the cloud; only the lack of ability to transfer liability is new
The cloud customer will have the most control of their data and systems, and the cloud provider will have the least amount of responsibility, in which cloud computing arrangement?
A. IaaS
B. PaaS
C. SaaS
D. Community Cloud
A. IaaS
Explanation:
IaaS entails the cloud customer installing and maintaining the OS, programs, and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data.
In a community cloud, data and device owners are distributed
After a cloud migration, the BIA should be updated to include a review of the new risks and impacts associated with cloud operations; this review should include an analysis of the possibility of vendor lock-in/lock-out.
Analysis of this risk may not have to be performed as a new effort because a lot of the material that would be included is already available from which of the following?
A. NIST
B. The cloud provider
C. The cost-benefit analysis the organization conducted when deciding on cloud migration
D. Open-source providers
C. The cost-benefit analysis the organization conducted when deciding on cloud migration
Explanation:
NIST offers many informative guides and standards but nothing specific to any one organization.
The cloud provider will not have prepared an analysis of lock-out/lock-in potential.
Open source providers can offer many useful materials, but again, nothing specific to the organization
A poorly negotiated cloud service contract could result in all the following detrimental effects except __________
A. Vendor Lock-In
B. Malware
C. Unfavorable terms
D. Lack of necessary services
B. Malware
Explanation:
Malware risks and threats are not affected by the terms of the cloud contract
All of the following are cloud computing risks in a multitenant environment except ________
A. Risk of loss/disclosure due to legal seizures
B. Information Bleed
C. DoS/DDoS
D. Escalation of privilege
C. DoS/DDoS
Explanation:
DoS/DDoS threats and risks are not unique to the multitenant architecture
Countermeasures for protecting cloud operations against internal threats include all of the following except ________
A. Aggressive background checks
B. Hardened perimeter devices
C. Skills and knowledge testing
D. Extensive and comprehensive training programs, including initial, recurring and refresher sessions
B. Hardened perimeter devices
Explanation:
Hardened perimeter devices are more useful at attenuating the risk of external attack
Countermeasures for protecting cloud operations against internal threats include all of the following except ______
A. Active physical surveillance and monitoring
B. Active electronic surveillance and monitoring
C. Redundant ISPs
D. Masking and obfuscation of data for all personnel without need to know for raw data
C. Redundant ISPs
Explanation:
ISP Redundancy is a means to control the risk of externalities, not internal threats
Countermeasures for protecting cloud operations against internal threats at the providers data center include all of the following except ________
A. Broad contractual protections to ensure the provider is ensuring an extreme level of trust in its own personnel
B. Financial penalties for the cloud provider in the event of negligence or malice on the part of its own personnel
C. DLP Solutions
D. Scalability
D. Scalability
Explanation:
Scalability is a feature of cloud computing, allowing users to dictate an increase or decrease in service as needed, not a means to counter internal threats
Countermeasures for protecting cloud operations against internal threats at the providers data center include all of the following except ______
A. Separation of duties
B. Least privilege
C. Conflict of interest
D. Mandatory vacation
C. Conflict of interest
Explanation:
Conflict of interest is a threat, not a control