LearnZapp Practice 5 Flashcards
Fire suppression systems are often linked to a detection system. Common detection systems include all of the following except ___________
A. Heat
B. Pressure
C. Flame
D. Smoke
B. Pressure
Explanation:
Pressure detection is not a common detection technology
FM-200 has all the following properties except:
A. It is colorless
B. It leaves a faint chemical residue after use
C. It is liquid when stored
D. It is non conductive
B. It leaves a faint chemical residue after use
Explanation:
One of the properties that makes it desirable for fire suppression in a data center is that FM-200 does not leave a residue
Which of thje following is not a characteristic of a virtual local area network?
A. Broadcast packets sent by a machine inside the VLAN will reach all other machines in that VLAN
B. Broadcast packets sent from outside the VLAN will not reeach other machines outside the VLAN
C. Broadcast packets sent from a machine outside the VLAN will not reach machines inside the VLAN
D. Broadcast packets sent by a machine inside the VLAN will not reach machines outside the VLA N
B. Broadcast packets sent from outside the VLAN will not reeach other machines outside the VLAN
Explanation:
Broadcast packets sent by machines outside the VLAN will reach machines outside ther VLAN that are on the same network/segment
An ________ is a combination of two or more distinct cloud infrastructure that remain unique entities but are bound together by standardize or proprietary technology that enables data and application portability
A. IaaS
B. PaaS
C. Hybrid cloud
D. Private Cloud
C. Hybrid cloud
Explanation:
A hybrid cloud is a combination of two or more disti0nct cloud infrastructures that remain unique entities but are bound together by a standardized or proprietary technology that enables data and application portability
Which of the following aspects of cloud computing can enhance the customers business continuity and disaster recovery efforts?
A. Rapid elasticity
B. Online collaboration
C. Support of common regulatory frameworks
D. Attention to customer service 0
A. Rapid elasticity
Explanation:
Rapid elasticity allows the cloud customer to scale cloud operations as necessary, including during contingency operations; this is useful for BCDR activities
Which of the following data storage types is most associated with SaaS?
A. Content delivery network
B. Databases
C. Volume storage
D. Data warehousing
A. Content delivery network
Explanation:
CDNs are often used in conjunction with SaaS services to deliver high quality data of large sizes (often multimedia)
Which of the following regulatory frameworks is not covered by the CCM?
A. ISACA’s Control Objectives for Information and Related Technologies (COBIT)
B. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
C. The ALL - TRUST framework from the environmental industry
D. FedRAMP
C. The ALL - TRUST framework from the environmental industry
Explanation:
Option C is a nonsense term
RESTful responses can come from the server in _________ or __________ formats
A. Extensible Markup Language (XML), JavaScript Open Notation (JSON)
B. Hypertext Transfer Protocol (HTTP), X.509
C. American Standard Code for Information Interchange (ASCII), text
D. Hypertext Markup Language (HTML), Extensible Markup Language (XML)
A. Extensible Markup Language (XML), JavaScript Open Notation (JSON)
Explanation:
Servers can return REST requests to clients in a number of formats
In a managed cloud services arrangement, who invokes BCDR action?
A. The cloud provider
B. The cloud customer
C. Depends on the contract
D. Any user
C. Depends on the contract
Explanation:
BCDR responsibilities must be negotiated and codified in the contract; initiation could be something performed by provider of customer, depending on the circumstances, so the parties must agree before those circumstances are realized
Because all cloud access is remote access, contact between users and the environment should include all the following except _______
A. Encryption
B. Secure login with complex passwords
C. Once in all on
D. Logging and audits
C. Once in all on
Explanation:
Its preferable to have compartmentalized zones of trust within the production environment and not allow total access with one set of credentials
A cloud data encryption situations where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a:
A. Threat
B. Risk
C. Hybrid cloud deployment model
D. Case of infringing on the rights of the provider
C. Hybrid cloud deployment model
Explanation:
Because the cloud customer will retain ownership of some elements of hardware, software or both at the customers location, client side key management could be considered a hybrid cloud model
When using transparent database encryption, where is the engine deployed?
