Chapter 8 Practice Exam 2 (Ben Malisow) Flashcards
You are the IT director for an automotive parts supply distribution service; your company wants to operate a production environment in the cloud. In reviewing provider options, management considers an offer from Cloud Services Corp., who has contracts with several cloud providers and data centers and has offered to tailor a package of services for your company’s needs. In this case, Cloud Services Corp. is considered a _______________.
A. Cloud provider
B. Cloud customer
C. Cloud reseller
D. Cloud database
C. Cloud reseller
Explanation:
A cloud reseller is a firm that contracts with both cloud providers and customers in order to arrange custom services. The cloud provider(s), in this case, would be those entities selling services to Cloud Services Corp. Option A is incorrect. The cloud customer, in this case, would be your company. Option B is incorrect. No aspect of the question describes a cloud database specifically. Option D is incorrect.
You are the IT director for an automotive parts supply distribution service; your company wants to operate a production environment in the cloud. Management has expressed a concern that any cloud provider the company chooses will have your company at a disadvantage—that your company will be at great risk because the provider will have your data and operational capability, and that the provider could hold the data “hostage” in order to raise the price of the service dramatically at the end of the contract term. To address management’s concerns, you should try to find a cloud offering that places a great deal of emphasis on the _______________ trait of cloud computing.
A. Resource pooling
B. Scalability
C. Portability
D. Metered service
C. Portability
Explanation:
Portability is the aspect of cloud computing that describes the ability to move data and operations away from a given cloud provider (either to another cloud provider or to an on-premise solution). All the other options are aspects of cloud computing but do not aid in addressing the concerns described in the question.
You are the IT director for an automotive parts supply distribution service; your company wants to operate a production environment in the cloud. As you consider possible providers, you are careful to check that they each offer the essential traits of cloud computing. These include all of the following except _______________.
A. Broad network access
B. Metered service
C. On-demand self-service
D. Automatic anti-malware and intrusion prevention
D. Automatic anti-malware and intrusion prevention
Explanation:
While many cloud providers will offer these services (as well as many others), they are not defining characteristics of cloud computing. All the other options are defining characteristics of cloud computing.
You are the IT director for an automotive parts supply distribution service; your company wants to operate a production environment in the cloud. Your company wants to install its own software solutions in a managed environment to decrease the cost of purchasing and maintaining the hardware of a data center. You should most likely be considering a(n) _______________ offering.
A. IaaS
B. PaaS
C. SaaS
D. Hybrid
B. PaaS
Explanation:
A platform as a service (PaaS) model will probably best suit your company’s needs as it allows the customer (your company) to install software and load data onto a hardware infrastructure owned and operated by the provider. An infrastructure as a service (IaaS) solution may be viable for this situation, because it allows the same functionality, but it also requires the customer (your company) to install and maintain the OS(s) that run the software. In looking to decrease cost of investment and maintenance, the PaaS model is probably preferable. Option A is not as good as option B, in this case. A software as a service (SaaS) model does not allow the customer to install software; option C is incorrect.
A hybrid cloud model usually requires the customer to maintain at least part of the hardware infrastructure; in accordance with the description of the situation in this question, option D is not as optimum as option B.
If a company wanted to retain some of its own internal traditional hardware but use the cloud as a means of performing software testing functions, which service and deployment models should it probably use?
A. PaaS, hybrid
B. IaaS, private
C. PaaS, community
D. SaaS, hybrid
A. PaaS, hybrid
Explanation:
Platform as a service (PaaS) models are particularly useful for performing software testing because the customer can install and run their own programs across multiple OSs/systems. A hybrid model is used to describe a situation where ownership of the infrastructure is split between the provider and the customer. A software as a service (SaaS) or infrastructure as a service (IaaS) model would not be optimum for software testing; options B and D are incorrect. A community cloud model involves the joint ownership of infrastructure among many providers and customers; option C is not correct.
A company wants to absolutely minimize their involvement in administration of IT; which combination of cloud service model and deployment should it consider?
A. IaaS, private
B. PaaS, private
C. SaaS, private
D. SaaS, public
D. SaaS, public
Explanation:
A software as a service (SaaS) model reduces customer involvement more than the other models; a public cloud deployment likewise reduces customer participation in ownership and maintenance of infrastructure. Infrastructure as a service (IaaS) and platform as a service (PaaS) models require the customer to participate in some administration of the environment; options A and B are incorrect. A private cloud entails customer involvement in at least the detailing of governance of the environment; option C is incorrect.
During a cost–benefit analysis, your company determines that it spends a disproportionate amount of money on software licensing and administration. Which cloud model may best help your company to reduce these costs?
A. IaaS
B. PaaS
C.SaaS
D. Hybrid
C.SaaS
Explanation:
In a software as a service (SaaS) model, the cloud provider is tasked with acquiring and managing the software licenses; the scale of a cloud provider’s operations can allow them to reduce the per-seat cost of software considerably. The customer is still responsible for some software licensing and maintenance activities (and therefore costs) in infrastructure as a service (IaaS) and platform as a service (PaaS) models; options A and B are incorrect.
A hybrid deployment usually entails the customer maintaining some infrastructure elements, and that usually would also include software licensing requirements. Option D is incorrect.
Your company does not have a well-trained, experienced IT staff and is reluctant to spend more money on training personnel (in recent company history, personnel have received training and then immediately quit the company to work for competitors). If senior management considers cloud migration, which deployment model would probably best suit their needs?
A. Public
B. Private
C. Community
D. Hybrid
A. Public
Explanation:
A public cloud deployment would probably best meet the needs of a company without a robust, trained IT staff. The cloud provider will be responsible for the greatest degree of administration and maintenance compared to the other options. Options B, C, nor D would not be the optimal choices for a cloud deployment model in this case, because each of those requires personnel with more experience/training. Options B, C, and D are incorrect.
Your company operates under a high degree of regulatory scrutiny. Senior management wants to migrate to a cloud environment but is concerned that providers will not meet the company’s compliance needs. Which deployment model would probably best suit the company’s needs?
A. Public
B. Private
C. Community
D. Hybrid
B. Private
Explanation:
A private cloud arrangement allows the customer to have greater control of the governance and policy within an environment. All the other options are cloud deployment models that allow the customer less control over the environment as a whole.
Your company operates in a highly competitive market, with extremely high-value data assets. Senior management wants to migrate to a cloud environment but is concerned that providers will not meet the company’s security needs. Which deployment model would probably best suit the company’s needs?
A. Public
B. Private
C. Community
D. Hybrid
B. Private
Explanation:
A private cloud model can allow the customer to have the greatest assurance of confidentiality compared to the other models.
Options A, C, and D provide less confidentiality than option B and are therefore incorrect.
Your company operates in a highly cooperative market, with a high degree of information sharing between participants. Senior management wants to migrate to a cloud environment but is concerned that providers will not meet the company’s collaboration needs. Which deployment model would probably best suit the company’s needs?
A. Public
B. Private
C. Community
D. Hybrid
C. Community
Explanation:
A community cloud entails all participants to have some degree of ownership and responsibility for the cloud environment; this is the preferred model for cooperative ownership and collaboration among a group with a shared interest/goal.
Your company maintains an on-premises data center for daily production activities but wants to use a cloud service to augment this capability during times of increased demand (cloud bursting). Which deployment model would probably best suit the company’s needs?
A. Public
B. Private
C. Community
D. Hybrid
D. Hybrid
Explanation:
A hybrid model, where ownership fluctuates between exclusive control of the customer (private) and provider (public) only during times of increased demand, is almost a textbook description of this arrangement and translates very well for cloud-bursting techniques.
A company is considering a cloud migration to a platform as a service (PaaS) environment. Which of the following factors might make the company less likely to choose the cloud environment?
A. The company wants to reduce overhead costs.
B. The company operates proprietary software.
C. The company hopes to reduce energy costs related to operation of a data center.
D. The company is seeking to enhance its business continuity and disaster recovery
(BC/DR) capabilities.
