Exam Questions

Question 1

What is reversability ?

Answer 1

Reversibility is a metric that indicates the ease with which your cloud services can be migrated between cloud environments.

Question 2

What does EAL4 in common criteria tell us ?

Answer 2

It has been methodically designed, tested, and reviewed

Question 3

What does EAL1 in common criteria tell us ?

Answer 3

It has been functionally tested

Question 4

What does EAL2 in common criteria tell us ?

Answer 4

It has been structurally tested

Question 5

What does EAL3 tell us ?

Answer 5

Methodically tested and checked

Question 6

What does EAL5 tell us ?

Answer 6

Semi-formally designed and tested

Question 7

What does EAL6 tell us ?

Answer 7

Semi-formally verified design and tested

Question 8

What does EAL7 tell us ?

Answer 8

Formally verified design and tested

Question 9

Within LDAP, which of the following acts as the primary key for an object?

Answer 9

DN

Question 10

Artificial intelligence that incorporates emotional intelligence, social intelligence, and cognitive learning and responses is known as?

Answer 10

Humanised

Question 11

Finite State Model” is one of the 11 sections that are defined in which standard?

Answer 11

FIPS140-2

Question 12

An organization is running VMware Workstation. What type of hypervisor is this?``

Answer 12

Software

Question 13

Which of the following organizations publishes security standards applicable to any systems used by the federal government and its contractors?

Answer 13

NIST

Question 14

What are the four types of blockchain ?

Answer 14

private, public, consortium, and hybrid

Question 15

CorrectThe FIPS 140-2 standard defines four levels of security. Of the four levels, which provides the HIGHEST level of security and tamper protection?

Answer 15

4

Question 16

disadvantage of resource pooling?

Answer 16

multitenancy

Question 17

When systems are given a set of seed data and patterns to search for and then continuously change their behavior depending on information and analysis of continuing trends, this process is referred to as?

Answer 17

Machine Learning

Question 18

What is a cloud service partner ?

Answer 18

cloud service partner is a third-party provider of cloud-based services (infrastructure, storage and application, and platform services) through the CSP with which it is associated. The third-party cloud service partner makes use of the cloud service provider’s service in this scenario

Question 19

What is an example of a type 1 hypervisor ?

Answer 19

VMware ESXI is an example of a type 1 hypervisor.

Question 20

What is meant by the term portability ?

Answer 20

Portability is the feature that allows data to move between multiple cloud providers without any issues

Question 21

When data is used in an application where it is viewable to users, customers, etc., it is known as which stage of the cloud secure data life cycle?`

Answer 21

Share

Question 22

How many layers of encryption are typically used on database storage systems?

Answer 22

Two layers Database storage systems are generally encrypted with two layers of encryption. First, the files on the database can be protected through a file system level encryption. Second, encryption can be used within the application itself.

Question 23

Which of the following is NOT a component of DLP that Maxwell has to be concerned with?

Answer 23

Evidence and Custody

Question 24

As you are drafting your organization’s cloud data destruction policy, which of the following is NOT a consideration that may affect the policy?

Answer 24

Data Discovery

Question 25

When is the MOST optimal time to determine if data is classified as secure?

Answer 25

Create

Question 26

What is used to consolidate large amounts of structured data, often from desperate sources inside or outside the organization, with the goal of supporting business intelligence and analysis efforts?

Answer 26

Data Warehouse

Question 27

The most common and well understood threat to storage is?

Answer 27

Unauthorized access to data

Question 28

Which phase of the cloud data lifecycle is the first phase in which security controls are implemented to protect data at rest?

Answer 28

Store

Question 29

What term is used to describe the business intelligence and user-driven process in which data is analyzed and represented visually in order to look for specific attributes and patterns within that data?

Answer 29

Data Discovery

Question 30

An organization utilized data event logging recommendations by OWASP in their cloud auditing plan. Which of the following is NOT a recommendation?

Answer 30

Network

Question 31

The purpose of labeling data is to accomplish which of the following?

Answer 31

Group data elements together and provide information about those elements

Question 32

What is erasure decoding ?

Answer 32

Erasure encoding is a technique employed by data dispersion to encrypt data with parity bits added.

Question 33

A security incident occurred within an organization that affected numerous servers and network devices. A security engineer was able to use the SIEM to see all of the logs pertaining to that event, even though they occurred on different devices, by using the IP address of the source. Which function of a SIEM is being described in this scenario?

Answer 33

Correalation

Question 34

Select the correct order of the cloud data lifecycle?

Answer 34

Create, store, use, share, archive, destroy

Question 35

In which phase of the cloud data lifecycle should security controls using SSL/TLS be implemented?

Answer 35

Create

Question 36

What is network segmentation ?

Answer 36

Network segmentation Network segmentation is the process of separating different parts of the network and/or restricting access to certain areas of the network. Network segmentation can be done using physical separation methods or software/virtual separation methods

Question 37

Storage in the cloud typically consists of?

Answer 37

SAN aand RAID

Question 38

What is the typical magnitude of servers in a on site data center ?

Answer 38

Thousands A traditional data center will likely house thousands of computers for a large enterprise corporation. This means that they will have incredible cooling and utility requirements. On the other hand, a major cloud environment may house hundreds of thousands of servers across many physical locations with their own cooling and utility requirements. In the cloud environment, however, the concern for these requirements is moved away from the cloud customer to the cloud provider.

