chapter6

Question 1

According to the Cloud Security Alliance (CSA), the cloud services agreement must allow the client or third party to:
A. have reasonable security that data breaches will not happen.
B. monitor the service provider’s performance and test for system vulnerabilities.
C. retain ownership of the data in original format.
D. adjust the process for responding to legal requests at any time.

Answer 1

B. monitor the service provider’s performance and test for system vulnerabilities.

Question 2

According to the Cloud Security Alliance (CSA), the cloud customer must understand:
A. the provider’s ability to produce evidence needed for compliance.
B. the division of compliance responsibilities between consumer and provider.
C. the customer’s role in bridging the gap between auditor and service provider.
D. all of the above.

Answer 2

D. all of the above.

Question 3

According to the Cloud Security Alliance (CSA), which of the following clauses should be obtained whenever possible?
A. Right to Audit Clause
B. Right to Withdraw Clause
C. Security Breach Clause
D. Data Transferability Clause

Answer 3

A. Right to Audit Clause

Question 4

Over time, the right to audit clause should be:
A. increased
B. reduced
C. replaced with the compliance and monitoring clause
D. both B and C

Answer 4

B. reduced

Question 5

Cloud service customers should develop evidence-collecting processes for which of the following areas?
A. system configurations
B. audit logs
C. change management reports
D. all of the above

Answer 5

D. all of the above

Question 6

Which of the following audits ensures that controls are implemented and documented?
A. SAS 70 Type I
B. SAS 70 Type II
C. SAS 70 Type III
D. CSA SaaS v.2

Answer 6

B. SAS 70 Type II

Question 7

According to the Cloud Security Alliance (CSA), cloud service providers should use which of the following as a guideline?
A. ISO/IEC 27000
B. ISO/IEC 27001
C. ISO/IEC 27002
D. ISO/IEC 35000

Answer 7

B. ISO/IEC 27001

Question 8

. Cloud providers that have not achieved ISO/IEC 27001 certification should align themselves with:
A. ISO/IEC 27000
B. ISO/IEC 27002
C. SAS 70 practices
D. CSA SaaS v.2

Answer 8

B. ISO/IEC 27002

Question 9

The Data Security Lifecycle is made up of:
A. four phases
B. six phases
C. ten phases
D. twelve phases

Answer 9

B. six phases

Question 10

All of the following are challenges relating to data lifecycle security in the cloud, EXCEPT:
A. authentication
B. non-repudiation
C. anonymity
D. availability

Answer 10

C. anonymity

Question 11

Which of the following is NOT a phase of the Data Security Lifecycle?
A. use
B. distribute
C. create
D. archive

Answer 11

B. distribute

Question 12

Which of the following phases in the Data Security Lifecycle would involve assigning rights?
A. create
B. destroy
C. share
D. all of the above

Answer 12

A. create

Question 13

Which of the following phases in the Data Security Lifecycle would involve crypto-shredding?
A. archive
B. store
C. use
D. destroy

Answer 13

D. destroy

Question 14

14. Which of the following phases in the Data Security Lifecycle would involve rights management?
A. store and use
B. create and destroy
C. use and share
D. archive and destroy

Answer 14

A. store and use

Question 15

Which of the following phases in the Data Security Lifecycle would involve encryption?
A. store
B. share
C. archive
D. all of the above

Answer 15

D. all of the above

Question 16

According to the Cloud Security Alliance (CSA), there must be some form of assurance that the data is only being stored in locations permitted by:
A. contract
B. SLA
C. regulation
D. all of the above

Answer 16

D. all of the above

Question 17

According to the Cloud Security Alliance (CSA), data must not be commingled with other customer data without:
A. compliance certification
B. compensating controls
C. customer compensation
D. client permission

Answer 17

B. compensating controls

Question 18

Commingling of data is a challenge when concerns are raised regarding:
A. data security
B. backup and recovery strategies
C. geo-location
D. both A and C

Answer 18

D. both A and C

Question 19

Effective data backup and recovery schemes prevent all of the following, EXCEPT:
A. data destruction
B. data loss
C. data commingling
D. unwanted overwrite

Answer 19

C. data commingling

Question 20

Data remanence is most closely related to which of the following concepts?
A. data commingling
B. data discovery
C. data aggregation
D. data persistence

Answer 20

D. data persistence

Question 21

Data aggregation is most closely related to which of the following concepts?
A. data inference
B. data discovery
C. data commingling
D. data persistence

Answer 21

A. data inference

Question 22

Data owners should maintain which of the following fundamental policies?
A. SLA Notification
B. Default Deny All
C. Data Breach Rejection
D. E-Discovery Writ

Answer 22

B. Default Deny All

Question 23

23. According to the Cloud Security Alliance (CSA), data must be encrypted:
    A. at rest
    B. in transit
    C. both at rest and in transit
    D. it depends on the policies of the customer and service provider

Answer 23

C. both at rest and in transit

Question 24

Within the Data Security Lifecycle, compartmentalization techniques separate:
A. cloud service providers from customers
B. cloud service providers from other third parties
C. third parties from one another
D. cloud service customers from each other

Answer 24

D. cloud service customers from each other

Question 25

Which of the following statements is NOT true?
A. Data destruction is extremely difficult in a multi-tenant environment.
B. Encryption is impossible to manage with multi-tenant storage.
C. Backed-up data should not be commingled with other customers’ data.
D. Both A and B.

Answer 25

B. Encryption is impossible to manage with multi-tenant storage.