B. The company operates proprietary software.
Explanation:
A customer using proprietary software in a PaaS environment faces the risk that updates to the underlying OS(s) and/or hardware infrastructure will not be compatible with the customer’s software and will affect productivity. Cloud migration can, however, aid in reducing overhead costs, including energy costs associated with operating a data center, and can enhance BC/DR capability through the provider’s increased investment in redundancy and continuity.
Which mechanism best aids to ensure that the cloud customer receives dependable, consistent performance in the cloud environment?
A. Audits
B. Service-level agreement (SLA)
C. Regulators
D. Training
B. Service-level agreement (SLA)
Explanation:
The service-level agreement creates financial incentive for the cloud provider to meet the customer’s needs on a consistent basis. Audits and regulators might help this effort, somewhat, by ensuring that the provider adheres to certain mandates and standards, but these are less convincing (and occur after the fact of delivery) than profit motive. Options A and C are incorrect. Training does not really aid the efforts described in the question; option D is incorrect.
What is the business advantage of shifting from capital expenditure in an on-premises environment to the operating expenditures of a cloud environment?
A. Reduces the overall cost
B. Reduces tax exposure
C. Reduces cash flow risks
D. Increases profit
C. Reduces cash flow risks
Explanation:
By spreading costs over time, a business can reduce the risk that there will be a lack of money at any given time, impacting operations. A shift from a capital expenditure scheme to an operational expenditure arrangement does not necessarily mean that overall costs decrease; in fact, costs might very likely increase because the sum of the OpEx installments may total more than the CapEx would have been. Option A is incorrect.
CapEx usually reduces tax exposure because it allows for depreciation of assets, whereas OpEx does not. Option B is not correct. Whether the business uses CapEx or OpEx financing does not necessarily increase or decrease profit. Option D is incorrect.
A host-based firewall in a virtualized cloud environment might have aspects of all the following types of controls except _______________.
A. Administrative
B. Deterrent
C. Corrective
D. Preventive
B. Deterrent
Explanation:
This is a complicated question and requires a significant amount of understanding of control types. A firewall uses aspects of administrative controls. The firewall policy is a set of rules that dictate the type of traffic and source/destination of that traffic. Option A is incorrect. Firewalls can be set to change activity in reaction to detected threats, which is a corrective action; option C is incorrect. Firewall rules can also prevent certain kinds of traffic/access; option D is incorrect. However, the effect of a deterrent control is the result of its perception by someone who might engage in wrongdoing—unless it is perceived, the control is not really a deterrent. Most firewalls don’t function in that manner; they are transparent to both legitimate users and attackers.
Option B is therefore correct
A virtual network interface card (NIC) exists at Layer _______________ of the OSI model.
A. 2
B. 4
C. 6
D. 8
A. 2
Explanation:
All of the other options are incorrect. Option D is incorrect because there is no Layer 8 in the Open Systems Interconnection (OSI) model.
Which technology is most associated with tunneling?
A. IPSec
B. GRE
C. IaaS
D. XML
B. GRE
Explanation:
Generic routing encapsulation (GRE) is a tunneling mechanism, specifically designed for the purpose. Internet Protocol Security (IPSec) may or may not involve tunneling. Option A is incorrect. Infrastructure as a service (IaaS) may or may not use tunneling for remote access/
administration; option C is incorrect. Extensible Markup Language (XML) is a format for communicating data; option D is incorrect.
Secure Shell (SSH) tunneling can include all of the following services except _______________.
A. Remote log-on
B. Content filtering
C. Port forwarding
D. Command execution
B. Content filtering
Explanation:
SSH does not offer content filtering. It does offer all the services listed in the other options.
Transport Layer Security (TLS) is a session encryption tool that uses _______________ encryption to create a _______________ session key.
A. Symmetric, symmetric
B. Asymmetric, symmetric
C. Asymmetric, asymmetric
D. Symmetric, asymmetric
B. Asymmetric, symmetric
Explanation:
TLS uses asymmetric encryption to create a symmetric session key.
Which of the following architecture frameworks was designed for service delivery entities, from the perspective of how they serve customers?