A. Within the database
B. On the database server
C. At the gateway
D. In the browser
A. Within the database
Explanation:
Transparent database encryption requires the encryption to reside within the database itself `
Bob is staging an attack against Alice’s website, He is able to embed a link on her site that will execute malicious code on a visitors machine if the visitor clicks on the link. This is an example of which type of attack?
A. Cross site scripting
B. Broken authentication/session management
C. Security misconfiguration
D. Insecure cryptographic storage
A. Cross site scripting
Explanation:
This is the definition of cross site scripting
In some jurisdictions, it is mandatory that personnel conducting forensic analysis collection or analysis have a proper __________
A. Training credential
B. License
C. Background check
D. Approved toolset
B. License
Explanation:
There are certain jurisdictions where forensic data/IT analysis requires licenses; it is important for you to determine whether this is the case in your jurisdiction
Who is responsible for performing archiving activities in a managed cloud environment?
A. The cloud customer
B. The cloud provider
C. The customers regulator
D. Depends on the contract
D. Depends on the contract
Explanation:
Many cloud providers will offer archiving services as a feature of the basic cloud services
Because of the nature of the cloud, all access is remote access. One of the preferred technologies employed for secure remote access is ________
A. VPN
B. HTML
C. DEED
D. DNS
A. VPN
Explanation:
VPN creates a trusted path across an untrusted (often public) network.
You are in charge of creating the BCDR plan and procedures for your organization. You decide to have a tabletop test of the BCDR activity. Which of the following will offer the best value during the test?
A. Having all participants conduct their individual activities via remote meeting technology
B. Task a moderator well versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events
C.Provide copies of the BCDR policy to all participants
D. Allow all users in your organization to participate
B. Task a moderator well versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events
Explanation:
A trained and experienced moderator can guide the participants through the activity, enhancing their training and noting pitfalls and areas for improvement
You are the security manager for a software company thats uses PaaS in a public cloud service. Your company’s general counsel informs you that they have received a letter from a former employee who is filing a lawsuit against your company. If you do not take proper steps to retain, capture and deliver pertinent data to the person making the request, the company could be facing legal problems with __________ as a lawsuit as well
A. Spoilation
B. Fraud
C. Jurisdiction
D. Recompositioning
A. Spoilation
Explanation:
Spoilation is the term used to describe the destruction of potential evidence
There are two general types of smoke detectors. One type uses a light source to detect the present of particulate matter resulting from a fire, and the other uses _________
A. Electric pulses
B. Small amounts of radioactive material
C. Fiber optic mechanisms
D. A water pressure plate
B. Small amounts of radioactive material
Explanation:
Ionization based smoke detectors use trace amounts of redionuclide to detect the presence of particulate matter in the detection chamber when smoke particles interrupt the constant electric current
A virtual NIC exists at Layer ________ of the OSI model
A. 2
B. 4
C. 6
D. 8
A. 2
Explanation:
Virtualized NIC is part of the Data Link Layer
Management is interested in adopting an Agile development style. When you explain what impact this will have, you note that _____ may be decreased by this option
A. Speed of development
B. Thoroughness of documentation
C. Availability of prototypes
D. Customer collaboration
B. Thoroughness of documentation
Explanation:
The Agile method reduces the dependence and importance of documentation in favor of functioning software
Event monitoring tools SIEM and SIM can aid in which of the following efforts?
A. Detecting untrained personnel
B. Predicting system outages
C. Sending alerts for conflict of interest
D. Enforcing mandatory vacation
B. Predicting system outages
Explanation:
Event monitoring tools can be used to predict system outages by noting decreases in performance; repeated performance issues can be an indicator a device is failing
While an event monitoring tool might be able to detect a user who continually conducts unproductivity activity or fails to complete certain functions, it is impossible to determine if the source of the problem is lack of training
According to OWASP recommendations, active software security testing should include all of the following except __________
A. Business logic testing
B. Client side testing
C. Intuition testing
D. Information gathering
C. Intuition testing
Explanation:
Intuition testing is not part of the OWASP guide to active security testing.