Question 39

How to cloud providers prioritise resources under high utilisation ?

Answer 39

In the event that there are not enough resources to serve all hosts, cloud providers must prioritize and weigh which systems will receive the limited resources available. This concept is known as shares. Reservations refer to the minimum amount of resources that each cloud customer will receive, and limits refer to the maximum that they will receive.

Question 40

In the event of an ISP failure, the customer is responsible for ensuring communication with the CSP. Which of the following would be the BEST strategy for ensuring that a means of communication with the cloud vendor is always available?

Answer 40

Redundant ISP

Question 41

When selecting a cloud service provider, what is the MOST preferred attestation report to receive from vendors providing cloud services?

Answer 41

SOC 2 Type 2

Question 42

What is the purpose of hot/cold aisles?

Answer 42

To avoid one row of racks pushing hot air directly into another row

Question 43

IRM restrictions are typically provisioned by a data owner. In what access model is the owner responsible for defining the restrictions on a per-document basis?

Answer 43

The owner of a document is responsible for defining the limits on a per-document basis under a discretionary access control (DAC) model. This entails manually configuring sharing for documents that contain user authentication information for a database.

Question 44

An organization is the process of building a new data center. They want to ensure that the moisture level is not too high in their data center. What is the recommended maximum moisture level for a data center

Answer 44

50 percent relative humidity

Question 45

An organization is the process of building a new data center. They want to ensure that the moisture level is not too high in their data center. What is the recommended minimum moisture level for a data center

Answer 45

40 percent relative humidity

Question 46

For the organizations’ cloud environment, they are using a SaaS IAM manager and users will be using the same username and password for both the cloud and on-premise IAM systems. Due to the risks this may present, what is an important component to the organization’s cloud IAM strategy?

Answer 46

User Education

Question 47

Organization A typically leaves their images offline at the business continuity and disaster recovery (BCDR) site when not in use. What risk is associated with this?

Answer 47

Images may not be patched and up to date with production system baselines and configurations

Question 48

Who is responsible for the security of the public internet?

Answer 48

Users

Question 49

In order to access their cloud environment remotely, a cloud engineer set up a method to connect in. This method uses a system which is publicly accessible on the Internet; however, the machine is extremely hardened to prevent attacks and is focused to allow access to a single application. Which of the following did the cloud engineer create?

Answer 49

Bastion

Question 50

What is RPO ?

Answer 50

RPO stands for recovery point objective, and it is the minimum amount of data that would be needed to be retained and recovered for an organization to function at a level which is acceptable to stakeholders. The RPO does not mean that the organization has to be operating at full capacity, just at an acceptable level where crucial systems are online.

Question 51

Give examples of internal and external redundancy ?

Answer 51

Generators External redundancy includes power feeds/lines, power substations, generators, generator fuel tanks, network circuits, building access points, and cooling infrastructure. Internal redundancy includes power distribution units, power feeds to rack, cooling units, networking, storage units, and physical access points

Question 52

An engineer entered a data center and noticed that the humidity level was 20 percent relative humidity. What risk could this pose to systems?

Answer 52

Excess electrostatic discharge

Question 53

Which of the following is NOT one of the main risks that needs to be assessed during the “assess risk” phase of developing a BCDR plan?

Answer 53

Budgetary restraints are not a main risk when developing a BCDR plan. The main risks associated with developing a BCDR plan include the load capacity at the BCDR site, migration of services, and legal or contractual issues.

Question 54

What is the ideal temp for a data center ?

Answer 54

The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) recommend that data centers have a temperature between 64.4-80.6 degrees Fahrenheit and a humidity level of between 40-60 percent relative humidity.

Question 55

After a BCDR plan has been implemented, it can only be considered valid after which of the following has been done?

Answer 55

Testing

Question 56

What is the danger of a compromised hypervisor ?

Answer 56

A compromised hypervisor can be used to attack all virtual machines on that hypervisor and also be used to attack other hypervisors.

Question 57

how is data in use typically protected?

Answer 57

Secure API calls and web services

Question 58

Give an example of a white box test ?

Answer 58

Static application security testing (SAST) is a “white-box” type of test, meaning that the tester has knowledge of and access to the source code

Question 59

To allow automation and orchestration within a cloud environment, what network protocol must be enabled?

Answer 59

DHCP The Dynamic Host Configuration Protocol (DHCP) assigns an IP address and other networking information to devices in the network automatically. This facilitates the creation of a centralized management system. New hosts can be activated with DHCP, as well as hosts that need to be auto-scaled, dynamically optimized, or relocated between physical hardware programmatically. DHCP allows network information to be readily updated and changed as needed.

Question 60

What is OAuth used for?

Answer 60

Authorisation

Question 61

In which IAM model are applications configured to trust identity providers, and identity providers authenticate users using digital security tokens?

Answer 61

SSO

Question 62

Which of the following is NOT in the top three threats to cloud computing according to CSA’s 2020 Egregious 11?

Answer 62

Abuse and nefarious use of cloud services

Question 63

To monitor and control access to application services of a SaaS solution, what should be implemented?

Answer 63

An approved API is critical for ensuring the security of system components we are interacting with. Enforcing the usage of APIs to reduce the number of ways for accessing application services simplifies their monitoring and protection

Question 64

Which type of security test is run against live systems and those testing have limited knowledge of the systems?