A. SABSA (Sherwood Applied Business Security Architecture)
B. ITIL
C. COBIT (Control Objectives for Information and Related Technologies)
D. TOGAF (The Open Group Architecture Framework)
B. ITIL
Explanation:
ITIL was specifically designed to address service delivery entities (in particular, British telecommunications providers), and how they provide service to their customers. SABSA is a means of looking at security capabilities from a business perspective; option A is incorrect. COBIT is designed for all types of business, regardless of their purpose; option C is incorrect. TOGAF is a means to incorporate security architecture with the overall business architecture; option D is incorrect.
The Cloud Security Alliance (CSA) created the Trusted Cloud Initiative (TCI) to define principles of cloud computing that providers should strive for in order to foster a clear understanding of the cloud marketplace and to enhance that market. Which of the following is not one of the CSA’s TCI fundamental principles?
A. Delegate or federate access control when appropriate.
B. Ensure the [trusted cloud] architecture is resilient, elastic, and flexible.
C. Ensure the [trusted cloud] architecture addresses and supports multiple levels of
protection.
D. Provide economical services to all customers, regardless of point of origin.
D. Provide economical services to all customers, regardless of point of origin.
Explanation:
The TCI does not, specifically, require cost-effectiveness of cloud services. All the other options are principles detailed in the TCI.
Data loss prevention or data leak protection (DLP) solutions typically involve all of the following aspects except _______________.
A. Data discovery
B. Tokenization
C. Monitoring
D. Enforcement
B. Tokenization
Explanation:
Tokenization is not typically an aspect of DLP solutions. All the other options are.
A typical data loss prevention or data leak protection (DLP) tool can enhance the organization’s efforts at accomplishing what legal task?
A. Evidence collection
B. Delivering testimony
C. Criminal prosecution
D. Enforcement of intellectual property rights
A. Evidence collection
Explanation:
The data discovery facet of DLP solutions can aid an organization in gathering applicable evidence, especially in response to a legal request such as a subpoena (this is often termed e-discovery). Tools cannot deliver testimony; only people can testify. Option B is incorrect. DLP solutions do not perform prosecutorial work; that is the function of law enforcement agencies. Option C is incorrect. While DLP tools can locate intellectual property assets, they do not, strictly speaking, enforce the rights attendant to those assets. Option A is still preferable to D in this case.
Which of the following activities can enhance the usefulness and abilities of a data loss prevention or data leak protection (DLP) solution?
A. Perform emergency egress training for all personnel.
B. Require data owners, stewards, and custodians to properly classify and label data at time of creation or collection.
C. Require senior management to participate in all security functions, including initial, recurring, and refresher training.
D. Display security guidance in a variety of formats, including a web page, banner, posters, and hard-copy material.
B. Require data owners, stewards, and custodians to properly classify and label data at time of creation or collection.
Explanation:
DLP tools can function better if appropriate and accurate classification and labeling is applied throughout the environment and done on a consistent basis. All the other options are good aspects of a security program but not exactly germane to DLP function.
Data archiving can also provide what production capability?
A. Enhanced database mechanisms
B. Near-term data recovery
C. New data-driven business workflows
D. Greater management insight into productivity
B. Near-term data recovery
Explanation:
Depending on the availability of the archive, it may be possible to use it to recover production data that has been accidentally or inadvertently deleted or destroyed.
Archiving does not really offer any of the other benefits; when data is taken out of the production environment and put into long-term storage, the organization loses the capability to manipulate it and create new assets from it. Options A, C, and D are incorrect.
Data archiving can be required for regulatory compliance as a legal mandate. What other business function is also often tied to archiving?
A. Marketing
B. Business continuity and disaster recovery (BC/DR)
C. Personnel development
D. Intellectual property protection
B. Business continuity and disaster recovery (BC/DR)
Explanation:
Having a suitable backup, away from the main production environment, allows the organization to recover from contingency operations that have interrupted or affected the production environment. All the other options are not benefits directly associated with data archiving.
Which of the following is probably most important to include in a data archiving policy?
