chapter 8

Question 1

Audits of cloud service providers should:
A. be done by the customer only
B. be done by an external third-party only
C. be done regardless of the provider’s certifications
D. be waived, if the provider has adequate certifications

Answer 1

C. be done regardless of the provider’s certifications

Question 2

According to the Cloud Security Alliance (CSA), all cloud providers should demonstrate compartmentalization of all the following, EXCEPT:
A. systems
B. provisioning
C. personnel
D. resources

Answer 2

D. resources

Question 3

Improvements in which of the following areas would lead to improvements for all cloud service customers?
A. tools
B. policies
C. processes
D. all of the above

Answer 3

D. all of the above

Question 4

The nature of cloud computing means that it is more difficult to:
A. ensure adequate resource division.
B. determine who to contact in case of a security incident or data breach.
C. make commitments to customers regarding security.
D. all of the above.

Answer 4

B. determine who to contact in case of a security

Question 5

SOC refers to:
A. strategic overview card
B. standard operations credentials
C. security operations center
D. service office catalogue

Answer 5

C. security operations center

Question 6

In a cloud environment, the number of sources that must be monitored:
A. are the same as in any other computing environment.
B. increase minimally.
C. decrease substantially.
D. increase exponentially.

Answer 6

D. increase exponentially.

Question 7

In a cloud environment, the number of security notifications:
A. are the same as in any other computing environment.
B. increase minimally.
C. decrease substantially.
D. increase exponentially.

Answer 7

D. increase exponentially.

Question 8

Suspicious intrusion detection alerts would be defined as:
A. events
B. incidents
C. risks
D. none of the above

Answer 8

D. none of the above

Question 9

Data breaches would be defiend as:
A. incidents
B. disasters
C. events
D. none of the above

Answer 9

D. none of the above

Question 10

SIEM refers to:
A. Security Information and Event Management
B. Strategic Implementation of Electronic Management
C. Service Improvement in End-user Markets
D. Software Intrusion and External Models

Answer 10

A. Security Information and Event Management

Question 11

A well-maintained SIEM process can assist the:
A. SOC
B. RTO
C. VSP
D. all of the above

Answer 11

A. SOC

Question 12

According to the Cloud Security Alliance (CSA), incident containment is a race between:
A. litigation and settlement
B. damage control and evidence gathering
C. evidence gathering and security improvement
D. crowd control and image manufacturing

Answer 12

B. damage control and evidence gathering

Question 13

According to the Cloud Security Alliance (CSA), effective containment approaches focus on:
A. legislation and regualtions
B. best practices
C. the confidentiality-integrity-availability triad
D. physical controls

Answer 13

C. the confidentiality-integrity-availability triad

Question 14

Cloud computing affects which of the following aspects of the software development lifecycle (SDLC)?
A. application architecture
B. development
C. quality assurance
D. all of the above

Answer 14

D. all of the above

Question 15

SOA refers to:
A. service-oriented architecture
B. strategic objective application
C. secondary overview ability
D. security-orientation application

Answer 15

A. service-oriented architecture

Question 16

When looking at software development lifecycle (SDLC) security in a cloud environment, there are:
A. two main areas of differentiation.
B. three main areas of differentiation.
C. four main areas of differentiation.
D. five main areas of differentiation.

Answer 16

B. three main areas of differentiation.

Question 17

17. The presence of trusted virtual machine images is a key success factor for:
A. software as a service
B. platform as a service
C. infrastructure as a service
D. all of the above

Answer 17

C. infrastructure as a service

Question 18

The ability to segment ESBs (enterprise service buses) is not available in which of the following environments?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both B and C

Answer 18

B. platform as a service

Question 19

Encrypting data while in transit over networks:
A. is only possible in SaaS environments
B. is far simpler in SaaS and PaaS environments than in IaaS environments
C. is only possible in IaaS environments
D. can be implemented with equal ease in SaaS, PaaS and IaaS environments

Answer 19

D. can be implemented with equal ease in SaaS, PaaS and IaaS environments

Question 20

Encrypting data at rest is most common within which of the following environments?

A. software as a service
B. platform as a service
C. infrastructure as a service
D. all of the above

Answer 20

C. infrastructure as a service

Question 21

Ideally, cloud service providers should implement which of the following transparently?
A. encrypting data in transit
B. encrypting data at rest
C. encrypting data on backup media
D. encrypting dynamic data

Answer 21

C. encrypting data on backup media

Question 22

In terms of key management, an entity that uses a given key:
A. should also be the entity that stores the key.
B. should not be the entity that stores the key.
C. should be responsible for creating and storing the key.
D. should destroy it as soon as possible.

Answer 22

B. should not be the entity that stores the key.

Question 23

Which of the following standards cover storage encryption?
A. IEEE 1619.3
B. OASIS
C. KMIP
D. both B and C

Answer 23

A. IEEE 1619.3

Question 24

Built-in authentication services are generally provided in which of the following environments?

A. software as a service
B. platform as a service
C. infrastructure as a service
D. both A and B

Answer 24

D. both A and B

Question 25

One-time passwords, biometrics and Kerberos are all examples of:
A. weak authentication
B. limited authentication
C. strong authentication
D. impenetrable authentication

Answer 25

C. strong authentication