Answer 64

DAST

Question 65

The Treacherous Twelve is a list of twelve risks that are associated specifically with which type of technology?

Answer 65

Cloud Based

Question 66

At the conclusion of which phase of the software development lifecycle (SDLC), will there be formal requirements and specifications ready for the development team to turn into actual software?

Answer 66

Analysis

Question 67

Which OWASP Top 10 vulnerability is defined as the capacity of unauthenticated users to see unauthorized and sensitive data, perform unauthorized functions, and modify access rights?

Answer 67

Broken Access Control

Question 68

Which of the following is a security mechanism that allows an application to protect itself by responding and reacting to ongoing events and threats?

Answer 68

Runtime Application Self-Protection (RASP) is a security mechanism that allows an application to protect itself by responding and reacting to ongoing events and threats in real-time.

Question 69

Which phase of the software development lifecycle (SDLC) typically takes the LONGEST amount of time?

Answer 69

During the development/coding phase of the SLDC, the plans and requirements are turned into executable programming language. This is the heart of the software development process.

Question 70

What process is oriented around service delivery of the application service produced in modern DevOps / DevSecOps and occurs at all phases to provide continuous improvement and quality tracking?

Answer 70

Quality Assurance

Question 71

Which sort of testing embeds an agent within an application and analyzes traffic application performance in real time to identify potential security issues?

Answer 71

IAST Interactive Application Security Testing (IAST) is a gray-box testing technique. An agent is placed in an application to undertake real-time analysis of the program’s traffic performance in order to uncover any security vulnerabilities.

Question 72

Which type of attack could be caused by a compromised DHCP server?

Answer 72

A DHCP (dynamic host configuration protocol) is used to automatically configure network settings on systems without the need for admins to do this manually on each computer. DHCP servers must be kept secure. If a DHCP server were to be compromised, the attacker would have access to change network settings that are given out by the DHCP server. This would allow them to redirect legitimate users to compromised or spoofed systems.

Question 73

Your organization is in the process of migrating to the cloud. Mid-migration you come across details in an agreement that may leave you non-compliant. Who would be the BEST contact to discuss your cloud environment compliance with legal jurisdictions?

Answer 73

Regulators

Question 74

Which institute publishes the most widely used standard for data center topologies?

Answer 74

Uptime Institute

Question 75

Which organization is responsible for developing the Infinity Paradigm?

Answer 75

IDCA

Question 76

At which point during the incident response process are new security controls implemented?

Answer 76

During the recovery and eradication phases of an incident response, new countermeasures are implemented.

Question 77

Virtualization hosts, along with which of the following, have BIOS settings in place that control hardware configurations as well as security technologies which assist in preventing access to the BIOS?

Answer 77

TPMs (Trusted Platform Modules) and virtualization hosts have BIOS settings in place that control hardware configurations and security technologies to prevent unauthorized access to the BIOS. It’s important to ensure that access to the BIOS is locked down for all systems to prevent unauthorized changes to the systems at the BIOS-leve

Question 78

What is a KVM used for?

Answer 78

A KVM is used to connect a keyboard, mouse and monitor to physical servers in a data center to provide access. KVM stands for keyboard, video, mouse. It’s important in a data center, that security measures are put in place to prevent unauthorized access using the KVM.

Question 79

To take a snapshot and backup a virtual machine, which of the following backup solutions is typically used?

Answer 79

Agentless

Question 80

What are the our key areas of the physical cloud environment?

Answer 80

The four key physical components of a cloud environment include CPU, disk, memory, and network. These components are the aspects that a cloud provider must ensure they have adequate resources for. There should be resources in these categories for both the current needs of cloud customers and future needs for the foreseeable future. Cabling is not considered one of the key physical aspects of the cloud environment.

Question 81

What is a concern with virtual images ?

Answer 81

Virtual images are susceptible to attacks whether they are running or not

Question 82

What type of technology uses iSCSI, Fibre Channel, and Fiber channel over Ethernet (FCoE) to create dedicated networks for data storage and retrieval?

Answer 82

SAN

Question 83

What is a grouping of resources with a coordinating software agent that facilitates communication, resource sharing, and routing of tasks?

Answer 83

Clusters are a collection of resources linked together by a software agent that enables communication, resource sharing, and task routing inside the cluster. Clusters are an important aspect of resource pooling, which is fundamental to cloud computing. They are used to provide most of the resources required in modern computing systems, such as processing, storage, network traffic handling, and application hosting

Question 84

Is RDP secure ?

Answer 84

No

Question 85

What networking practice is based on hierarchical, distributed tables, and when a change is made to the relationship between a domain and a specific IP address, the change is registered at the top of the hierarchical table and filters down to all remaining entries

Answer 85

DNS

Question 86

What is the first step in establishing communications with vendors?

Answer 86

The first step in communicating with vendors is to compile a list of all key third parties on which the business relies. This inventory will serve as the basis for risk management operations with third parties or vendors. Additionally, contact with vendors will be nearly entirely driven by contract and service level agreement obligations. All other options are not steps in establishing communications with vendors.

Question 87

An auditor performing a manual audit pulls a registry file from a sample of windows servers and compares it to a baseline. Where would she be pulling the baseline from?

Answer 87

The organization’s configuration management database (CMDB) should capture all configuration items (CI’s) that have been placed under configuration management. This database can be used for manual audits as well as automated scanning to identify systems that have drifted out of their secure state

Question 88

As cloud service customers, the majority of businesses will get communications from their cloud service providers. What are the primary responsibilities of cloud service customers?

