chapter14 Flashcards
1
Q
- The acronym EDoS refers to:
A. Economic Denial of Service
B. Environmental Domain of Service
C. Encrypted Disaster or Solution
D. Engineered Data on Servers
A
A. Economic Denial of Service
2
Q
- When an attacker users a customers’ resources for his/her own gain, this may be referred to as a(n):
A. Diminished Domain of Service
B. Distributed Denial of Service
C. Economic Denial of Service
D. Engineered Denial of Service
A
C. Economic Denial of Service
3
Q
- The worst case scenario in an EDoS attack would be:
A. the unauthorized use of cloud resources
B. the bankruptcy of the customer or other serious economic impact
C. the access and use of highly sensitive personal information
D. both A and C
A
B. the bankruptcy of the customer or other serious economic impact
4
Q
4. The risk of lost encryption keys would be considered a(n): A. low probability risk B. average probability risk C. above average probability risk D. high probability risk
A
A. low probability risk
5
Q
5. Malicious probes or scanning would be considered: A. a direct threat to the assets B. an indirect threat to the assets C. a direct threat to the cloud provider D. both B and C
A
B. an indirect threat to the assets
6
Q
6. An attacker can compromise the service engine by hacking it from inside a virtual machine in which of the following service models? A. software as a service B. platform as a service C. infrastructure as a service D. both B and C
A
C. infrastructure as a service
7
Q
7. An attacker can compromise the service engine by hacking it from the runtime environment in which of the following service models? A. software as a service B. platform as a service C. infrastructure as a service D. both A and B
A
B. platform as a service
8
Q
8. An attacker can compromise the service engine by hacking it from the application pool in which of the following service models? A. software as a service B. platform as a service C. infrastructure as a service D. all of the above
A
A. software as a service
9
Q
9. The risk of conflicts between customer hardening procedures and the cloud environment is considered: A. low B. medium C. high D. very high
A
B. medium
10
Q
10. The risk of subpoena and e-discovery is classified as: A. low B. medium C. above average D. high
A
D. high
11
Q
11. According to ENISA (European Network and Information Security Agency), the risk from changes of jurisdiction is considered: A. low probability B. medium probability C. high probability D. very high probability
A
D. very high probability
12
Q
12. Data protection risks affect all of the following assets, EXCEPT: A. intellectual property B. service delivery C. personal data D. company reputation
A
A. intellectual property
13
Q
- Which of the following statements regarding data protection risks is NOT true?
A. It can be a challenge for the cloud customer to effectively check the data processing being carried out by the cloud provider.
B. Failure to comply with data protection law can result in administrative, civil and criminal sanctions.
C. Less than 1% of cloud providers give information on their data processing procedures.
D. Certain cloud providers may not provide notice in the case of data security breaches.
A
C. Less than 1% of cloud providers give information on their data processing procedures.
14
Q
14. The possibility for creating original work in the cloud exists in which of the following service models? A. software as a service B. platform as a service C. infrastructure as a service D. both B and C
A
D. both B and C
15
Q
15. According to the ENISA (European Network and Information Security Agency), licensing risks are considered: A. low risk B. medium risk C. high risk D. very high risk
A
B. medium risk