Exam Flashcards
How many tiers should an ISCM per NIST 800-137 have:
A. 2 – Tier 1 (Org Bus Process), Tier 2 (Cloud Computing
Strategy Implem)
B. 2 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process)
C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy)
Tier 3 (Cloud Computing Strategy Implem)
D. 3 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process), Tier 3 (ICSM Strategy)
C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy) Tier 3 (Cloud Computing Strategy Implem)
Cloud services i.e.: IaaS, PaaS, SaaS can be delivered by several models. Select 3. A. Private Cloud B. Community Cloud C. Hybrid Cloud D. E. Shared Cloud Social Cloud
A. Private Cloud
B. Community Cloud
C. Hybrid Cloud
What is not risk for multi-tenancy design?
A. Co-mingled tenant data
B. Inadequate logical Sec Cntl
C. Overcharging for extreme use of resources
D. Uncoordinated change cntl and mis-config
C. Overcharging for extreme use of resources
Consider the following about hybrid cloud solutions:
- In hybrid cloud, both the provider and consumer share
the mgmt responsibility
- In hybrid cloud, both the provider and consumer share
the ownership
- In hybrid cloud, the provider and consumer use the
combination of on-premise and off-premise
infrastructure
- In hybrid cloud, both the provider and consumer have
trusted and untrusted users.
Which statement is correct?
A. Statement 1 & 2 are correct
B. Statement 1, 3, & 4 are correct
C. Statement 2, 3, & 4 are correct
D. All Statement are correct
D. All Statement are correct
Consider the context of data center avail and physical Sec. Which Tier ensures highest AVAILABILITY A. Tier I B. Tier II C. Tier III D. Tier IV
D. Tier IV
What is a device that safeguards and manages digital keys for strong authentication along with providing crypto processing called?
A. Hardware Sec Module (HSM)
B. Key Mgmt Device (KMD)
C. Public Key Infrastructure
D. Windows File Server
A. Hardware Sec Module (HSM)
What are the benefits of Least Privilege Access?
A. Better service stability, security, & ease of Deployment
B. Better service stability, lower complexity, better security, & ease of Deployment
C. Improved availability, lower risk, lower cost of development, and deployment
D. It is mainly about the best service availability
A. Better service stability, security, & ease of Deployment
Consider the replication schemes and active costs, such as electricity and network bandwidth. Which DR solution is most advantageous?
A. Online Backup
B. Cold site DR
C. Warm site DR
D. Hot site DR
C. Warm site DR
What allows an org and cloud provider to trust and share digital identities?
A. Federal Identity
B. Identity and Access Mgmt
C. Multi-factor Authentication
D. Tokenization
A. Federal Identity
A new e-commerce applic (predicted to deliver 70% of company revenue) is being developed and will be hosted on IaaS and PaaS with well known public cloud provider. The application will process personal data, orders, and also take payment details for processing for external payment processing companies. What should not be a key concern of the security manager?
A. Ability of the application to handle the increase in
number of users after a certain limit
B. Availability of the system when under DDoS attack
C. Integrity of financial transactions
D. Personal Identifiable Data of persons from outside
US, stored in the US data centers
E. Payment processing not fully outsourced, hence the
system in the full scope of PCI DSS.
A. Ability of the application to handle the increase in
number of users after a certain limit
The Heartbleed bug in the OpenSSL was open to which of the following attacks?
A. Brute-force of the cryptographic keys used to encrypt network transmission
B. DoS attack to make website unresponsive
C. Network snooping attack with a side channel for decryption of the encrypted traffic
D. Private memory (RAM) read attack what could reveal private or session keys
D. Private memory (RAM) read attack what could reveal private or session keys
What would typically be the responsibility of a cloud customer security operations team?
A. Facilities, Network Infrastructure, Hyper-visor security
B. Facilities, Physical security, Physical Infrastructure, Network Infrastructure, Operating Systems
C. Facilities, Physical security, Physical Infrastructure, Network Infrastructure, Virtualization Infrastructure
D. Operating System, Application, Account Mgmt, Security Roles, Network Configuration
D. Operating System, Application, Account Mgmt, Security Roles, Network Configuration
Which of the following statements correctly depicts the use of a Concept of Operations (CONOP) document?
A. Mandatory document required by ISO 27001 related
to security operations
B. Mandatory document required by ISSO 27023 related
to security operations
C. It helps an org to document in plain language what is
required and what should be built for an information
system
D. It provide requirements for an org to implement
security mgmt related to identity and access mgmt.
C. It helps an org to document in plain language what is
required and what should be built for an information
system
Due diligence is the investigation process before committing to a contractual agreement for cloud services. As part of process, it is recommended to use a step-by-step approach or check list/plan which would help to look into the little details. Which plan needs to be part of the due diligence process and has the scope of all the services to be migrated to the cloud?
A. Transition Plan
B. Project Plan
C. Migration Plan
D. Implementation Plan
A. Transition Plan
Network isolation is an important factor to establish a cloud infrastructure and hardening process. The networking devices need to be config with proper port config to mitigate the switch spoofing and double tagging threats. What type of attack can be targeted from these threats?
A. VM Theft
B. VLAN Hopping
C. VM Hopping
D. VLAN Escape
B. VLAN Hopping
A Container is a form of OS Virtualization that is more efficient than typical HW Virtualization.Containers can be used as alt to OS level Virtualization to run multiple isolated systems on single host; however, there are differences in the char of Virtualization and Container. Which of the following character associated to OS-level Virtualization and not Containers? A. Applying limits per process B. Single Network file system caching C. Emulation of devices D. Single kernel
C. Emulation of devices