Certified Cloud Security Professional Study Guide Chapter 5 Review Questions (Ben Masilow) Flashcards

1
Q

What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud?

A. Mobility
B. Elasticity
C. Obfuscation
D. Portability

A

D. Portability

Explanation:
Elasticity is the name for the benefit of cloud computing where resources can be apportioned as necessary where resources can be apportioned as necessary to meet customer demand.
Obfuscation is a technique to hide full raw data sets, either from personnel who do not have need to know or for use in testing.
Mobility is not a term pertinent to the CBK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The various models generally available for cloud BC/DR activities include all of the following except ______

A. Private Architecture, cloud backup
B. Cloud provider, backup from same provider
C. Cloud provider, backup from another cloud provider
D. Cloud provider, backup from private provider

A

D. Cloud provider, backup from private provider

Explanation:
This is not a normal configuration and would not likely provide genuine benefit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Countermeasures for protecting cloud operations against external attackers include all of the following except ______

A. Continual monitoring for anomalous activity
B. Detailed and extensive background checks
C. Hardened devices and systems, including servers, hosts, hypervisors and virtual machines
D. Regular and detailed configuration/change management activities

A

B. Detailed and extensive background checks

Explanation:
Background checks are controls for attenuating potential threats from internal actors; external threats arent likely to submit to background checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

All of the following are techniques to enhance the portability of cloud data in order to minimize the potential of vendor lock-in except _______

A. Avoid proprietary formats
B. Use IRM and DLP solutions widely throughout the cloud operation
C. Ensure there are no physical limitations to moving
D. Ensure favorable contract terms to support portability

A

B. Use IRM and DLP solutions widely throughout the cloud operation

Explanation:
IRM and DLP are used for increased authentication/access controls and egress monitoring, respectively, and would actually decrease portability instead of enhancing it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is a technique used to attenuate risks to the cloud environment, resulting in loss or theft of a device used for aremote access?

A. Remote Kill Switch
B. Dual Control
C. Muddling
D. Safe Harbor

A

A. Remote Kill Switch

Explanation:
Dual control is not useful for remote access devices because we would have to assign two people for every device, which would decrease efficiency and productivity.
Muddling is a cocktail preparation technique that involves crushing ingredients.
Safe harbor is a policy provision that allows for compliance through an alternate method rather than the primary instruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except _______

A. The cloud providers supplies
B. The cloud providers vendors
C. The cloud providers utilities
D. The cloud providers resellers

A

D. The cloud providers resellers

Explanation:
The cloud providers resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts.
One of these new factors is: ________

A. Legal liability cant be transferred to the cloud provider
B. Many states have data breach notification laws
C. Breaches can cause the loss of proprietary data
D. Breaches can cause the loss of intellectual property

A

A. Legal liability cant be transferred to the cloud provider

Explanation:
State notification laws and the loss of proprietary data/intellectual property preexisted the cloud; only the lack of ability to transfer liability is new

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The cloud customer will have the most control of their data and systems, and the cloud provider will have the least amount of responsibility, in which cloud computing arrangement?

A. IaaS
B. PaaS
C. SaaS
D. Community Cloud

A

A. IaaS

Explanation:
IaaS entails the cloud customer installing and maintaining the OS, programs, and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data.
In a community cloud, data and device owners are distributed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After a cloud migration, the BIA should be updated to include a review of the new risks and impacts associated with cloud operations; this review should include an analysis of the possibility of vendor lock-in/lock-out.
Analysis of this risk may not have to be performed as a new effort because a lot of the material that would be included is already available from which of the following?

