Exam Flashcards
How many tiers should an ISCM per NIST 800-137 have:
A. 2 – Tier 1 (Org Bus Process), Tier 2 (Cloud Computing
Strategy Implem)
B. 2 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process)
C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy)
Tier 3 (Cloud Computing Strategy Implem)
D. 3 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process), Tier 3 (ICSM Strategy)
C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy)
Tier 3 (Cloud Computing Strategy Implem)Cloud services i.e.: IaaS, PaaS, SaaS can be delivered by several models. Select 3. A. Private Cloud B. Community Cloud C. Hybrid Cloud D. E. Shared Cloud Social Cloud
A. Private Cloud
B. Community Cloud
C. Hybrid Cloud
What is not risk for multi-tenancy design?
A. Co-mingled tenant data
B. Inadequate logical Sec Cntl
C. Overcharging for extreme use of resources
D. Uncoordinated change cntl and mis-config
C. Overcharging for extreme use of resources
Consider the following about hybrid cloud solutions:
- In hybrid cloud, both the provider and consumer share
the mgmt responsibility
- In hybrid cloud, both the provider and consumer share
the ownership
- In hybrid cloud, the provider and consumer use the
combination of on-premise and off-premise
infrastructure
- In hybrid cloud, both the provider and consumer have
trusted and untrusted users.
Which statement is correct?
A. Statement 1 & 2 are correct
B. Statement 1, 3, & 4 are correct
C. Statement 2, 3, & 4 are correct
D. All Statement are correct
D. All Statement are correct
Consider the context of data center avail and physical Sec. Which Tier ensures highest AVAILABILITY A. Tier I B. Tier II C. Tier III D. Tier IV
D. Tier IV
What is a device that safeguards and manages digital keys for strong authentication along with providing crypto processing called?
A. Hardware Sec Module (HSM)
B. Key Mgmt Device (KMD)
C. Public Key Infrastructure
D. Windows File Server
A. Hardware Sec Module (HSM)
What are the benefits of Least Privilege Access?
A. Better service stability, security, & ease of Deployment
B. Better service stability, lower complexity, better security, & ease of Deployment
C. Improved availability, lower risk, lower cost of development, and deployment
D. It is mainly about the best service availability
A. Better service stability, security, & ease of Deployment
Consider the replication schemes and active costs, such as electricity and network bandwidth. Which DR solution is most advantageous?
A. Online Backup
B. Cold site DR
C. Warm site DR
D. Hot site DR
C. Warm site DR
What allows an org and cloud provider to trust and share digital identities?
A. Federal Identity
B. Identity and Access Mgmt
C. Multi-factor Authentication
D. Tokenization
A. Federal Identity
A new e-commerce applic (predicted to deliver 70% of company revenue) is being developed and will be hosted on IaaS and PaaS with well known public cloud provider. The application will process personal data, orders, and also take payment details for processing for external payment processing companies. What should not be a key concern of the security manager?
A. Ability of the application to handle the increase in
number of users after a certain limit
B. Availability of the system when under DDoS attack
C. Integrity of financial transactions
D. Personal Identifiable Data of persons from outside
US, stored in the US data centers
E. Payment processing not fully outsourced, hence the
system in the full scope of PCI DSS.
A. Ability of the application to handle the increase in
number of users after a certain limit
The Heartbleed bug in the OpenSSL was open to which of the following attacks?
A. Brute-force of the cryptographic keys used to encrypt network transmission
B. DoS attack to make website unresponsive
C. Network snooping attack with a side channel for decryption of the encrypted traffic
D. Private memory (RAM) read attack what could reveal private or session keys
D. Private memory (RAM) read attack what could reveal private or session keys
What would typically be the responsibility of a cloud customer security operations team?
A. Facilities, Network Infrastructure, Hyper-visor security
B. Facilities, Physical security, Physical Infrastructure, Network Infrastructure, Operating Systems
C. Facilities, Physical security, Physical Infrastructure, Network Infrastructure, Virtualization Infrastructure
D. Operating System, Application, Account Mgmt, Security Roles, Network Configuration
D. Operating System, Application, Account Mgmt, Security Roles, Network Configuration
Which of the following statements correctly depicts the use of a Concept of Operations (CONOP) document?
