Certified Cloud Security Professional Study Guide Chapter 9 Review Questions (Ben Masilow) Flashcards

1
Q

Which form of BC/DR testing has the most impact on operations?

A. Tabletop
B. Dry Run
C. Full Test
D. Structured Test

A

C. Full Test

Explanation:
The full test will involve every asset in the organization, including all personnel.
The others will have lesser impact, except for D, which is a red herring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which form of BC/DR testing has the least impact on operations?

A. Tabletop
B. Dry run
C. Full test
D. Structured Test

A

A. Tabletop

Explanation:
The tabletop testing involves only essential personnel and none of the production assets.
The others will have a greater impact, except for D, which is a red herring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which characteristic of liquid propane increases its desirability as a fuel for backup generators?

A. Burn rate
B. Price
C. Does not spoil
D. Flavor

A

C. Does not spoil

Explanation:
Liquid propane does not spoil, which obviates the necessity for continually refreshing and re-stocking it and might make it more cost-effective.
The burn rate has nothing to do with its suitability, unless it has some direct bearing on the particular generator the data center owner has chosen.
The various relative prices of fuel fluctuate.
Flavor is a distractor in this question and means nothing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How often should the CMB meet?

A. Whenever regulations dictate
B. Often enough to address organizational needs and reduce frustration with delay
C. Every week
D. Annually

A

B. Often enough to address organizational needs and reduce frustration with delay

Explanation:
Frustrated employees and managers can increase risk to the organization by implementing their own, unapproved modifications to the environment.
The particular interval changes from organization to organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Adhering to ASHRAE standards for humidity can reduce the possibility of _________

A. Breach
B. Static Discharge
C. Theft
D. Inversion

A

B. Static Discharge

Explanation:
A data center with less than optimum humidity can have a higher static electricity discharge rate.
Humidity has not bearing on breaches or theft, and inversion is a nonsense term used as a distractor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A UPS should have enough power to last how long?

A. 12 hours
B. 10 minutes
C. One day
D. Long enough for graceful shutdown

A

D. Long enough for graceful shutdown

Explanation:
The UPS is intended to last only long enough to save production data currently being processed.
The exact quantity of time will depend on many variables and will differ from one data center to the next

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A generator transfer switch should bring backup power online within what timeframe?

A. 10 seconds
B. Before the recovery point objective is reached
C. Before the UPS duration is exceeded
D. Three days

A

C. Before the UPS duration is exceeded

Explanation:
Generator power should be online before battery backup fail.
The specific amount of time will vary between data centers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which characteristic of automated patching makes it attractive?

A. Cost
B. Speed
C. Noise Reduction
D. Capability to recognize problems quickly

A

B. Speed

Explanation:
Automated patching is much faster and more efficient than manual patching.
It is, however, not necessarily any less expensive than manual patching.
Manual patching is overseen by administrators, who will recognize problems faster than automated tools.
Noise reduction is not a factor in patch management at all.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which tool can reduce confusion and misunderstanding during a BC/DR response?

A. Flashlight
B. Controls matrix
C. Checklist
D. Call tree

A

C. Checklist

Explanation:
Checklists serve as a reliable guide for BC/DR activity and should be straightforward enough to use that someone not already an expert or trained in BC/DR response could ostensibly accomplish the necessary tasks.
Flashlights and call trees are certainly useful during BC/DR actions, but not for the purpose of reducing confusion and misunderstanding
Control matrices are not useful during BC/DC actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When deciding whether to apply specific updates, it is best to follow _____ in order to demonstrate due care

A. Regulations
B. Vendor Guidance
C. Internal Policy
D. Competitors Actions

A

B. Vendor Guidance

Explanation:
A data center that doesn’t follow vendor guidance might be seen as failing to provide due care.
Regulations, internal policy and the actions of competitors might all inform the decision to perform an update and patch, but these don’t necessarily bear directly on due care.
This is a difficult, nuanced question, and all the answers are good, but option B is the best.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The CMB should include representations from all of the following offices, except:

A. Regulators
B. IT Department
C. Security Office
D. Management

A

A. Regulators

Explanation:
Regulators are not involved in an organizations CMB; all the rest are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

For performance purposes, OS monitoring should include all of the following except ______

A. Disk Space
B. Disk I/O usage
C. CPU Usage
D. Print Spooling

A

D. Print Spooling

Explanation:
Print spooling is not a metric for system performance; all the rest are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Maintenance mode requires all of these actions except _________

A. Remove all active production instances
B. Initiate enhanced security controls
C. Prevent new logins
D. Ensure logging continues

A

B. Initiate enhanced security controls

Explanation:
While the other answers are all steps in moving from normal operations to maintenance mode, we do not necessarily initiate any enhanced security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is one of the reasons a baseline might be changed?

A. Numerous change requests
B. Power fluctuation
C. To reduce redundancy
D. Natural disaster

A

A. Numerous change requests

Explanation:
If the CMB is receiving numerous change requests to the point where the amount of requests would drop by modifying the baseline, then that is a good reason to change the baseline.
None of the other reasons should involve the baseline at all.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In addition to battery backup, a UPS can offer which capability?

A. Communication redundancy
B. Line conditioning
C. Breach alert
D. Confidentiality

A

B. Line conditioning

Explanation:
A UPS can provide line conditioning, adjusting power so that it is optimized for the devices it serves and smoothing any power fluctuations; it does not offer any of the other listed functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Deviations from the baseline should be investigated and ______

A. Documented
B. Enforced
C. Revealed
D. Encouraged

A

A. Documented

Explanation:
All deviations from the baseline should be documented, including details of the investigation and outcome.
We do not enforce or encourage deviations.
Presumably, we would already be aware of the deviation, so “revealed” is not a reasonable answer.

17
Q

The baseline should cover which of the following?

A. As many systems throughout the organization as possible
B. Data breach alerting and reporting
C. A process for version control
D. All regulatory compliance requirements

A

A. As many systems throughout the organization as possible

Explanation:
The more systems that are included in the baseline, the more cost-effective and scalable the baseline is.
The baseline does not deal with breaches or version control those are the provinces of the security office and CMB respectively.
Regulatory compliance might (and usually will) go beyond the baseline and involve systems, processes and personnel that are not subject to the baseline

18
Q

A localized incident or disaster can be addressed in a cost-effective manner by using which of the following?

A. UPS
B. Generators
C. Joint Operating Agreements
D. Strict Adherence to Applicable Regulations

A

C. Joint Operating Agreements

Explanation:
Joint operating agreements can provide nearby relocation sites so that a disruption limited to the organization’s own facility and campus.
UPS systems and generators are not limited to serving needs for localized causes.
Regulations do not promote cost savings and are not often the immediate concern during BC/DR activities.

19
Q

Generator fuel storage for a cloud data center should last for how long, at minimum?

A. 10 minutes
B. Three days
C. Indefinitely
D. 12 hours

A

D. 12 hours

Explanation:
TheUptime Institute dictates 12 hours of generator fuel for all cloud data center tiers.

20
Q

The BC/DR kit should include all of the following except ________

A. Flashlight
B. Documentation equipment
C. Fuel for backup generators
D. Annotated Asset Inventory

A

C. Fuel for backup generators

Explanation:
The BC/DR kit is intended to be compact, and generator fuel is too cumbersome to include with the kit.
All the other items should be included