Data destruction in the cloud is difficult because _________
A. Cloud data doesnt have substance
B. Regulations prevent it
C. The hardware belongs to the provider
D. Most of the data is subterranean
C. The hardware belongs to the provider
Explanation:
The preferred methods of secure sanitization require physical access to the hardware on which the data is stored; in the cloud, this belong to the cloud provider, and the cloud customer will not be allowed to perform destructive procedures
Which type of info can be traced back to an individual user, sometimes throujgh the use of trackinbg cookies?
A. PPI
B. PCI
C. PII
D. ISO
C. PII
Explanation:
PII is a legal category of information that identifies a specific person
WHich of the following is probably least suited for inclusion in the SLA between a cloud customer and cloud provider?
A. Bandwidth
B. Jurisdiction
C. Storage space
D. Availability
B. Jurisdiction
Explanation:
The SLA should contain elements of the contract that can be subject to discrete, objective, repeatable, numeric metrics.
What is the intellectual property protection for a confidential recipe for muffins?
A. Copyright
B. Patent
C. Trademark
D. Trade secret
D. Trade secret
Explanation:
Confidential recipes unique to the organization are trade secrets
Which of the following is not addressed by STRIDE?
A. External parties presenting false credentials
B. External parties illicitly modifying information
C. Participants able to deny a transaction
D. Users unprepared for secure operation by lack of training
D. Users unprepared for secure operation by lack of training
Explanation:
STRIDE does not address user security training
Which of the following components are part of what a CCSP should review when looking at contracting with a cloud service provider?
A. The physical layout of the datacenter
B. Background checks for the providers personnel
C. Use of subcontractors
D. Redundant uplink grafts
C. Use of subcontractors
Explanation:
The use of subcontractors can add risk to the supply chain and should be considered
REST outputs often take the form of _______
A. JSON
B. Certs
C. Database entries
D. WS Policy
A. JSON
Explanation:
JSON outputs are common for REST applications_
____________ is perhaps the main external factor driving IAM efforts
A. Regulation
B. Business needs
C. The evolving threat landscape
D. Monetary value
A. Regulation
Explanation:
Regulatory compliance has historically driven IAM efforts. All the other options can to some extent drive IAM efdforts, however not as much
Which kind of SSAE audit report is most beneficial for a cloud customer, even though its unlikely the cloud provider will share it?
A. SOC 1 Type 1
B. SOC 2 Type 2
C. SOC 1 Type 2
D. SOC 3
B. SOC 2 Type 2
Explanation:
The SOC 3 is the least detailed, so the provider is not concerned about rvevealing it. The SOC 1 Type 1 are about financial reporting and not relevant. The SOC 2 Type 2 is much more detailed and will most likely be kept closely held by the provider
It is very likely that your organization users will use unapproved APIs especially in a BYOD environment because ________
A. Users are constantly trying to break the security of your environment
B. APIs cant ever be secure
C. Hackers are constantly infiltrating all APIs
D. Users enhance their productivity however they can
D. Users enhance their productivity however they can
Explanation:
Users in the production environment leverage whatever tools and techniques they can in order to get their job done in a better, faster way, often regardless of whether this complies with security policies
A poorly negotiated cloud service contract could result in all of the following determental effects except:
A. Vendor lock in
B. Malware
C. Unfavorable terms
D. Lack of necessary services
B. Malware
Explanation:
Malware risks and threats are not affected by the terms ofd thee cloud contract
Which type of networking model is optimized for cloud deployments and the underlying storage and IP networks are combined so as toi maximize the benefits of a cloud workload?
