Domain1

Question 1

NIST 800-171

Answer 1

NIST 800-171 applies specifically to the use of controlled unclassified information (CUI).

Question 2

Orchestration Tools

Answer 2

Orchestration tools are designed to manage workloads and seamlessly shift them between cloud service providers

Question 3

FIPS 140-2

The Federal Information Processing Standard

Answer 3

FIPS 140-2, the Security Requirements for Cryptographic Modules. This guidance is specific to the cryptographic requirements of systems such as HSMs and would have the most directly relevant guidance

The FIPS 140 standard is used in designing, implementing, and operating cryptographic modules.

Question 4

NIST 800-53

Answer 4

NIST 800-53 provides general cybersecurity standards for federal agencies,

Question 5

NIST 800-171

Answer 5

NIST 800-171 applies specifically to the use of controlled unclassified information (CUI).

Question 6

The common criteria

Answer 6

Common Criteria (CC) provide a certification process for hardware and software products.

Question 7

The blockchain

Answer 7

The blockchain is technology that uses cryptography to create a distributed immutable ledger.

Question 8

Accreditation

Answer 8

Accreditation is the act of management formally accepting an evaluating system, not evaluating the system itself.

Question 9

ISO 17789

Answer 9

ISO 17789 provides a cloud reference architecture and does not offer specific security guidance.

Question 10

ISO 27701

Answer 10

ISO 27701 provides control guidance for privacy programs

Question 11

ISO 27001

Answer 11

ISO 27001 is an international standard for the creation of an information security management system (ISMS).

ISO 27001 is a general description of controls appropriate for a cybersecurity program,

Question 12

ISO 27017

Answer 12

ISO 27017 provides guidance on the security controls that should be implemented by cloud service providers

Question 13

NIST SP 800-37

Answer 13

NIST SP 800-37 is the Risk Management Framework created by the U.S. government for assessing the security of systems.

Question 14

NIST SP 800-53

Answer 14

NIST SP 800-53 is the list of security controls approved for use by U.S. government agencies and a means to map them to the Risk Management Framework

Question 15

Payment Card Industry Security Standards Council (PCI SSC).

Answer 15

The Payment Card Industry Data Security Standard (PCI DSS) is overseen by the Payment Card Industry Security Standards Council (PCI SSC)

Question 16

OpenID Connect

Answer 16

OpenID Connect is an authentication layer that works with OAuth 2.0 as its underlying authorization framework.

Question 17

Edge Computing

Answer 17

The edge computing service model would be far more appropriate, as it places computing power at the sensor, minimizing the data that must be sent back to the cloud over limited connectivity network links.

Question 18

Cloud access security brokers (CASBs)

Answer 18

Cloud access security brokers (CASBs) are designed to enforce security policies consistently across cloud services

Question 19

Elasticity and Scalability

Answer 19

Elasticity refers to the ability of a system to dynamically grow and shrink based on the current level of demand. Scalability refers to the ability of a system to grow as demand increases but does not require the ability to shrink. Services that are elastic must also be scalable, but services that are scalable are not necessarily elastic

Question 20

Trusted execution environment (TEE)

Answer 20

Confidential computing protects data in use by using a trusted execution environment (TEE)

Question 21

Protect data in use in cloud computing ( TEE, Confidential computing)

Answer 21

Trusted Execution Environment (TEE) and Confidential Computing are technologies that protect data in use in cloud computing

Question 22

Confidential computing

Answer 22

Confidential computing is an emerging technology designed to support the protection of data that is actively stored in memory.

Question 23

general certification process for computing hardware - Common criteria

Answer 23

The Common Criteria provide a general certification process for computing hardware that might be used in government applications.

Question 24

FedRAMP- Federal Risk and Authorization Management Program

Answer 24

FedRAMP provides a certification process for cloud computing services but not for hardware

Question 25

The distinguished name (DN) - LDAP

Answer 25

The distinguished name (DN) is the nomenclature for all entries in an LDAP environment.

Question 26

DR Approaches - hot, cold, warm sites , cloud site(cost effective)

Answer 26

Hot sites, cold sites, and warm sites all require a significant investment in physical facilities.

Question 27

BC & DR

Answer 27

BC is about maintaining critical functions during a disruption of normal operations, and DR is about recovering to normal operations after a disruption