A. Data format and type
B. Data classification
C. Encryption procedures and standards
D. Data audit and review processes
A. Data format and type
Explanation:
In order to use the archive for recovery (either on a large scale for contingency operations or for granular recovery as a means of data discovery), the data needs to be of a format and type that can be utilized by the organization’s systems and environment. Saving data in the wrong format can be equivalent to losing the data. All the other options are important aspects of a data archiving policy but are not as important as option A (for instance, data that is not encrypted might pose a risk of loss, but data in the wrong format may not be recoverable at all).
The destruction of a cloud customer’s data can be required by all of the following except _______________.
A. Statute
B. Regulation
C. The cloud provider’s policy
D. Contract
C. The cloud provider’s policy
Explanation:
The cloud provider cannot typically require the destruction of the customer’s data simply because of its own (provider’s) policy. If this is an aspect of the contract between the provider and customer, that is another issue (and listed as another option in this question). The other options are all sources that may dictate the customer’s destruction of data.
Which of the following data storage types is most associated with software as a service (SaaS)?
A. Content delivery network (CDN)
B. Databases
C. Volume storage
D. Data warehousing
A. Content delivery network (CDN)
Explanation:
CDNs are often used in conjunction with SaaS services to deliver high-quality data of large sizes (often multimedia). Databases and data warehousing are typically associated with platform as a service (PaaS), where the provider owns and maintains the infrastructure and data management engine but the customer can install programs and interfaces to manipulate the data. Options B and D are incorrect. Volume storage is typically associated with infrastructure as a service (IaaS); option C is incorrect.
You are the security manager for a bookkeeping firm that is considering moving to a cloud-based production environment. In selecting a cloud provider, your company is reviewing many criteria. One of these is enhancing the company’s business continuity and disaster recovery (BC/DR) capabilities. You want to ensure that the cloud provider you select will allow for migration to an alternate provider in the event of contingencies. The provider you choose should be able to support a migration to an alternate provider within _______________.
A. 24 hours
B. 1 hour
C. Your company’s recovery time objective (RTO)
D. Your company’s recovery point objective (RPO)
C. Your company’s recovery time objective (RTO)
Explanation:
The RTO is the measure of time after an interruption at which the company needs to resume critical functions; any service migration must take place within that time. RTOs vary for every organization; there is no set answer for all organizations. Options A and B might be correct for a given organization but incorrect in the general case because it’s impossible to know an organization’s RTO without knowing more about the organization. The RPO is a measure of data that can be lost, not time; option D is incorrect.
In which phase of the cloud secure data lifecycle does data leave the production environment and go into long-term storage?
A. Store
B. Use
C. Share
D. Archive
D. Archive
Explanation:
This action defines the archive phase. All the other options are incorrect.
In which phase of the cloud secure data lifecycle should classifications and labels be assigned to data?
A. Create
B. Store
C. Use
D. Share
A. Create
Explanation:
Data should be labeled and classified as soon as it is created/collected. All the other options are incorrect.
Which of the following is not included in the Open Web Application Security Project (OWASP) Top Ten web application security threats?
A. Injection
B. Cross-site scripting
C. Internal theft
D. Sensitive data exposure
C. Internal theft
Explanation:
Internal theft is not listed in the OWASP Top Ten, probably because the list concerns web application security, not security overall.
All the other options are included in the OWASP Top Ten.
Your organization is developing software for wide use by the public. You have decided to test it in a cloud environment, in a platform as a service (PaaS) model. Which of the following should be of particular concern to your organization for this situation?
A. Vendor lock-in
B. Backdoors
C. Regulatory compliance
D. High-speed network connectivity
B. Backdoors
Explanation:
Backdoors are a particularly prevalent risk in software development because programmers legitimately use backdoors for ease of use and speed of delivery but may mistakenly (or even purposefully) leave the backdoors in the software after development, creating a hidden and significant vulnerability. All the other options should be concerns of any cloud customer, but they are not of specific or increased concern for this situation.
Which of the following management risks can make an organization’s cloud environment unviable?
A. Insider trading
B. Virtual machine (VM) sprawl
C. Hostile takeover
D. Improper personnel selection
B. Virtual machine (VM) sprawl
Explanation:
Because the cost of creating new instances in the cloud environment is transparent to many users/offices, there is a significant likelihood that users/offices will create many new virtual machine (VM) instances without the knowledge/oversight of management. This can result in a very expensive surprise at the end of the payment period, when the organization receives the bill from the cloud provider. All the other options are management risks that do not have anything specific to do with the cloud environment and should not affect it/be affected by it.
You are the security manager for a company that is considering cloud migration to an infrastructure as a service (IaaS) environment. You are assisting your company’s IT architects in constructing the environment. Which of the following options do you recommend?
A. Unrestricted public access
B. Use of a Type I hypervisor
C. Use of a Type II hypervisor
D. Enhanced productivity without encryption
B. Use of a Type I hypervisor
Explanation:
The Type I hypervisor is preferable, as it offers less attack surface. All the other options increase risk and should not be recommended.
Your company uses a managed cloud service provider to host the production environment. The provider has notified you, along with several other of the provider’s customers, that an engineer working for the provider has been using administrative access to steal sensitive data and has been selling it to your competitors. Some of this sensitive data included personally identifiable information (PII) related to your employees. Your company’s general counsel informs you that there are at least three jurisdictions involved that have laws requiring data breach notification for PII. Who has legal liability for the costs involved with making the required notifications?
A. The cloud provider
B. Your company
C. The Internet service provider (ISP)
D. Your regulators
B. Your company
Explanation:
Under current laws, the owner of the PII is legally responsible for data breach notifications, regardless of the circumstances of the breach; in this case, your company is the PII owner. All the other options are incorrect because those entities are not the owner of the PII.
Which of the following techniques is not recommended for privileged user management?
A. Increased password/phrase complexity
B. More frequent password/phrase changes
C. More detailed background checks
D.Less detailed audit trail
D.Less detailed audit trail
Explanation:
If anything, the audit trail for privileged users should be more detailed than that for regular users. All the other options are recommended techniques for privileged user management.
You are the security officer for a company operating a production environment in the cloud. Your company’s assets have a high degree of sensitivity and value, and your company has decided to retain control and ownership of the encryption key management system. In order to do so, your company will have to have which of the following cloud service/deployment models?
A. Public
B. Infrastructure as a service (IaaS)
C. Hybrid
D. Software as a service (SaaS)
C. Hybrid
Explanation:
Managing the encryption keys on-premises necessitates some elements of a hybrid cloud model; the key management is done on-premises, and the production takes place in the cloud.
A public cloud arrangement would preclude the customer hosting the key management system on its premises; option A is incorrect. The service model is slightly irrelevant to where the key management system is located; whereas customer-hosted key management is usually associated with an SaaS model, it is not strictly required. Options B and D are incorrect.
Which security principle dictates that encryption key management and storage should be isolated from the data encrypted with those keys?
A. Least privilege
B. Two-person integrity
C. Compartmentalization
D. Separation of duties
D. Separation of duties
Explanation:
Separation of duties dictates that one person/entity cannot complete an entire transaction alone. In the case of encryption, a single entity should not be able to administer the issuing of keys, encrypt the data, and store the keys, because this could lead to a situation where that entity has the ability to access or take encrypted data. All the other options are security principles but are not intrinsically applicable to the concept of storing encryption keys away from encrypted data.
Which cloud data storage technique involves encrypting a data set, then splitting the data into pieces, splitting the key into pieces, then signing the data pieces and key pieces and distributing them to various cloud storage locations?
A. RAID
B. Secret sharing made short (SSMS)
C. Homomorphic encryption
D. Asymmetric encryption
B. Secret sharing made short (SSMS)
Explanation:
Option A is incorrect because RAID is a storage virtualization technology, used in traditional environments, that combines physical disks components into one or more logical units.
Homomorphic encryption is a theoretical conversion of data into ciphertext that can be analyzed as if it were in its original form. Option C is incorrect. Option D is incorrect because it uses public and private key pairs to encrypt and decrypt data.
Which theoretical technique would allow encrypted data to be manipulated without decrypting it first?