A. SDN model
B. Enterprise networking model
C. Converged networking model
D. Legacy networking model
C. Converged networking model
Explanation:
Optimized for cloud deployments, the converged networking model combines the underlying storage and IP networks to maximize the benefits of a cloud workload
Data dispersion uses _______, where the traditional implementation is called parity bits
A. Smurfing
B. Snarfing
C. Erasure coding
D. Real time bitlinking
C. Erasure coding
Explanation:
Erasure coding is the practice of having sufficient data to replace a lost chunk in data dispersion, protecting against the possibility of a device failing while it holds a given chunk;
As with the traditional IT environment, cloud data encryption includes all the following except ________
A. The user
B. The data itself
C. The encryption engine
D. The encryption keys
A. The user
Explanation:
The user is not really an aspect of an encryption deployment, although it may be argued that the user will need to refrain from disclosing their own keys to anyone else
Bob is designing a data center to support his organization, a financial services firm. Which of the following actions would best enhances Bobs efforts to create redundancy and resiliency in the data center?
A. Ensure that all entrances are secured with bio-metric based locks
B. Purchased UPSs from different vendors
C, Include financial background checks in all personnel reviews for admins
D. Make sure all raised floors have at least 24 inches of clearance
B. Purchased UPSs from different vendors
Explanation:
Using different vendors for multiple systems of the same type adds not only redundant but also resiliency; if one
SDNs allow network admins and architects to perform all the following functions except:
A. Reroute traffic based on current customer demand
B. Create logical subnets without having to change any actual physical connections
C. Filter access to resources based on specific rules or settings
D. Deliver streaming media content in an efficient manner by placing it closer to the end user
D. Deliver streaming media content in an efficient manner by placing it closer to the end user
Explanation:
This is the definition of a CDN
Software developers should receive cloud specific training that highlights the challenges involved with having a production environment that operates in the cloud. One of these challenges is ________
A. Lack of management oversight
B. Additional workload in creating governance for two environments
C. Increased threat of malware
D. The need for process isolation
D. The need for process isolation
Explanation:
because shared resources in the cloud may mean increased opportunity for side channel attacks, developers will have to design programs to function in a way that ensures preocess isolation
What is a form of cloud storage where data is stored as objects, arranged in a hierarchical structure, like a file tree?
A. Volume storage
B. Databases
C. CDN
D. Object storage
D. Object storage
Explanation:
Object storage stores data as objects, often arranged in a hierarchical structure.
It is best to use variables in ________
A. Baseline configurations
B. Security control implementations
C. Contract language
D. BCDR tests
D. BCDR tests
Explanation:
When performing BCDR tests, it is useful to create scenarios that are unpredictable and vary from previous tests so as to better approximate conditions of an actual disaster
The various models general available for BCDR activities include all of the following except:
A. Private architecture, cloud backup
B. Cloud provider, backup from same provider
C. Cloud provider, backup from another cloud provider
D. Cloud provider, backup from private provider
D. Cloud provider, backup from private provider
Explanation:
OWASP Top Ten lists sometimes includes unvalidated redirects and forwards. Which of the following is a good way to protect against this problem?
A. HTML Escape all HTML attributes
B. Train users to recognize invalidated links
C. Block all inbound resource requests
D. Implement audit logging
B. Train users to recognize invalidated links
Explanation:
What is a form of cloud data protection where data is spread across multiple storage device locations?
A. Infringing
B. Data dispersion
C. Voiding
D. Cryptoshredding
B. Data dispersion
Explanation:
Data dispersion is the cloud version of using RAID arrays, protectin data by spreading it across multiple volumes/devices
All of the following are data analytics modes, except:
A. Reeal time analytics
B. Datamining
C. Agile business intelligence
D. refactory iiterations
D. refactory iiterations
Explanation:
PCI DSS requires ___________ security requirements for entities involved in credit card payments and processing
A. Technical
B. Nontechnical
C. Technical and nontechnical
D. Neither technical nor nontechnical
C. Technical and nontechnical
Explanation:
PCI DSS requires multiple kinds of technical and nontechnical security requirements for those entities that choose to subscribe to the standard
___________ is a method of hiding data with substitute such as Xs or asterisks
A. Sandboxing
B> Data masking
C. Encryption
D. Virtualization
B> Data masking
Explanation:
This is an example of data masking
Who will determine where your organizations cloud migration is satisfactory from a compliance perspective?