Answer 88

cloud customers have a critical accountability to define SLA terms. This will ensure that the CSC receives the proper level of communication, and through the correct channels from the CSP.

Question 89

TLS is a critical technology for encrypting data while it is in transit. TLS is composed of two protocol layers. What are they?

Answer 89

TLS specifies a handshake protocol when two parties establish an encrypted communications channel and TLS record protocol uses keys created during the handshake.

Question 90

Monitoring the effectiveness of your organization’s security procedures is critical. Which security control monitoring component is the MOST fundamental?

Answer 90

Monitoring your security controls should begin with documentation that details the purpose and implementation of each control. Additionally, you should have process documentation on how to monitor each security control.

Question 91

What is the final step in deploying a newly upgraded application into production?

Answer 91

Change management is a critical component of configuration management and, more broadly, business. The process of committing to a change that will influence production workload is known as change management. In the case of any change that will have an impact on production, change management is the last stage and approval process.

Question 92

Which network device is in charge of managing the flow of traffic in and out of the network based on configured rules?

Answer 92

The firewall is the main device that is used to manage the flow of traffic in and out of the network based on rules configured on the firewall. Firewalls can be virtual devices or physical devices.

Question 93

Which built-in VMware tool can be used to automate patches of both the vSphere hosts and the virtual machines running under them?

Answer 93

VUM (vSphere Update Manager) is a utility which is built into VMware. VUM is able to automate patches of both the vSphere hosts as well as the virtual machines running under them. VUM also provides a dashboard which gives administrators a glimpse into their patching status across the environment.

Question 94

What is capacity management ?

Answer 94

Capacity management is concerned with having and providing the required system resources to meet SLA requirements of customers in a cost-effective and efficient manner. It’s important to ensure that systems are not under-provisioned, leading to service and performance issues, but also not over-provisioned, leading to higher costs to the organization.

Question 95

What is the MAIN difference between high availability and fault tolerance?

Answer 95

Fault tolerance involves the use of specialized hardware that can detect faults and automatically switch to redundant systems. High availability makes use of shared and pooled resources to maintain a high level of availability and minimize downtime. Fault tolerance is different, in that it utilizes a specialized hardware which can detect faults and automatically switch to redundant systems based on the type of failure.

Question 96

How do you mitigate log manipulation ?

Answer 96

Sending or copying the logs to a centralized location such as a SIEM prevents this since the attacker may be able to delete them on the system itself, but will likely not have gotten access to the SIEM to change them there as well.

Question 97

In which layer of the TLS protocol does the secure communications method for transmitting data occur?

Answer 97

TLS (transport layer security) is broken up into two main phases: TLS Handshake Protocol and TLS Record Protocol. During the TLS Handshake Protocol, the TLS connection between the two parties is negotiated and established. During the TLS Record Protocol, the actual secure communications method for transmitting data occurs.

Question 98

Where is the BIOS stored?

Answer 98

The BIOS is a form of firmware. It is typically stored in read-only memory. The BIOS is crucial for secure booting processes, as it verifies the hardware and firmware configurations of a system before allowing the operating system or applications to execute.

Question 99

Which of the following BEST describes a SOC?

Answer 99

A centralized group in an organization that handles security issues A SOC (security operations center) is a centralized group within an organization that handles security issues.

Question 100

What is SOX ?

Answer 100

SOX (Sarbanes-Oxley Act) regulates accounting and financial practices within an organization. IT engineers need to be aware of SOX, as it can affect which type of data needs to be stored/retained, and for how long

Question 101

Which standard provides guidelines on contract negotiations with cloud service providers about eDiscovery, searchability, and data preservation?

Answer 101

Cloud Security Alliance (CSA) Security Guidance Domain 3: Legal Issues: Contracts and Electronic Discovery provides guidance on contract negotiations with cloud service providers about eDiscovery search ability and data preservation

Question 102

Which jurisdiction does NOT have a standard national/regional data privacy regulation that applies to all personal information?

Answer 102

USA

Question 103

What is the FIRST stage of the risk treatment process?

Answer 103

In regard to risk treatment and the risk management process, the first stage is framing risk. Framing risk refers to determining what risk and levels are to be evaluated.

Question 104

Which one of the ten key principles of GAPP focuses on organizations having well documented and communicated privacy policies and procedures?

Answer 104

The management principle of the Generally Accepted Privacy Principles (GAPP) focuses on ensuring that organizations have well documented privacy policies and procedures.

Question 105

Which Russian law states that any collecting, processing, or storing of data on Russian citizens must be done from systems which are physically located in the Russian Federation?

Answer 105

Russian law 526-FZ was enacted in September of 2015. The law states that any collecting, processing, or storing of personal or private data that pertains to Russian citizens must be done from systems and databases which are physically located within the Russian Federation.

Question 106

An organization wants a way to ensure to the general public that their systems are safe and secure. What type of report should be done in order to share it with the general public?

Answer 106

SOC 3 reports are meant to be consumed and reviewed by the general public.

Question 107

Which of the following, published by the Cloud Security Alliance, provides a detailed framework and approach for handling controls that are pertinent and applicable in a cloud environment?

Answer 107

The Cloud Controls Matrix (CCM) outlines a detailed approach for handling controls in a cloud environment.