A. NIST
B. The cloud provider
C. The cost-benefit analysis the organization conducted when deciding on cloud migration
D. Open-source providers

A

C. The cost-benefit analysis the organization conducted when deciding on cloud migration

Explanation:
NIST offers many informative guides and standards but nothing specific to any one organization.
The cloud provider will not have prepared an analysis of lock-out/lock-in potential.
Open source providers can offer many useful materials, but again, nothing specific to the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A poorly negotiated cloud service contract could result in all the following detrimental effects except __________

A. Vendor Lock-In
B. Malware
C. Unfavorable terms
D. Lack of necessary services

A

B. Malware

Explanation:
Malware risks and threats are not affected by the terms of the cloud contract

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

All of the following are cloud computing risks in a multitenant environment except ________

A. Risk of loss/disclosure due to legal seizures
B. Information Bleed
C. DoS/DDoS
D. Escalation of privilege

A

C. DoS/DDoS

Explanation:
DoS/DDoS threats and risks are not unique to the multitenant architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Countermeasures for protecting cloud operations against internal threats include all of the following except ________

A. Aggressive background checks
B. Hardened perimeter devices
C. Skills and knowledge testing
D. Extensive and comprehensive training programs, including initial, recurring and refresher sessions

A

B. Hardened perimeter devices

Explanation:
Hardened perimeter devices are more useful at attenuating the risk of external attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Countermeasures for protecting cloud operations against internal threats include all of the following except ______

A. Active physical surveillance and monitoring
B. Active electronic surveillance and monitoring
C. Redundant ISPs
D. Masking and obfuscation of data for all personnel without need to know for raw data

A

C. Redundant ISPs

Explanation:
ISP Redundancy is a means to control the risk of externalities, not internal threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Countermeasures for protecting cloud operations against internal threats at the providers data center include all of the following except ________

A. Broad contractual protections to ensure the provider is ensuring an extreme level of trust in its own personnel
B. Financial penalties for the cloud provider in the event of negligence or malice on the part of its own personnel
C. DLP Solutions
D. Scalability

A

D. Scalability

Explanation:
Scalability is a feature of cloud computing, allowing users to dictate an increase or decrease in service as needed, not a means to counter internal threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Countermeasures for protecting cloud operations against internal threats at the providers data center include all of the following except ______

A. Separation of duties
B. Least privilege
C. Conflict of interest
D. Mandatory vacation

A

C. Conflict of interest

Explanation:
Conflict of interest is a threat, not a control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Benefits for addressing BC/DR offered by cloud operations include all of the following except ______

A. One-time pads
B. Distributed, remote processing of, and storage data
C. Fast replication
D. Regular backups offered by cloud providers

A

A. One-time pads

Explanation:
One-time pads are a cryptographic tool/method; this has nothing to do with BC/DR
All the other answers are benefits of using cloud computing for BC/DR

17
Q

All of the following methods can be used to attenuate the harm caused by escalation of privilege except ______

A. Extensive access control and authentication tools and techniques
B. Analysis and review of all log data by trained, skilled personnel on a frequent basis
C. Periodic and effective use of cryptographic sanitization tools
D. The use of automated analysis tools such as SIM, SIEM and SEM solutions

A

C. Periodic and effective use of cryptographic sanitization tools

Explanation:
Cryptographic sanitization is a means of reducing the risks from data Remanence, not a way to minimize escalation of privilege

18
Q

What is the hypervisor malicious attackers would prefer to attack?

A. Type 1
B. Type 2
C. Type 3
D. Type 4

A

B. Type 2

Explanation:
Attackers prefer Type 2 Hypervisors because the OS offers more attack surface and potential vulnerabilities.
There are no Type 3 and Type 4 hypervisors

19
Q

What is the term used to describe loss of access to data because the cloud provider has ceased operation?

A. Closing
B. Vendor lock-out
C. Vendor lock-in
D. Masking

A

B. Vendor lock-out

Explanation:
Vendor lock-in this is the result of a lack of portability, for any number of reasons.
Masking is a means to hide raw datasets from users who do not have need to know.
Closing is a nonsense term in this context

20
Q

Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind?

A. Malware
B. Loss/Theft of portable devices
C. Backdoors
D. DoS/DDoS

A

C. Backdoors

Explanation:
Software developers often install backdoors as a means to avoid performing entire workflows when adjusting the programs they are working on; they often leave backdoors behind in production software, inadvertently or intentionally