A. THe cloud provider
B. The cloud customer
C. The regulators
D. ISP
C. The regulators
Explanation:
Regulators overseeing your industry will make the final determination as to whether your cloud configuration is suitable to meet their requirements
Which of the following is a risk associated with manual patching especially in the cloud?
A. No notice before the impact is realized
B. There is a lack of applicability to the environment
C. Patches may or may not address the vulnerability they were designed to fix
D. The possibility for human error exists
D. The possibility for human error exists
Explanation:
Patching is a mundane, repetitive process and people have trouble focusing on such tasks especially for the number of times necessary to patch a cloud environment
VM configuration management tools should probably include:
A. Biometric recognition
B. Anti-tampering mechanisms
C. Log file generation
D. Hackback capabilities
C. Log file generation
Explanation:
Event logging is essential for incident management and resolution; this can be set as an automated function of the CM tools
Which of the following is a risk in the cloud environment that does not exists or is not as prevalent in the traditional environment?
A. Loss of availability due to DDoS
B. Loss of value due to DDoS
C. Loss of confidentiality due to DDoS
D. Loss of liability due to DDoS
A. Loss of availability due to DDoS
Explanation:
In the traditional environment, if DDoS prevent the organizations with the Internet or other organizations, users still had access to their own data but simply cloud not share it or use it in external transactions
A cloud provider will probably require all of the following except __________ before a customer conducts a pentest
A. Notice
B. Description of scope of the test
C. Physical location of the launch point
D. Knowledge of time frame/duration
C. Physical location of the launch point
Explanation:
Becausee cloud access is remote access, pentests will be remote tests; it doesnt really matter what the physical origin of the simulated attack is
The lack/ambiguity of physical endpoints as individual network components in the cloud environment creates what kind of threat/concern?
A. The lack of defined endpoints makes it difficult to uniformly define, manage and protect IT assets
B. Without physical endpoints, it is impossible to apply security controls to an environment
C. Without physical endpoints, it is impossible to track user activity
D. The lack of physical endpoints increases the opportunity for physical theft/damage
A. The lack of defined endpoints makes it difficult to uniformly define, manage and protect IT assets
Explanation:
OWASP Top Ten includes sensitive data exposure. All of the following are techniques for reduing the possibility of exposing sensitive data except _______
A. Destroying sensitive data as soon as possible
B. Avoiding categorizing data as sensitive
C. Using proper key management
D. Disabling autocomplete on forms that collect sensitive info
B. Avoiding categorizing data as sensitive
Explanation:
Data needs to be categorized according to its value/sensitivity; avoiding accurate categorization is just as troublesome, from a security perspective, as not categorizing the data or over-categorizing it
Security controls installed on a guest virtual machine operating system will not function when:
A. The user is accessing the VM remotely
B. The OS is not scanned for vulnerabilities
C. The OS is not subject to version control
D. The VM is not active while in storage
D. The VM is not active while in storage
Explanation:
Security controls operating on a guest VM OS are onlny actiive while the VM is acvtive, when the VM is stored, it is snapshotted and saved as a file, so those controls wont be active either
It is probably fair to assume that SaaS functions take player at layer ______ of the OSI model
A. 1
B. 3
C. 5
D. 7
D. 7
Explanation:
Layer 7 is the applications entry point to networking
Which of the following is not a method for creating logical segmentation in a cloud data center?
A. VLANs
B. NAT
C. Bridging
D. Hubs
D. Hubs
Explanation:
A hub is a network device that simply connects physical machines together; it cannot serve the purpose of network segmentation
In terms of greatest stringency and requirements for security validation, which is the highest merchant level in the PCI standard?