Question 108

Is ediscovery easier in cloud or on prem ?

Answer 108

eDiscovery in a traditional data center is typically easier and less complex than eDiscovery in a cloud environment. Within a traditional data center environment, any systems needed for an investigation can easily be physically isolated and preserved. In a cloud environment, most cloud customers do not own their own hardware, but instead share physical hardware in a multi-tenant cloud.

Question 109

Which of the following is NOT one of the ten key principles of the Generally Accepted Privacy Principles (GAPP) standard?

Answer 109

Transparency GAPP was developed by the American Institute of Certified Public Accountants and the Canadian Institute for Chartered Accountants. It includes ten key privacy principles as listed below: 1. Management 2. Notice 3. Choice and consent 4. Collection 5. Use, retention, and disposal 6. Access 7. Disclosure to third parties 8. Security for privacy 9. Quality 10. Monitoring and enforcement Reference:

Question 110

Your data in the cloud is stored in the EU region—what law or regulation would the data be governed by?

Answer 110

The nation where the data is collected Data sovereignty refers to the concept that data is subject to a nation’s laws and regulations. The laws governing the data sovereignty of the country where the data is collected should be followed

Question 111

Under the Federal Information Security Management Act (FISMA), all U.S. Government agencies are required to conduct risk assessments that align with what framework?

Answer 111

The NIST Risk Management Framework acts as a guide for risk management practices used by United States federal agencies. NIST developed the NIST CSF to assist commercial enterprises in developing and executing security strategies. FedRAMP is a cloud-specific version of NIST 800-53 that contains policies and procedures to assist cloud service providers in adopting security controls and risk assessment.

Question 112

In log management, what defines which categories of events are and are NOT written into logs?

Answer 112

The clipping level determines which events, such as user authentication events, informational system messages, and system restarts, are written in the logs and which are ignored. Clipping levels are used to ensure that the correct logs are being accounted for.

Question 113

Some communication policies are required by law or regulation. What law is MOST referenced to when talking about mandatory reporting or communications?

Answer 113

SOX Some post-incident communication policies are mandated by legislation or regulation. Sarbanes-Oxley (SOX) is the most frequently mentioned standard when discussing obligatory reporting and communications.

Question 114

Which is NOT one of the three key elements of incident management?

Answer 114

Incident Classification

Question 115

What are the three elements of incident management ?

Answer 115

Incident Response Team, Incident Response Plan, Root Cause Analysis

Question 116

What is the MOST commonly used communications protocol for network-based storage?

Answer 116

iSCSI allows for the transmission of SCSI commands over a TCP-based network. SCSI allows systems to use block-level storage that behaves like a SAN would on physical servers, but leverages the TCP network within a virtualized environment. iSCSI is the most commonly used communications protocol for network-based storage.

Question 117

What role goes through an onboarding, management, maintenance, and offboarding process to ensure that the cloud customer security expectations are met?

Answer 117

Partners frequently have the same amount of access to an organization’s systems as employees do, but they are not directly under the organization’s authority. Partner onboarding, management, maintenance, and offboarding processes should establish clear expectations of the cloud service customer’s security needs.

Question 118

Which international standard contains information about the architecture and security of Trusted Platform Modules (TPMs)

Answer 118

ISO/IEC 11889 specifies how various cryptographic techniques and architectural elements are to be implemented. It consists of four parts including an overview of architectures of the TPN, design principles, commands, and supporting code.

Question 119

The Unified Extensible Firmware Interface (UEFI) replaces the traditional BIOS and incorporates numerous enhancements. What is the theoretical maximum capacity of a hard drive that UEFI can address 4.9 zettabytes 4.4 zettabytes 10 zettabytes 9.4 zettabytes ?

Answer 119

9.4 zettabytes

Question 120

Which of the following is mainly concerned with minimizing the impact of issues in an organization by identifying the root cause of the issue?

Answer 120

The focus of problem management is to identify and analyze potential issues in an organization to determine the root cause of that issue. Problem management is responsible for implementing processes to prevent the issues from occurring in the future.

Question 121

What is the role of IPSEC ?

Answer 121

Encrypt and authenticate packets during transmission between two servers IPsec can be used to encrypt and authenticate packets during transmission between two systems.

Question 122

Which organization produced the “Data Center Design and Implementation Best Practices” standard, which includes specification for items such as hot/cold aisle setups?

Answer 122

BICSI (Building Industry Consulting Service International) has been around since 1977. Of the all the standards that BICSI has developed, the ANSI/BICSI 002-2014 is the most prominent. This standard is “Data Center Design and Implementation Best Practices.” In this standard, items such as hot/cold aisle setups, power specifications, and energy efficiency are all covered.

Question 123

Which of the following is NOT one of the most commonly used risk ratings?

Answer 123

Minimal

Question 124

What is the role of the data custodian ?

Answer 124

A data custodian is anyone who uses or consumes data which is owned by someone else. The data custodians must adhere to any policies set forth by the data owner in regard to the use of the data

Question 125

Under the General Data Protection Regulation (GDPR) passed in the EU, how long does a data controller have to notify the applicable government agency after a data breach or leak of personal or private information?

Answer 125

72 Hours

Question 126

What are the five key principles of ISO/IEC 27018

Answer 126

The five key principles of ISO/IEC 27018 are communication, consent, control, transparency, and independent and yearly audits.

