chapter14 Flashcards

1
Q
  1. The acronym EDoS refers to:

A. Economic Denial of Service
B. Environmental Domain of Service
C. Encrypted Disaster or Solution
D. Engineered Data on Servers

A

A. Economic Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. When an attacker users a customers’ resources for his/her own gain, this may be referred to as a(n):

A. Diminished Domain of Service
B. Distributed Denial of Service
C. Economic Denial of Service
D. Engineered Denial of Service

A

C. Economic Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. The worst case scenario in an EDoS attack would be:
    A. the unauthorized use of cloud resources
    B. the bankruptcy of the customer or other serious economic impact
    C. the access and use of highly sensitive personal information
    D. both A and C
A

B. the bankruptcy of the customer or other serious economic impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
4. The risk of lost encryption keys would be considered a(n):
A. low probability risk
B. average probability risk
C. above average probability risk
D. high probability risk
A

A. low probability risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
5. Malicious probes or scanning would be considered:
A. a direct threat to the assets
B. an indirect threat to the assets
C. a direct threat to the cloud provider
D. both B and C
A

B. an indirect threat to the assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
6. An attacker can compromise the service engine by hacking it from inside a virtual machine in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both B and C
A

C. infrastructure as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
7. An attacker can compromise the service engine by hacking it from the runtime environment in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both A and B
A

B. platform as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
8. An attacker can compromise the service engine by hacking it from the application pool in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. all of the above
A

A. software as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
9. The risk of conflicts between customer hardening procedures and the cloud environment is considered:
A. low
B. medium
C. high
D. very high
A

B. medium

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
10. The risk of subpoena and e-discovery is classified as:
A. low
B. medium
C. above average
D. high
A

D. high

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
11. According to ENISA (European Network and Information Security Agency), the risk from changes of jurisdiction is considered:
A. low probability
B. medium probability
C. high probability
D. very high probability
A

D. very high probability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
12. Data protection risks affect all of the following assets, EXCEPT:
A. intellectual property
B. service delivery
C. personal data
D. company reputation
A

A. intellectual property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following statements regarding data protection risks is NOT true?
    A. It can be a challenge for the cloud customer to effectively check the data processing being carried out by the cloud provider.
    B. Failure to comply with data protection law can result in administrative, civil and criminal sanctions.
    C. Less than 1% of cloud providers give information on their data processing procedures.
    D. Certain cloud providers may not provide notice in the case of data security breaches.
A

C. Less than 1% of cloud providers give information on their data processing procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
14. The possibility for creating original work in the cloud exists in which of the following service models?
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both B and C
A

D. both B and C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
15. According to the ENISA (European Network and Information Security Agency), licensing risks are considered:
A. low risk
B. medium risk
C. high risk
D. very high risk
A

B. medium risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
16. Although it is not specific to the cloud, the risk of network breaks is considered:
A. low risk
B. medium risk
C. high risk
D. very high risk
A

B. medium risk

17
Q
17. Network congestion, mis-connection and non-optimal use are categorized as:
A. network break risks
B. non-specific risks
C. network management risks
D. technological compliance risks
A

C. network management risks

18
Q
  1. The risk of modifying network traffic is considered a:
    A. low risk
    B. medium risk
    C. above average risk
A

B. medium risk

19
Q
19. The risk of privilege escalation affects all of the following assets, EXCEPT:
A. company reputation
B. personal data
C. HR data
D. user directory
A

A. company reputation

20
Q
20. Impersonation would be classified as:
A. a communication vulnerability
B. lack of security awareness
C. a social engineering attack
D. insider abuse
A

C. a social engineering attack

21
Q
21. Lost/stolen backups is considered a:
A. low risk
B. medium risk
C. high risk
D. very high risk
A

B. medium risk

22
Q
22. Unauthorized access to premises is considered a:
A. very low probability risk
B. low probability risk
C. medium probability risk
D. high probability risk
A

A. very low probability risk

23
Q
23. The risk of natural disasters affects all of the following assets, EXCEPT:
A. service delivery
B. HR data
C. physical hardware
D. customer trust
A

C. physical hardware

24
Q
24. Compared to traditional infrastructures, the risk of natural disasters for a cloud infrastructure is:
A. close to zero
B. lower
C. slightly increased
D. significantly increased
A

B. lower

25
Q
25. The risk of natural disasters is considered a:
A. very low risk
B. low risk
C. medium risk
D. high risk
A

C. medium risk