chapter14

Question 1

1. The acronym EDoS refers to:

A. Economic Denial of Service
B. Environmental Domain of Service
C. Encrypted Disaster or Solution
D. Engineered Data on Servers

Answer 1

A. Economic Denial of Service

Question 2

2. When an attacker users a customers’ resources for his/her own gain, this may be referred to as a(n):

A. Diminished Domain of Service
B. Distributed Denial of Service
C. Economic Denial of Service
D. Engineered Denial of Service

Answer 2

C. Economic Denial of Service

Question 3

3. The worst case scenario in an EDoS attack would be:
   A. the unauthorized use of cloud resources
   B. the bankruptcy of the customer or other serious economic impact
   C. the access and use of highly sensitive personal information
   D. both A and C

Answer 3

B. the bankruptcy of the customer or other serious economic impact

Question 4

4. The risk of lost encryption keys would be considered a(n):
A. low probability risk
B. average probability risk
C. above average probability risk
D. high probability risk

Answer 4

A. low probability risk

Question 5

5. Malicious probes or scanning would be considered:
A. a direct threat to the assets
B. an indirect threat to the assets
C. a direct threat to the cloud provider
D. both B and C

Answer 5

B. an indirect threat to the assets

Question 6

6. An attacker can compromise the service engine by hacking it from inside a virtual machine in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both B and C

Answer 6

C. infrastructure as a service

Question 7

7. An attacker can compromise the service engine by hacking it from the runtime environment in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both A and B

Answer 7

B. platform as a service

Question 8

8. An attacker can compromise the service engine by hacking it from the application pool in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. all of the above

Answer 8

A. software as a service

Question 9

9. The risk of conflicts between customer hardening procedures and the cloud environment is considered:
A. low
B. medium
C. high
D. very high

Answer 9

B. medium

Question 10

10. The risk of subpoena and e-discovery is classified as:
A. low
B. medium
C. above average
D. high

Answer 10

D. high

Question 11

11. According to ENISA (European Network and Information Security Agency), the risk from changes of jurisdiction is considered:
A. low probability
B. medium probability
C. high probability
D. very high probability

Answer 11

D. very high probability

Question 12

12. Data protection risks affect all of the following assets, EXCEPT:
A. intellectual property
B. service delivery
C. personal data
D. company reputation

Answer 12

A. intellectual property

Question 13

13. Which of the following statements regarding data protection risks is NOT true?
    A. It can be a challenge for the cloud customer to effectively check the data processing being carried out by the cloud provider.
    B. Failure to comply with data protection law can result in administrative, civil and criminal sanctions.
    C. Less than 1% of cloud providers give information on their data processing procedures.
    D. Certain cloud providers may not provide notice in the case of data security breaches.

Answer 13

C. Less than 1% of cloud providers give information on their data processing procedures.

Question 14

14. The possibility for creating original work in the cloud exists in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both B and C

Answer 14

D. both B and C

Question 15

15. According to the ENISA (European Network and Information Security Agency), licensing risks are considered:
A. low risk
B. medium risk
C. high risk
D. very high risk

Answer 15

B. medium risk

Question 16

16. Although it is not specific to the cloud, the risk of network breaks is considered:
A. low risk
B. medium risk
C. high risk
D. very high risk

Answer 16

B. medium risk

Question 17

17. Network congestion, mis-connection and non-optimal use are categorized as:
A. network break risks
B. non-specific risks
C. network management risks
D. technological compliance risks

Answer 17

C. network management risks

Question 18

18. The risk of modifying network traffic is considered a:
    A. low risk
    B. medium risk
    C. above average risk

Answer 18

B. medium risk

Question 19

19. The risk of privilege escalation affects all of the following assets, EXCEPT:
A. company reputation
B. personal data
C. HR data
D. user directory

Answer 19

A. company reputation

Question 20

20. Impersonation would be classified as:
A. a communication vulnerability
B. lack of security awareness
C. a social engineering attack
D. insider abuse

Answer 20

C. a social engineering attack

Question 21

21. Lost/stolen backups is considered a:
A. low risk
B. medium risk
C. high risk
D. very high risk

Answer 21

B. medium risk

Question 22

22. Unauthorized access to premises is considered a:
A. very low probability risk
B. low probability risk
C. medium probability risk
D. high probability risk

Answer 22

A. very low probability risk

Question 23

23. The risk of natural disasters affects all of the following assets, EXCEPT:
A. service delivery
B. HR data
C. physical hardware
D. customer trust

Answer 23

C. physical hardware

Question 24

24. Compared to traditional infrastructures, the risk of natural disasters for a cloud infrastructure is:
A. close to zero
B. lower
C. slightly increased
D. significantly increased

Answer 24

B. lower

Question 25

25. The risk of natural disasters is considered a:
A. very low risk
B. low risk
C. medium risk
D. high risk

Answer 25

C. medium risk