Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ccsk > Chapter5 > Flashcards

Chapter5 Flashcards

1
Q 
1. According to the Cloud Security Alliance (CSA), which of the following domains deals with privacy and regulatory requirements as well as security breach
disclosure law?
A. compliance and audit
B. legal and electronic discovery
C. data center operations
D. virtualization
A

B. legal and electronic discovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. According to the Cloud Security Alliance (CSA), which of the following domains deals with the identification and control of data in the cloud?
    A. information lifecycle management
    B. portability and interoperability
    C. application security
    D. traditional security, business continuity and disaster recovery
A

A. information lifecycle management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. According to the Cloud Security Alliance (CSA), which of the following domains deals with the issues encountered when extending an organization’s identity into the cloud?
    A. incident response, notification and remediation
    B. application security
    C. identity and access management
    D. legal and electronic discovery
A

C. identity and access management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
4. According to the Cloud Security Alliance (CSA), which of the following domains looks at the ability to move data/services from one provider to another.
A. identity and access management
B. encryption and key management
C. application security
D. portability and interoperability
A

D. portability and interoperability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following is a governance recommendation for organizations considering cloud computing?
    A. Metrics for determining performance and efficacy should be established before moving into the cloud.
    B. Collaborative governance structures between customers and providers should be identified as necessary.
    C. A portion of the savings from cloud computing should be invested into auditing the security of the service provider.
    D. All of the above.
A

D. All of the above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of the following statements regarding governance in cloud computing is NOT true?
    A. Security metrics and standards should be included in service level agreements and contracts.
    B. Both customers and providers should develop robust governance if an infrastructure as service (IaaS) model is being used.
    C. Deployment models define accountability and expectations of users and providers.
    D. Provider’s information security controls should be risk-based.
A

B. Both customers and providers should develop robust governance if an
infrastructure as service (IaaS) model is being used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
With many cloud computing deployments, which of the following plays a large role in risk management?
A. contract requirements
B. service level agreements
C. provider documentation
D. all of the above
A

D. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
8. Certain cloud service providers may restrict which of the following?
A. penetration testing
B. access to audit logs
C. vulnerability assessments
D. all of the above
A

D. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The risk management approach for organizations moving to the cloud should include all of the following, EXCEPT:
A. development of risk treatment plans with a universal response option
B. identification and analysis of threats and vulnerabilities
C. identification and valuation of assets
D. outcomes of risk treatment plans included in service agreements

A

A. development of risk treatment plans with a universal response option

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Aligning exposure to risk and capability of managing it with the risk tolerance of the data owner is referred to as:
A. information treatment planning
B. information risk management
C. information lifecycle management
D. information development design
A

B. information risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
The primary means of decision support for information technology resources is:
A. information lifecycle management
B. information risk management
C. risk comparison management
D. both A and B
A

B. information risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
. Information risk decisions are informed by which of the following data?
A. information usage
B. security controls
C. access controls
D. all of the above
A

D. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
When utilizing SaaS (software as a service), the majority of information is provided by:
A. the user
B. the service provider
C. the organization
D. the governance body
A

B. the service provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q 
14. Information transparency is built into the contact language when using:
A. software as a service
B. platform as a service
C. infrastructure as a service
D. both A and C
A

C. infrastructure as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
15. The ability to deploy and gather information from controls is important when using:
A. software as a service
B. platform as a service
C. infrastructure as a service
D. all of the above
A

B. platform as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following statements is NOT true of third party management practices?
    A. Clients should view cloud services and security as supply chain security issues.
    B. Assessments of third party service providers should only focus on incident management, disaster recovery and business continuity processes.
    C. A comprehensive assessment should be made of the provider’s information security governance, risk management and compliance practices.
    D. Both A and C
A

B. Assessments of third party service providers should only focus on incident
management, disaster recovery and business continuity processes.

17
Q 
17. A comprehensive analysis of legal issues related to cloud computing includes consideration of all the following dimensions, EXCEPT:
A. contratual
B. operational
C. functional
D. jurisdictional
A

B. operational

18
Q 
18. Which of the following legal dimensions involves determining the cloud functions/services have legal implications for stakeholders?
A. obligational
B. operational
C. foundational
D. functional
A

D. functional

19
Q 
19. Which of the following legal dimensions involves how governments administer laws/regulations that impact cloud computing stakeholders?
A. jurisdictional
B. legislational
C. regulatory
D. compliance
A

A. jurisdictional

20
Q 
20. Which of the following legal dimensions involves the contract structures and enforcement mechanisms for addressing/managing legal issues in cloud computing?
A. jurisdictional
B. compliance
C. contractual
D. documentation
A

C. contractual

21
Q 
21. Cloud computing is distinguishable from traditional outsourcing in:
A. two ways
B. three ways
C. four ways
D. more than four ways
A

B. three ways

22
Q
  1. Cloud computing is distinguishable from traditional outsourcing in all of the following ways, EXCEPT:
    A. time of service
    B. anonymity of location(s) of servers
    C. anonymity of clients/users
    D. anonymity of service provider’s identity
A

C. anonymity of clients/users

23
Q
  1. International legislative and administrative compliance requirements has led to increased collaboration between:
    A. lawyers and policy makers
    B. technology professionals and lawyers
    C. service providers and clients/users
    D. end users and technology professionals
A

B. technology professionals and lawyers

24
Q

Which of the following is NOT a legal recommendation for cloud computing?
A. Data in the custody of service providers is under an indirect guardianship than when they are in the hands of their original owner.
B. Components of duty of care of a client include: pre-contract due diligence, contract term negotiation and post-contract monitoring.
C. Expected as well as unexpected terminations of relationship between client and service provider ought to be planned for.
D. Service providers should ensure that their information systems can preserve data as authentic and reliable.

A

A. Data in the custody of service providers is under an indirect guardianship than when they are in the hands of their original owner.

25
Q
  1. Which of the following is a prerequisite for compliance with laws dealing with cross-border flows of data?
    A. Confirming that the company retains ownership of the data in original format.
    B. Developing a unified process to respond to subpoenas, service of process and other legal requests.
    C. Ensuring that secure return/disposal of data assets is planned for.
    D. Knowing where the cloud service provider will host the data.
A

D. Knowing where the cloud service provider will host the data.

ccsk (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions