Domain 14: Related Technologies Flashcards
Which of the following is not one of the common components of “big data” solutions?
A. distributed data collection
B. distributed billing
C. distributed storage
D. distributed processing
Answer: B
“Distributed billing” is a nonsense term used here only as a distractor. All the other answers are common characteristics of big data solutions. See page 147 of the CSA Cloud Security Guidance v4.
Which of the following is not one of the security risks often associated with “Internet of Things (IoT)”?
A. weak or outdated encryption schemes
B. application programming interface (API) vulnerabilities
C. data collection and sanitization
D. severe opportunity for human error
Answer: D
The chance of human error is not particularly elevated by the use of IoT solutions. See page 149 of the CSA Cloud Security Guidance v4.
Which of the following is a common security issue that the cloud customer should consider when allowing users to connect to the cloud with mobile devices?
A. device registration, authentication, and authorization
B. office politics
C. candidate screening
D. job rotation
Answer: A
Device registration, authentication, and authorization are processes that must be done correctly and uniformly for each device in order to properly protect the enterprise. Doing this is a significant challenge. See page 149 of the CSA Cloud Security Guidance v4.
Office politics, candidate screening, and job rotation are not issues that may affect the security of mobile devices connected to the cloud.
Which of the following is not considered a “serverless” cloud configuration, according to the CSA?
A. application programming interface (API) gateways
B. data leak protection (DLP) egress monitoring agents
C. Web servers
D. notification services
Answer: B
DLP agents are among the list of services typically considered as “serverless” in the CSA Cloud Security Guidance v4, page 150.
A “serverless” cloud architecture places a higher security burden on the __________.
A. cloud customer
B. cloud provider
C. regulator
D. user
Answer: B
In a serverless architecture, almost the entire application stack runs in the provider’s environment, without any input or control by the customer. See page 150 of the CSA Cloud Security Guidance v4.
The cloud architecture should not affect the security responsibilities of the regulator or customer, regardless of which kind of architecture is utilized.