Question 127

Which eDiscovery investigative method includes services set forth by pre-arranged contractual obligations that can be exercised when necessary?

Answer 127

Hosted eDiscovery, your cloud service provider incorporates eDiscovery into contractual responsibilities that can be executed as needed. However, a list of pre-selected forensic solutions may have limitations.

Question 128

Which of the following industries needs to meet the specialized compliance requirements set forth by the NERC/CIP?

Answer 128

Electric utilities The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) is a not-for-profit organization that collaborates with industry stakeholders to set standards for the operations and monitoring of the power system and its enforcement.

Question 129

A forensic investigator must complete the task of identifying, collecting, and securing electronic data and records so that they can be used in a criminal court hearing. What task is this forensic investigator completing?

Answer 129

eDiscovery is the process of searching for and collecting electronic data of any kind (emails, digital images, documents, etc.) so that the data can be used in either civil legal proceedings or criminal legal proceedings.

Question 130

Which regulatory framework specifies how long financial records must be preserved?

Answer 130

SOX

Question 131

An audit must have parameters to ensure the efforts are focused on relevant areas that can be effectively audited. Setting these parameters for an audit is commonly known as?

Answer 131

Audit scope restrictions refer to the process of defining parameters for an audit. The rationale for audit scope restrictions is that audits are costly and often require the involvement of highly skilled content experts. Additionally, system auditing can impair system performance, and in some situations necessitate the shutdown of production systems

Question 132

What is a data steward ?

Answer 132

While the data owner maintains sole responsibility for the data and the controls surrounding that data, there is sometimes the additional role of data steward, who will oversee data access requests and the utilization of the data

Question 133

Name three PII types ?

Answer 133

The two main types of PII (personally identifiable information) include contractual PII and regulated PII. Another type of PII is PHI or protected health information, which is a special type of PII pertaining to healthcare data

Question 134

Which type of security test is run against live systems and those testing have limited knowledge of the systems?

Answer 134

Dynamic application security testing (DAST) is a “black-box” type of security test, meaning that the tester is not given any special information about the systems they are testing. DAST is performed on live systems

Question 135

What is the MAIN reason that eDiscovery is typically easier in a traditional data center than it is in a cloud environment?

Answer 135

Systems aren’t able to be simply physically isolated and preserved in a cloud environment When eDiscovery must be done within a traditional data center, it’s possible to physically isolate the system and preserve the data. In a cloud environment, however, many cloud customers are using the same hardware, so it’s not possible to physically isolate a system and preserve it.

Question 136

Which of the following is NOT one of the ten key principles of the Generally Accepted Privacy Principles (GAPP) standard?

Answer 136

Transparency

Question 137

Data dispersal in cloud settings can have a mixed effect on an organization’s security. What are the disadvantages of data dispersion?

Answer 137

Relocation of data Segment dispersion can create complications in cloud environments. If data is distributed to regions with varying legal and regulatory requirements, the organization may become subject to unforeseen laws and regulations.

Question 138

Which of the following standards establishes internationally recognized standards for eDiscovery?

Answer 138

ISO/IEC 27050 provides internationally accepted standards related to eDiscovery processes and best practices

Question 139

Communication, Consent, Control, Transparency, and Independent and yearly audits are the five key principles found in what standard that cloud providers adhere to?

Answer 139

SO/IEC 27018 is a standard privacy requirement for cloud service providers to adhere to. It is focused on five key principals: communication, consent, control, transparency, and independent and yearly audits

Question 140

Which of the following is a disadvantage of resource pooling?

Answer 140

Resource pooling is one of the many benefits of cloud computing. Multiple clients share a set of resources, such as servers, storage, and application services, and each customer pays only for the resources they consume. This can create a problem when resources are pooled, since multi-tenancy may result, and a competitor or rival may share physical hardware with you.

Question 141

Structured and unstructured storage pertain to which of the three cloud service models?

Answer 141

PaaS Each cloud service model uses a different method of storage as shown below: * Platform as a Service (PaaS) - structured, unstructured * Infrastructure as a Service (IaaS) - volume, object * Software as a Service (SaaS) - content and file storage,

Question 142

There are two main types of storage in SaaS environments. Which SaaS storage type is the classic form of storing data within databases that the application uses and maintains?

Answer 142

Information storage and management is the classic form of storing data within databases that the application uses and maintains.

Question 143

What is the SLE ?

Answer 143

The difference between the original value of an asset and the remaining value of an asset after a single successful exploitation

Question 144

Which standard provides guidelines on contract negotiations with cloud service providers about eDiscovery, searchability, and data preservation?

Answer 144

CSA Cloud Security Alliance (CSA) Security Guidance Domain 3: Legal Issues: Contracts and Electronic Discovery provides guidance on contract negotiations with cloud service providers about eDiscovery search ability and data preservation.

Question 145

A hacker was able to send untrusted data to a user’s browser without going through any validation process. What type of attack is being described here?

Answer 145

Cross-site scripting (XSS) is a type of injection attack. XSS attacks occur when an attacker is able to send data to a user’s browser without having to go through any validation process. Essentially, the victim visits a website or web application which delivers and executes the malicious code to the user’s browser. Web forums and message boards are common locations to find XSS attacks.

Question 146

In which phase of the software development lifecycle (SDLC) should a cost-benefit analysis be done?