A. 1
B. 2
C. 3
D. 4
A. 1
Explanation:
Merchant level 1 is for the merchant that engage in the most transactions per year. It carries with it the requirement for the most comprehensive, detailed and repeated security validation actions. It may be tempting to choose the highest number when choosing an answer for the highest merchant level
An _________ includes reviewing the oprganizations current position/performance as revealed by an audit against a given standard
A. SOC Report
B. Gap analysis
C. Audit scoping statement
D. Federal guideline
B. Gap analysis
Explanation:
This is the definition of a gap analysis
The logical design of a cloud environment can enhance the security offered in that environment. For instance, in a SaaS cloud, the provider can incorporate ________ capabilities into the application itself
A. High speed processing
B. Logging
C. Performance enhancing
D. Cross platform functionality
B. Logging
Explanation:
The ability to log activity is useful for many security purposes; having that purposefully included in SaaS applications reduces the need to have a different tool added to the environment to achieve that same goasl
Software security testing should involve both known good and known bad data in order to simulate both ______ and _______
A. Managers, users
B. Regulators, users
C. Vendors, users
D. Users, attackers
D. Users, attackers
Explanation:
KNown good data is used to determine if the software fulfills the business requirements for which it was acquired
Known bad data tests the ability of the software to handle inputs and conditions that might put it into a fail state
A user signs on to a cloud based social media platform. In another browser tab, the user finds an article worth posting to social media platform. The user clicks on the platforms icon listed on the articles website and the article is automatically posted to the users account on the socla media platform. This is an example of what?
A. Single sign on
B. Insecure direct identifiers
C. Identity federation
D. Cross site scripting
C. Identity federation
Explanation:
This is a very popular function of federated identity
A formal policy that is signed by management and acknowledged by the user is known as __________
A. Password policy
B. Risk assessment
C. Acceptable use policy
D. Information security policy
C. Acceptable use policy
Explanation:
The acceptable user policy is designed to make clear to employees what is acceptable as well as unacceptable use of company owned computing equipment and data such as email
When presenting forensic evidence in court as testimony, you should include, if at all possible ___________
A. Your personal opinion
B. A clear, concise view of your side of the case
C. Alternative explanations
D. Historical examples that have bearing on the circumstances of the current case
C. Alternative explanations
Explanation:
Its important to present a full view of the evidence, including any alternative findings that were considered but eliminated through reason.
According to ENISA, a cloud risk assessment should provide a means for customers to accomplish all these assurance tasks except ___________
A. Assess risks associated with cloud migration
B. Compare offerings from different cloud providers
C. Reduce the risk of regulatory noncompliance
D. Reduce the assurance burden on cloud providers
C. Reduce the risk of regulatory noncompliance
Explanation:
ENISAs approach to cloud risk assessments does not specifically address this type of assurance, probably because of the wide variety of possible regulators and the difficult in crafting a risk assessment that would address them all
Which of the following is appropriate to include in the SLA?
A. That the provider deliver excellent uptime
B. That the provider host the customers data only within specific jurisdictions
C. That any conflicts arising from the contract be settled within a particular jurisdiction
D. The specific amount data that can be uploaded to the cloud environment in any given month
D. The specific amount data that can be uploaded to the cloud environment in any given month
Explanation:
SLA elements should be objective, numeric values for repeated activity
It is important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ___________
A. Prevent unknown, unpatched assets from being used as back doors to the environment
B. Ensure that any lost devices are automatically entered into the acquisition system for repurchasing and replacement
C. Maintain user morale by having their devices properly catalogued and annotated
D. Ensure that billing for all devices is handled by the appropriate departments
A. Prevent unknown, unpatched assets from being used as back doors to the environment
Explanation:
An asset that is not tracked will not be maintained properly, and an improperly maintained asset provides an avenue for attack
In terms of the number of security functions offered, which is the highest Federal Information Processing Standard (FIPS) 140-2 security level a cryptographic module can achieve in certification?
