chapter 13 Flashcards
Which of the following scenarios begins with a crisis of confidence in the cloud provider's financial position? A. an upcoming financial audit B. a "mass exodus" scenario C. a "run on the banks" scenario D. all of the above
C. a “run on the banks” scenario
The worst case scenario in a “run on the banks” situation is that:
A. customers may be locked into a contract with a provider for many years.
B. customers may not be able to retrieve their data.
C. providers may be able to leak customer data to third parties.
D. customer data may be made publicly available.
B. customers may not be able to retrieve their data.
According to the ENISA (European Network and Information Security Agency), the probability of loss of governance of security and data policies is:
A. very low
B. moderate
C. high
D. very high
D. very high
An organization’s loss of control and governance over data in the cloud may lead to:
A. lack of confidentiality, integrity and availability of data
B. non-compliance with security requirements
C. deterioration in performance and quality of service
D. all of the above
D. all of the above
According to the ENISA (European Network and Information Security Agency), the probability of an organization facing compliance challenges is: A. low B. moderate C. high D. very high
D. very high
Resource sharing suggests that:
A. there is a lower likelihood of tenants carrying out malicious activities.
B. there will be a faster response rate to malicious activities being carried out by tenants.
C. malicious activities carried out by one tenant may affect the reputation of another tenant.
D. there is a high probability of tenants carrying out malicious activities on the data of other tenants.
C. malicious activities carried out by one tenant may affect the reputation of another tenant.
Public cloud infrastructure:
A. guarantees that all types of compliance have been achieved.
B. implies that certain types of compliance cannot be achieved.
C. has a higher likelihood of meeting compliance requirements than partner cloud infrastructure.
D. has a higher likelihood of meeting compliance requirements than public cloud infrastructure.
B. implies that certain types of compliance cannot be achieved.
According to ENISA (European Network and Information Security Agency), the probability of loss of business reputation due to co-tenant activities is: A. very low B. low C. moderate D. high
B. low
Port scanning or spamming from the cloud infrastructure can lead to all of the following, EXCEPT:
A. deterioration in service delivery
B. data loss
C. unauthorized access to additional resources
D. blocked IP addresses
C. unauthorized access to additional resources
According to ENISA (European Network and nformation Security Agency), cloud service termination/failure affects all of the following assets, EXCEPT: A. personal data B. company reputation C. customer trust D. service delivery
A. personal data
According to ENISA (European Network and Information Security Agency), the probability of supply chain failure is: A. low B. moderate C. high D. very high
A. low
Interruption in the supply chain may lead to which of the following? A. economic losses B. loss of reputation C. cascading service failure D. all of the above
D. all of the above
According to ENISA (European Network and formation Security Agency), over/under provisioning is a: A. low risk B. medium risk C. high risk D. very high risk
B. medium risk
According to ENISA (European Network and Information Security Agency), infrastructure oversize leads to:
A. compromised access control
B. failure to meet demand
C. economic losses
D. failure in specific application situations
C. economic losses
From the customer perspective, poor provider election could lead to: A. service delivery failure B. compromised access controls C. economic losses D. all of the above
D. all of the above
According to ENISA (European Network and information Security Agency), the probability of isolation failure is: A. low B. medium C. high D. none of the above
D. none of the above
According to ENISA (European Network and information Security Agency), the risk that a cloud provider insider might abuse high privilege roles is:
A. low
B. moderate
C. high
D. dependent on the service model selected
C. high
According to ENISA (European Network and Information Security Agency), the risk of management interface compromise is: A. low B. medium C. high D. very high
B. medium
Public cloud providers facilitate access to:
A. larger sets of resources than traditional hosting providers
B. fewer resources than traditional hosting providers
C. about the same level of resources as traditional hosting providers
D. none of the above; access to resources are dependent upon the service model Selected
A. larger sets of resources than traditional hosting providers
According to ENISA (European Network and Information Security Agency), the risk of data interception in transit affects which of the following assets? A. personal sensitive data B. backup data C. customer trust D. all of the above
D. all of the above
Possible threat sources for data interception include all of the following, EXCEPT: A. side channel attacks B. spoofing C. man-in-the-middle attacks D. spamming
D. spamming
The risk of data leakage on up/download applies to the transfer of data between:
A. the cloud provider and the cloud customer
B. cloud tenants
C. the cloud provider and third parties
D. the cloud provider and regulatory authorities
A. the cloud provider and the cloud customer
The risk of insecure/ineffective deletion of data is classified as: A. low B. medium C. above average D. high
B. medium
Should effective encryption be implemented, the risk of insecure/ineffective deletion of data: A. increases slightly B. decreases C. remains the same D. quadruples
B. decreases
