Chapter 2 All In One Flashcards
When the IT security department allows users to use their own personal devices to access corporate data, which of the following aspects of mobile device management would not be a primary concern?
A. Backups
B. VPN access
C. E-mail security
D. Remote erasure
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 82). McGraw Hill LLC. Kindle Edition.
A. Backups
Explanation:
The goal and purpose of MDM is to allow for secure access to internal data and applications and to enforce security policies and practices on devices from homogenous ecosystems. The actual data will reside in an authoritative source at the organization itself, with the ability to access, revoke access, and perform remote erasure maintained by the organization. Backups would not be of primary concern because the data is not authoritatively residing on those devices.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 82). McGraw Hill LLC. Kindle Edition.
When implementing artificial intelligence into a system, the organization desires it to only use data points to make determinations and not try to make social or emotional decisions. What type of artificial intelligence would be utilized?
A. Human-inspired
B. Humanized
C. Cognitive
D. Analytical
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 82). McGraw Hill LLC. Kindle Edition.
D. Analytical
Explanation:
Analytical artificial intelligence only uses cognitive functions to analyze data and inputs and make decisions on how best to proceed with future processes. It does not take into account aspects of emotional or social intelligence at all
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 82). McGraw Hill LLC. Kindle Edition.
What is used by blockchain to connect a new block to the previous block in the same chain to ensure integrity?
A. Timestamp
B. Cryptographic hash
C. Pointer
D. Linkage
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 82). McGraw Hill LLC. Kindle Edition.
B. Cryptographic hash
Explanation:
B. The cryptographic hash of the previous block in the chain is used by blockchain to maintain the integrity of the chain and verify the proper linking. Once the new block is linked via the hash, it is distributed throughout the validators and can be accessed as needed. If any changes are made to any block in the chain, the entire chain will be rendered compromised and known by any users.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 82). McGraw Hill LLC. Kindle Edition.
4.Which of the following are common threats facing cloud computing platforms? (Choose two.)
A. Denial of service
B. Cryptographic hashing
C. Data breaches
D. Phishing attacks
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 83). McGraw Hill LLC. Kindle Edition.
A. Denial of service
C. Data breaches
Explanation:
Denial-of-service attacks are used to overwhelm system resources with traffic or malformed requests with the intent to block legitimate and authorized users from the application or data and legitimate business access. Data breaches involve a malicious actor accessing, viewing, copying, or transferring data that they do not have the authorization or a legitimate business use to do so. Cryptographic hashing involves the protection of data and is not a threat facing cloud computing platforms, and phishing attacks can target any application regardless of hosting configurations or technologies used and is not a cloud-specific attack either.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 83). McGraw Hill LLC. Kindle Edition.
5.Which of the following standards is commonly applied to cloud computing security?
A. ISO/IEC 27001
B. ISO/IEC 27003
C. ISO/IEC 27013
D. ISO/IEC 27017
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 83). McGraw Hill LLC. Kindle Edition.
D. ISO/IEC 27017
Explanation:
ISO/IEC 27017 is commonly applied to cloud computing security as a standard and certification system for promoting and continually improving upon the security applied to a system or application. The other certifications listed either are not relevant or are fabricated numbers.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 83). McGraw Hill LLC. Kindle Edition.
Which of the following methods is commonly used to ensure that data removed from a cloud system is not recoverable?
A. Deletion
B. Degaussing
C. Overwriting
D. Shredding
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 83). McGraw Hill LLC. Kindle Edition.
C. Overwriting
Explanation:
Overwriting is a common method used for ensuring removed data is no longer accessible in a cloud environment by replacing valid and sensitive data with random data, null values, or repeating data so that it cannot be read. Simple deleting only removes pointers to data and not the data itself, and degaussing and shredding are physical media destruction techniques that would not be available within a cloud environment.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 83). McGraw Hill LLC. Kindle Edition.
Which type of hypervisor is a software implementation that runs on top of an operating system rather than tied to the hardware?
A. Type 1
B. Type 2
C. Type 3
D. Type 4
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 84). McGraw Hill LLC. Kindle Edition.
B. Type 2
Explanation:
Type 2 is the type of hypervisor that is hosted on top of an operating system as a software package, rather than connected directly to the underlying physical hardware like a Type 1 hypervisor would be. Type 3 and 4 hypervisors do not exist.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 84). McGraw Hill LLC. Kindle Edition.
Which component of the NIST Cloud Technology Roadmap pertains to the minimum requirements between the cloud provider and cloud customer to meet contractual satisfaction?
A. SLAs
B. Regulatory requirements
C. Governance
D. Auditability
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 84). McGraw Hill LLC. Kindle Edition.
A. SLAs
Explanation:
SLAs are the criteria to meet minimum requirements for contractual satisfaction between the cloud provider and cloud customer. They document specific requirements and metrics that are required and how they will be measured, as well as specific methods for remedy should they not be met. Regulatory requirements do not dictate specific performance metrics in most cases, and even if they do, the SLA would be the vehicle that would document and establish their performance requirements within the business relationship. Auditability refers to a system or application and the aspects of it that make it subjected to audits and the ease with which they can be done; it is not a framework for specifying contractual performance requirements.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 84). McGraw Hill LLC. Kindle Edition.
Which of the following is a unique benefit of a private cloud versus other models?