A. RAID
B. Secret sharing made short (SSMS)
C. Homomorphic encryption
D. Asymmetric encryption
C. Homomorphic encryption
Option A is incorrect because RAID is a storage virtualization technology, used in traditional environments, that combines physical disks components into one or more logical units. SSMS involves encrypting a data set, then splitting the data into pieces, splitting the key into pieces, then signing the data pieces and key pieces and distributing them to various cloud storage locations. Option B is incorrect. Option D is incorrect because it uses public and private key pairs to encrypt and decrypt data.
Which theoretical technology would allow superposition of physical states to increase both computing capacity and encryption keyspace?
A. All-or-nothing-transform with
B. Reed-Solomon (AONT-RS) Quantum computing
C. Filigree investment
D. Sharding
B. Reed-Solomon (AONT-RS) Quantum computing
Explanation:
This is a description of quantum computing. Option A is incorrect because it refers to a data transformation. Option C is a made up term and is therefore incorrect.
Option D is incorrect because it is a data dispersion term.
In a virtualized environment, suspended virtual machine (VM) instances at rest are subject to increased risk because _______________.
A. There is no way to encrypt instances at rest
B. Insider threats are greater for data storage locations than processing locations
C. The instances are saved as image snapshots and highly portable
D. They are unprotected unless multifactor authentication is required
C. The instances are saved as image snapshots and highly portable
Explanation:
Saved virtual instances are simply inert files, and they are very easy to copy and move. Encryption may be applied to data at rest (even VM snapshots); option A is incorrect. Insider threats within the cloud data center probably pose just as much risk to the storage nodes as the processing nodes; option B is incorrect. Option D is incorrect.
In a virtualized cloud environment, the management plane is usually responsible for provisioning virtual machine instances with all of the following resources except _______________.
A. CPU
B. Memory
C. User interface
D. Permanent storage
C. User interface
Explanation:
The user interface to the virtualized instance can be handled by a variety of mechanisms, but it is not the function of the management plane. All the other options are resources provisioned to the virtual machine(s) by the management plane.
Which of the following business continuity and disaster recovery (BC/DR) testing methodologies is least intrusive?
A. Walk-through
B. Simulation
C. Tabletop
D. Full test
C. Tabletop
Explanation:
The tabletop testing method is the least intrusive type of BC/DR test. All the other options are BC/DR testing methods that are more intrusive.
In order for an organization to determine if its backup solution is adequate for meeting the recovery point objective (RPO), what must be done?
A. Conduct full backups at least daily.
B. Use a data mirroring solution.
C. Put all backups in the cloud.
D. Practice a restore from backup.
D. Practice a restore from backup.
Explanation:
There is no way to know if the backup actually serves the purpose until the organization tests a restoration. The other options are all backup options but do not actually demonstrate whether the backup is suitable for the business continuity and disaster recovery (BC/DR) requirements.
Which common characteristic of the cloud data center also serves customer business continuity and disaster recovery (BC/DR) needs?
A. Multitenancy
B. Virtualization
C. Redundancy
D. Software-defined networking
C. Redundancy
Explanation:
The ubiquitous redundancy of systems and capabilities within most cloud data centers not only serves the provider’s requirement to meet customer service-level agreements but also enhances the data center’s (and the customer’s) resistance to disasters and interruptions. All the other options are characteristics of a cloud data center, but they don’t serve much BC/DR purpose; option C is the best choice.
Which phase of the business continuity and disaster recovery (BC/DR) process can result in a second disaster?
A. Event anticipation
B. Creating BC/DR plans and policy
C. Return to normal operations
D. Incident initiation
C. Return to normal operations
Explanation:
Returning to normal operations can result in a second disaster if the conditions created by the initial disaster (which created the need to run the BC/DR plan) have not fully been addressed/resolved.
An inadvertent initiation of the plan can result in a disaster, but that would only be one disaster, not two; for instance, if senior management got faulty information during the event anticipation phase and decided to switch to contingency operations, but there was no actual causative event, that would be a single disaster. Options A and D are incorrect. The act of planning and crafting policy cannot take the form of a disaster. Option B is incorrect.