Answer 146

During the requirement gathering and feasibility stage of the SDLC, overall goals as well as desired outcomes should be documented. Timing and duration of the project should also be defined. During this phase, a cost-benefit analysis should be done to determine the feasibility of the project.

Question 147

BEST defines ARO?

Answer 147

The estimated number of times a threat will successfully exploit a vulnerability in a given year ARO stands for annualized rate of occurrence, which is defined by the estimated number of times a threat will successfully exploit a vulnerability in a given year

Question 148

FISMA is piece of legislation that pertains specifically to which

Answer 148

Any systems that will interact with federal agencies in any manner must adhere to the requirements set forth in FISMA (Federal Information Security Management Act). The requirements are used to ensure compliance with security controls required by the federal government.

Question 149

An organization has just completed the design phase of developing their business continuity and disaster recovery (BCDR) plan. What is the next step for this organization?

Answer 149

The steps of developing a BCDR plan are as follows: Define scope, gather requirements, analyze, assess risk, design, implement, test, report, and finally, revise. Once an organization has completed all of the design phase, they are ready to implement their BCDR plan.

Question 150

Which is NOT a way to measure business requirements and capabilities for business continuity and disaster recovery in the cloud?

Answer 150

How much data storage capacity is not a good indicator of business requirements and capabilities for continuity and disaster recovery in the cloud. Three metrics are used to assess business capabilities: RTO, which indicates how long systems are down, RPO, which indicates how much data may be lost, and recovery service level (RSL), which indicates how much processing power is required to maintain systems following a disaster.

Question 151

Securing supply chain management software in the cloud and securely connecting vendors globally through cloud services reduces what type of risk?

Answer 151

IT-related risk Supply chain management entails a plethora of dangers, one of which is cloud computing. By protecting supply-chain management software in the cloud and securely linking providers globally via cloud services, risk associated with information technology is reduced.

Question 152

In cloud computing, what would be considered the opposite of reservations?

Answer 152

Limits and reservations are both terms referring to how resources are allocated in a cloud environment. Reservations refer to the minimum amount of resources that a cloud customer is guaranteed to receive. The opposite of reservations are limits. Limits refer to the maximum of resources that a cloud customer may utilize.

Question 153

Which of the following is the MAIN concern for using a BCDR solution in the cloud?

Answer 153

The location where the data is stored and the local laws and jurisdictions that apply to it When using a cloud environment as a BCDR solution, it’s likely that data will be housed in numerous cloud datacenters in various geographical locations. It’s important to take into consideration what types of regulations and jurisdictions are applicable to the locations where your data is being stored.

Question 154

Which of the following terms BEST describes the role of someone who connects existing systems and services to the cloud?

Answer 154

A cloud service integrator is someone who connects (or integrates) existing systems and services to the cloud for a cloud customer.

Question 155

Compare SOAP to REST ?

Answer 155

SOAP does not allow for caching, making it less scalable and having lower performance than REST. SOAP does not allow for caching, making it less scalable and having lower performance than REST. Because of this, SOAP is typically used only when there are restrictions which prevent the use of REST in the environment. REST is more flexible and supports a variety of data formats, including both JSON and XML, while SOAP only allows the use of XML-formatted data.

Question 156

What is the FIRST stage of the risk treatment process?

Answer 156

Framing risk In regard to risk treatment and the risk management process, the first stage is framing risk. Framing risk refers to determining what risk and levels are to be evaluated.

Question 157

The mechanism that directs and controls the provisioning and use of cloud services both internally and externally is referred to as?

Answer 157

Governance is the system by which the provisioning and usage of cloud services are directed and controlled. Governance will put a framework in place to ensure compliance with regulatory obligations

Question 158

Your data in the cloud is stored in the EU region—what law or regulation would the data be governed by?

Answer 158

The laws governing the data sovereignty of the country where the data is collected should be followed. If you are required to comply with a data sovereignty obligation regarding the placement of your data, global CSPs will offer locations that may satisfy these criteria.

Question 159

What is a LUN ?

Answer 159

LUNs Volume storage is where storage is allocated to a virtual machine and configured as a typical hard drive and file system on that server. In a volume storage system, the main storage system is sliced into pieces called LUNs (logical units) and then allocated to a particular virtual machine by the hypervisor.

Question 160

Which type of AI is purely cognitive-based?

Answer 160

Analytical artificial intelligence (AI) is solely cognitive-based, focusing on a system’s ability to analyze past data and make future decisions.

Question 161

NOT a risk associated with having a BCDR plan?

Answer 161

The risks associated with a business continuity and disaster recovery (BCDR) plan include changes in location, maintaining redundancy, having proper failover mechanisms, having the ability to bring services online quickly, and having functionality with external services. Budget is something that should already be factored in and accounted for and, therefore, should not pose any risks to your BCDR plan

Question 162

Which of the following reports is focused on the effectiveness of controls during a set point in time?

Answer 162

SOC 1 Type 1 report is focused on the effectiveness of controls during a set point in time.

Question 163

An audit must have parameters to ensure the efforts are focused on relevant areas that can be effectively audited. Setting these parameters for an audit is commonly known as?

Answer 163

Audit scope restrictions refer to the process of defining parameters for an audit. The rationale for audit scope restrictions is that audits are costly and often require the involvement of highly skilled content experts. Additionally, system auditing can impair system performance, and in some situations necessitate the shutdown of production systems.