A. Mandatory document required by ISO 27001 related
to security operations
B. Mandatory document required by ISSO 27023 related
to security operations
C. It helps an org to document in plain language what is
required and what should be built for an information
system
D. It provide requirements for an org to implement
security mgmt related to identity and access mgmt.
C. It helps an org to document in plain language what is
required and what should be built for an information
system
Due diligence is the investigation process before committing to a contractual agreement for cloud services. As part of process, it is recommended to use a step-by-step approach or check list/plan which would help to look into the little details. Which plan needs to be part of the due diligence process and has the scope of all the services to be migrated to the cloud?
A. Transition Plan
B. Project Plan
C. Migration Plan
D. Implementation Plan
A. Transition Plan
Network isolation is an important factor to establish a cloud infrastructure and hardening process. The networking devices need to be config with proper port config to mitigate the switch spoofing and double tagging threats. What type of attack can be targeted from these threats?
A. VM Theft
B. VLAN Hopping
C. VM Hopping
D. VLAN Escape
B. VLAN Hopping
A Container is a form of OS Virtualization that is more efficient than typical HW Virtualization.Containers can be used as alt to OS level Virtualization to run multiple isolated systems on single host; however, there are differences in the char of Virtualization and Container. Which of the following character associated to OS-level Virtualization and not Containers? A. Applying limits per process B. Single Network file system caching C. Emulation of devices D. Single kernel
C. Emulation of devices
Business Continuity is key component of any IT, Security, and Cloud Strategy. Which 3 key elements does it include? Select 3 options.
A. Availability B. Contingency C. Resilience D. Recovery E. Scalability
B. Contingency
C. Resilience
D. Recovery
What provides assurance that the message received has not lost its original form?
A. Authentication
B. Confidentiality
C. Integrity
D. Non-Repudiation
C. Integrity
The Risk Assessment methodology has 9 steps. Which step is THREAT IDENTIFICATION? A. First B. Second C. Third D. Fourth
B. Second
What is not an activity related to Incident Mgmt in the cloud?
A. Handling complicated troubleshooting due to
continuous environment changes
B. Limiting incident spill over to multi cloud tenants
C. Managing incident investigation in virtualized
environment
D. Managing access to appropriate levels of data
D. Managing access to appropriate levels of data
What is not a char of SOA?
A. All components should be exposed as services
B. All services should use SOAP/WSDL interfaces
C. All services are discover-able from a portal
D. All services should use WS-* security
C. All services are discover-able from a portal
Which attack vector allows an attacker to break out of a VM and interact with the host OS?
A. Hyper jacking
B. VM Escape
C. VM Hopping
D. VM Theft
B. VM Escape
Cloud is very effective enabler for DR or BC. For multi-site solution, what would help to identify the data replication method to use with regard to DR?
A. RTO
B. RPO
C. Multi-Site Active-Active
D. Data Center Tiers
B. RPO
*Data Replication method that you employ will be determined by the RPO you choose
Critical Business functions and the supporting infrastructure should be unaffected by most disruptions. What BC element ensures this??
A. Availability
B. Contingency
C. Recovery
D. Resilience
D. Resilience
- Resilience refers to critical business function and the supporting infrastructure that are designed in such a way that they are materially unaffected by most disruptions.
Which org has provided a globally accepted Cloud Computing Ref Architecture?
A. Carnegie Mellon University
B. Institute of Electrical and Electronics Engineers
C. Nat’l Institute of Standards and Technology (NIST)
D. Resilience Massachusetts Institute of Technology
C. Nat’l Institute of Standards and Technology (NIST)
Who is the Relying Party in a federated environment, and what do they do?
A. The Customer. They consume tokens generated by
the Identity Provider.
B. The Service Provider. They consume tokens
generated by the customer.
C. The Identity Provider. They consume tokens
generated by the service provider.
D. The Service Provider. They consume tokens
generated by the Identity Provider.
D. The Service Provider. They consume tokens
generated by the Identity Provider.
What is the key benefit provided to a customer when using Infrastructure as a Service (IaaS) solution?
A. Ability to scale up infrastructure services on the basis
of projected usage
B. Transfer in the cost of ownership
C. Usage is measured and priced on basis of consumed
units
D. Efficiency of cooling system and increased energy
C. Usage is measured and priced on basis of consumed
units
Which of the following are the six components of the STRIDE Threat Model?
A. Spoofing, Repudiation, Tampering, Information
Disclosure, Social Engineering and Denial of Service
B. Spoofing, Tampering, Repudiation, Information
Disclosure, Denial of Service, Elevation of Privilege
C. Tampering, Spoofing, Non-Repudiation, Denial of
Service, Information Disclosure and Elevation of
Privilege
D.Spoofing, Tampering, Information Disclosure,
Repudiation, Distributed Denial of Service, Elevation
of Privilege
B. Spoofing, Tampering, Repudiation, Information
Disclosure, Denial of Service, Elevation of Privilege
Which of these are data storage types that can be used with Platform as a Service?
A. Unstructured and Ephemeral
B. Tabular and Object
C. Structured and Unstructured
D. Raw and Block
C. Structured and Unstructured
What is Cloud Security Alliance Cloud Controls Matrix?
A. Regulatory requirements for Cloud Service Providers
B. A set of SDLC requirements for Cloud Service
Providers
C. An inventory of security controls for Cloud Service
arranged into distinct security domains
D. An inventory of security controls for Cloud Service
arranged into security domains hierarchy
C. An inventory of security controls for Cloud Service
arranged into distinct security domains
Where does the encryption engine reside when using transparent encryption of database?
A. In Key Management System
B. Within the database
C. On instance(s) attached to the volume
D. At the database-using application
B. Within the database
What is presented to a cloud service organization or customer in an audit scope statement?
A. List of security controls at are to be audited
B. Results of the audit, findings and recommendations
C. Required level of information for the organization or
client being audited in order to understand and agree
with the focus, scope and type of assessment that is
to be performed
D. The projected cost of audit and auditor credentials
C. Required level of information for the organization or
client being audited in order to understand and agree
with the focus, scope and type of assessment that is
to be performed
Which key issue related to the Object Storage type should the Cloud Service Provider be aware of?
A. Access Control
B. Data consistency can only be achieved after change
propagation to all replica instances occurs
C. Continuous Monitoring
D. Data consistency can only be achieved after change
propagation to specific percentage of replica
instances occurs
B. Data consistency can only be achieved after change
propagation to all replica instances occurs
*Whenever a file is updated, you have to wait for the change to be propagated to all replicas before requests can return latest version. This is why object storage is unsuitable for data that constantly changes.
Which of the following is a unique identifier for every set of data and its metadata?
A. Port ID
B. Object ID
C. Set ID
D. VIN
B. Object ID
In data, a blob refers to which of the following?
A. Metadata
B. Policies
C. Replica
D. Large binary obj
D. Large binary obj
Which cloud services model is the most minimal, offering the consumer the capability to deploy applications but not manage or control the cloud infrastructure?
A. AaaS
B. SaaS
C. IaaS
D. PaaS
D. PaaS
Which of the following is a just-in-time essential characteristic of cloud computing?
A. Unilateral provisioning
B. On-demand self service
C. Resource pooling
D. Ubiquitous access
B. On-demand self service
Data about data is know as which of the following?
A. Metadata
B. Trait
C. Point
D. Element
A. Metadata
Ultimately who is accountable for the choice of public cloud and the security and privacy of the outsourced service?
A. The organization
B. Vendor and end user
C. End user
D. Vendor
A. The organization
Issues that can arise from different clients being on the same system would be categorized as which of the following?
A. Assemblage
B. Multi-tenant
C. Elastic
D. Segregated
B. Multi-tenant