A. Scalability
B. Right-sizing resources
C. Disaster recovery
D. Ownership retention
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 84). McGraw Hill LLC. Kindle Edition.
D. Ownership retention
Explanation:
Ownership retention is a unique benefit of the private cloud model, where the cloud customer will have significantly more input and control over how the cloud is deployed and managed, versus a public cloud model, where specific customers have very little input or leverage. Scalability is a feature of all cloud models and is not specific to the private cloud model. Right-sizing resources is synonymous with what scalability and elasticity provide and is also not specific to private cloud models. Disaster recovery is a larger concept that applies to any type of hosting, including both traditional data centers and cloud environments, and is not specific to any one model or implementation.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (pp. 84-85). McGraw Hill LLC. Kindle Edition.
Which of the following characteristics of cloud computing would be most attractive to management when looking to save money?
A. On-demand self-service
B. Measured service
C. Resource pooling
D. Rapid elasticity
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 85). McGraw Hill LLC. Kindle Edition.
B. Measured service
Explanation:
While all aspects could potentially save an organization money, measured service and only paying for what you consume—when you consume it—would be the most attractive option. With a traditional data center, a system must essentially be built to handle peak load, leaving a lot of excess resources at most times. With a cloud environment, resources can be scaled up and added when needed for peak times or cycles, and the customer only incurs those costs while they are actually being used. On-demand self-service refers to the mechanism for scaling a system and provisioning resources, and itself is not a specific way to save money. Resource pooling refers to the overall aggregation of resources between all tenants of a cloud environment and the allocation between them to meet demand. Rapid elasticity is the concept that enables a cloud customer to add resources when needed, but it’s not the specific cost-saving mechanism represented with measured service.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 85). McGraw Hill LLC. Kindle Edition.
What feature of IaaS would be most beneficial to a new company starting up with more limited capital?
A. Scalability
B. Physical hardware costs
C. Physical security requirements
D. High availability
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 85). McGraw Hill LLC. Kindle Edition.
B. Physical hardware costs
Explanation:
B. Physical hardware costs would be most beneficial to a new company starting out with limited capital because IaaS would remove the need for a large upfront investment in data center expenses. A startup would only need to pay for the specific resources it needs and when it needs them and not the full data center and all the components necessary for it. Physical security requirements are also a component that would make IaaS attractive to a customer, but it would be the same for PaaS and SaaS as well; the physical hardware costs are more directly related to the specific question. Scalability and high availability are not appropriate answers because they might not be specific requirements of an individual customer and would not necessarily factor into the hosting decisions and costs.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 85). McGraw Hill LLC. Kindle Edition.
Which common threat, which a customer could be totally unaware of at the time, could lead to a direct financial cost without loss of reputation or privacy exposure?
A. Data breaches
B. Malicious insiders
C. Denial of service
D. Insufficient due diligence
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 86). McGraw Hill LLC. Kindle Edition.
C. Denial of service
Explanation:
C. A denial-of-service attack could lead to direct financial costs for a customer without data exposure due to the pricing model of cloud computing measured against consumed resources. With elasticity and auto-scaling, and cloud environments capable of handling very high loads, especially public clouds, a cloud customer may not even be immediately aware of the resources their systems are utilizing at the moment.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 86). McGraw Hill LLC. Kindle Edition.
What certification would be most appropriate to use for financial statement auditing?
A. NIST SP 800-53
B. FIPS 140-2
C. ISO/IEC 27001
D. SOC 1, SOC 2, and SOC 3
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 86). McGraw Hill LLC. Kindle Edition.
D. SOC 1, SOC 2, and SOC 3 pertain to financial statements and auditing, with the latter two extending into broader auditing of systems and practices. The NIST SP 800-53 publication pertains to security and privacy controls for federal government IT systems within the United States and is not an auditing framework. FIPS 140-2, also from the United States federal government, is a set of standards and accreditations for cryptographic modules, and ISO/IEC 27001 is a general certification and standards publication for IT security.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 86). McGraw Hill LLC. Kindle Edition.
14.Which component of the NIST Cloud Computing Roadmap pertains to the ability to split up applications and reuse components?
A. Portability
B. Interoperability
C. Auditability
D. Availability
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 86). McGraw Hill LLC. Kindle Edition.
B. Interoperability
Explanation:
Interoperability is the ability to split up and reuse components throughout systems and applications. Portability refers to the ability to move systems and applications easily between different cloud providers. Auditability refers to the ability to audit the controls and practices of a system or application, and availability refers to one of the main three security principles, focused on data and systems being available to authorized users when needed.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 86). McGraw Hill LLC. Kindle Edition.
Which problem would make it least likely for an application or system to be able to easily move to another cloud provider?
A. Data lock-in
B. Operating systems
C. Patching cycles
D. Insecure APIs
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 87). McGraw Hill LLC. Kindle Edition.
A. Data lock-in
Explanation:
Data lock-in would make it very difficult for a customer to easily move to another cloud provider, as they would be dependent on proprietary offerings from the cloud provider. Operating systems would not be an impediment because any cloud provider could offer the same operating systems, and patching cycles would fall into the same type of universal offering. Insecure APIs are a major security risk and, if anything, would be a primary reason for a cloud customer to leave for a different cloud provider.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 87). McGraw Hill LLC. Kindle Edition.