Question 164

Which of the following standards was developed by a joint privacy task force consisting of the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants?

Answer 164

GAPP (Generally Accepted Privacy Principles) is a privacy standard developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants.

Question 165

In which phase of the cloud data lifecycle should security controls using SSL/TLS be implemented?

Answer 165

The create phase is an ideal time to implement technologies such as SSL/TLS technologies with the data that is inputted or imported. It should be done in the create phase so that the data is protected initially before any further phases.

Question 166

What is the FIRST stage in the software development lifecycle (SDLC) in which security engineers should be involved?

Answer 166

Security engineers should be a part of every single phase of the SDLC, including the first stage: requirement gathering and feasibility. It is much more efficient to add security into an application as it’s being developed, than to attempt to add in security features later on (after it’s in production). During the requirement gather and feasibility stage of the SDLC, security engineers look at the risks associated with the project.

Question 167

DLP solutions are used to protect data in which state?

Answer 167

data loss prevention (DLP) solutions must be deployed on each of the systems that house data, including any servers, workstations, and mobile devices. This is the simplest of DLP solutions but, in order to be most effective, it may also require network integration.

Question 168

Cloud environments are constantly maintained to ensure that the resources are available when needed and that nodes share the load equally so that one node doesn’t become overloaded. What is this process known as?

Answer 168

Dynamic optimization is the process in which cloud environments are constantly monitored and maintained to ensure that the resources are available when needed and that nodes share the load equally so that one node doesn’t become overloaded. Distributed resource scheduling is a method for providing high availability, workload distribution, and balancing of jobs in a cluster. When a host is in maintenance mode, no virtual machines can run under that physical host.

Question 169

Which of the following has the LEAST impact when collecting forensic evidence in the cloud?

Answer 169

Typically, collecting forensic evidence in the cloud has no operational impact.

Question 170

The decisions regarding where traffic is filtered or sent to and the actual forwarding of traffic are separate from each other when which of the following technologies is being used?

Answer 170

Within a software defined network (SDN), decisions regarding where traffic is filtered or sent to and the actual forwarding of traffic are completely separate from each other.

Question 171

What is the final step in deploying a newly upgraded application into production?

Answer 171

Change management is a critical component of configuration management and, more broadly, business. The process of committing to a change that will influence production workload is known as change management. In the case of any change that will have an impact on production, change management is the last stage and approval process

Question 172

You’re revising your organization’s data destruction policy to guarantee that your cloud deployment is adequately protected. Which stage of the cloud data lifecycle will be impacted by this policy?

Answer 172

Data destruction policies encompass all phases of the data lifecycle. This is because data destruction may occur at all phases of the cloud data lifecycle.

Question 173

Describe the create phase in the data life cycle ?

Answer 173

The create phase is the initial phase of the cloud data lifecycle. While it may sound like data must be newly created from scratch in this phase, that is not the case. Rather, any time data can be considered new, it is in the create phase. This encompasses data which is newly created, data that is being imported from elsewhere, and also data that already exists but has been modified into a new form.

Question 174

Does OWASP cheat sheet mention network logging ?

Answer 174

No - The logging cheat sheet looks mainly at application level logging

Question 175

An engineer needs to ensure his organization is aware of all ten key principles of GAPP. Which is NOT a key principle of the GAPP standard?

Answer 175

Restriction The Generally Accepted Privacy Principles (GAPP) includes 10 key privacy principles and over 70 privacy objectives and methods for measuring and evaluating criteria. The 10 key privacy principles are listed below: 1. Management 2. Notice 3. Choice and consent 4. Collection 5. Use, retention, and disposal 6. Access 7. Disclosure to third parties 8. Security for privacy 9. Quality 10. Monitoring and enforcement

Question 176

Who is responsible for the security of the public internet?

Answer 176

The individuals using the public internet are responsible for security. Security is a shared responsibility. The CSP, CSC or ISP would not be responsible.

Question 177

What does the GAP Management principle focus on ?

Answer 177

The management principle of the Generally Accepted Privacy Principles (GAPP) focuses on ensuring that organizations have well documented privacy policies and procedures. In addition, this information is communicated to necessary parties, and official measures are taken to ensure accountability.

Question 178

Which of the principles are always covered in a SOC2 audit

Answer 178

Security

Question 179

What five principles are potentially covered by SOC ?

Answer 179

Security, Confidentiality, Process Integrity, Availability, Privacy

Question 180

What are the three main building blocks that are covered in a cloud management plan ?

Answer 180

Orchestration, Maintenance and Scheduling

Question 181

What question is the CSA Star program trying to answer ?

Answer 181

If we can trust a cloud provider

Question 182

What is level 3 in the CSA Star program ?

Answer 182

Certification and Attestation against continuous monitoring

Question 183

What is level 2 in the CSA Star program ?

Answer 183

Third party external audit

Question 184

What is level 1 in the CSA Star program ?

Answer 184

Self assement against CAIQ which has 261 questions derived from CSA matrix

Question 185

Is RDP secure and available on most OS ?

Answer 185

Available on most OS but not secure

Question 186

During which phase of the SDLC are formal requirements for risk mitigation/minimization integrated with the programming designs?

Answer 186

While the requirements for risk mitigation and minimization may be determined during the requirement gathering and feasibility stage of the software development lifecycle (SDLC), they are not integrated with the programming designs until the design phase of the SDLC