chapter 13 Flashcards

1
Q
Which of the following scenarios begins with a crisis of confidence in the cloud provider's financial position?
A. an upcoming financial audit
B. a "mass exodus" scenario
C. a "run on the banks" scenario
D. all of the above
A

C. a “run on the banks” scenario

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The worst case scenario in a “run on the banks” situation is that:
A. customers may be locked into a contract with a provider for many years.
B. customers may not be able to retrieve their data.
C. providers may be able to leak customer data to third parties.
D. customer data may be made publicly available.

A

B. customers may not be able to retrieve their data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

According to the ENISA (European Network and Information Security Agency), the probability of loss of governance of security and data policies is:

A. very low
B. moderate
C. high
D. very high

A

D. very high

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An organization’s loss of control and governance over data in the cloud may lead to:
A. lack of confidentiality, integrity and availability of data
B. non-compliance with security requirements
C. deterioration in performance and quality of service
D. all of the above

A

D. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
According to the ENISA (European Network and Information Security Agency), the probability of an organization facing compliance challenges is:
A. low
B. moderate
C. high
D. very high
A

D. very high

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Resource sharing suggests that:

A. there is a lower likelihood of tenants carrying out malicious activities.
B. there will be a faster response rate to malicious activities being carried out by tenants.
C. malicious activities carried out by one tenant may affect the reputation of another tenant.
D. there is a high probability of tenants carrying out malicious activities on the data of other tenants.

A

C. malicious activities carried out by one tenant may affect the reputation of another tenant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Public cloud infrastructure:
A. guarantees that all types of compliance have been achieved.
B. implies that certain types of compliance cannot be achieved.
C. has a higher likelihood of meeting compliance requirements than partner cloud infrastructure.
D. has a higher likelihood of meeting compliance requirements than public cloud infrastructure.

A

B. implies that certain types of compliance cannot be achieved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
According to ENISA (European Network and Information Security Agency), the probability of loss of business reputation due to co-tenant activities is:
A. very low
B. low
C. moderate
D. high
A

B. low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Port scanning or spamming from the cloud infrastructure can lead to all of the following, EXCEPT:
A. deterioration in service delivery
B. data loss
C. unauthorized access to additional resources
D. blocked IP addresses

A

C. unauthorized access to additional resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
According to ENISA (European Network and nformation Security Agency), cloud service termination/failure affects all of the following assets, EXCEPT:
A. personal data
B. company reputation
C. customer trust
D. service delivery
A

A. personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
According to ENISA (European Network and Information Security Agency), the probability of supply chain failure is:
A. low
B. moderate
C. high
D. very high
A

A. low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Interruption in the supply chain may lead to which of the following?
A. economic losses
B. loss of reputation
C. cascading service failure
D. all of the above
A

D. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
According to ENISA (European Network and formation Security Agency), over/under provisioning is a:
A. low risk
B. medium risk
C. high risk
D. very high risk
A

B. medium risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

According to ENISA (European Network and Information Security Agency), infrastructure oversize leads to:
A. compromised access control
B. failure to meet demand
C. economic losses
D. failure in specific application situations

A

C. economic losses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
From the customer perspective, poor provider  election could lead to:
A. service delivery failure
B. compromised access controls
C. economic losses
D. all of the above
A

D. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
According to ENISA (European Network and  information Security Agency), the probability of isolation failure is:
A. low
B. medium
C. high
D. none of the above
A

D. none of the above

17
Q

According to ENISA (European Network and information Security Agency), the risk that a cloud provider insider might abuse high privilege roles is:
A. low
B. moderate
C. high
D. dependent on the service model selected

A

C. high

18
Q
According to ENISA (European Network and Information Security Agency), the risk of management interface compromise is:
A. low
B. medium
C. high
D. very high
A

B. medium

19
Q

Public cloud providers facilitate access to:
A. larger sets of resources than traditional hosting providers
B. fewer resources than traditional hosting providers
C. about the same level of resources as traditional hosting providers
D. none of the above; access to resources are dependent upon the service model Selected

A

A. larger sets of resources than traditional hosting providers

20
Q
According to ENISA (European Network and Information Security Agency), the risk of data interception in transit affects which of the following assets?
A. personal sensitive data
B. backup data
C. customer trust
D. all of the above
A

D. all of the above

21
Q
Possible threat sources for data interception include all of the following, EXCEPT:
A. side channel attacks
B. spoofing
C. man-in-the-middle attacks
D. spamming
A

D. spamming

22
Q

The risk of data leakage on up/download applies to the transfer of data between:
A. the cloud provider and the cloud customer
B. cloud tenants
C. the cloud provider and third parties
D. the cloud provider and regulatory authorities

A

A. the cloud provider and the cloud customer

23
Q
The risk of insecure/ineffective deletion of data is classified as:
A. low
B. medium
C. above average
D. high
A

B. medium

24
Q
Should effective encryption be implemented, the risk of insecure/ineffective deletion of data:
A. increases slightly
B. decreases
C. remains the same
D. quadruples
A

B. decreases

25
Q
The acronym DDoS refers to:
A. Decreased Data on Servers
B. Diminished Domain of Service
C. Disaster Discovery or Solution
D. Distributed Denial of Service
A

D. Distributed Denial of Service