A. 1
B. 2
C. 3
D. 4
D. 4
Explanation:
The highest security level a product can reach is 4. Option is incorrect because Level 1 is the lowest level of security
Which of the following is not typically a BCDR construct involving cloud computing?
A. On premises production environment; cloud BCDR environment
B. Cloud production environment; same provider BCDR environment
C. Cloud production environment; different provider BCDR environment
D. Cloud production environment; on premises BCDR environment
D. Cloud production environment; on premises BCDR environment
Explanation:
Organizations do not typically host contingency operations at an on premises facility when they already operate a production environment in the cloud
Which of the following is probably the most volatile form of data that might serve a forensic purpose?
A. Virtual instance RAM
B. Hardware RAM
C. Hypervisor logs
D. Drive storage
A. Virtual instance RAM
Explanation:
Because RAM is inherently volatile and virtual resources are simulated only for limited time periods, virtual RAM is probably the most volatile data store
What is one of the reasons the threat of insecure interfaces and APIs is so prevalent in cloud computing?
A. Cloud customers and third parties are continually enhancing and modifying APIs
B. APIs can have automated settings
C. It is impossible to uninstall APIs
D. APIs are a form of malware
A. Cloud customers and third parties are continually enhancing and modifying APIs
Explanation:
The continuous modification of APIs issued/designed by cloud providers introduces the potential for vulnerabilities
Which of the following aspects for the BCDR process poses a risk to the organization?
A. Threat intelligence
B. Prereplacement of response assets
C. Budgeting for disaster
D. Full testing of the plan
D. Full testing of the plan
Explanation:
A full test of the BCDR plan can result in an actual disaster because it may involve interruption of service; the simulation can become the realitry
Which of the following is a management risk that organizations migrating to the cloud will have to address?
A. Insider threat
B. Virtual sprawl
C. DDoS attacks
D. Natural disasters
B. Virtual sprawl
Explanation:
In the cloud environment, it is very easy for a user to generate a new virtual instance; that is one of the advantages of the cloud.
Data destruction in the cloud is difficult because _________
A. Only law enforcement is permitted to destroy cloud data
B. The largest cloud vendors have prevented customers from destroying data
C. Cloud data renews itself automatically
D. The cloud is often a multitenant environment
D. The cloud is often a multitenant environment
Explanation:
Secure sanitization would affect storage resources where more than one customer stores their data; truly secure destrictive measures would likely result in destroying data belonging to someone else
Which of the following is probably the most important element to address if your organization is using two different cloud providers for the production BCDR environments?
A. Do they cost the same?
B. Do they have similar facility protections in place?
C. What level of end user support do they each offer?
D. Can the backup provider meet the same SLA requirements as the primary?
D. Can the backup provider meet the same SLA requirements as the primary?
Explanation:
If the contingency operation will last for any extended period of time. It is important to know whether all the same service expectations can be met by the backup provider as were available in the production environment
Which of the following is not a step in the crypto shredding process?
A. Encrypt data with a particular encryption engine
B. Encrypt first resulting keys with another encryption engine
C. Save backup second resulting keys
D. Destroy original second resulting keys
C. Save backup second resulting keys
Explanation:
In cryptoshredding, the purpose is to make the data unrecoverable; saving a backup of the keys would attenuate that outcome because the keys would still exist for the purpose of recovering data. All other steps outline the crypto shredding process
Which form of authentication is used to enable SSO and ebales the user to log into more than one application or website using the same credentials?
A. SSL
B. Username and password
C. MFA
D. OpenID
D. OpenID
Explanation:
OpenID is one form of authentication used to enable SSO and enable the user to log into more than one application or website using the same credentials
What type of data storage is often used in PaaS arrangements?
A. Ephemeral
B. Database
C. Long term
D. Nefarious
B. Database
Explanation:
The PaaS model allows the cloud customer to install and run applications in the cloud environment. With a database, the cloud customer can store data in a database administered by the cloud provider but can tailor applications services for reaching into and manipulating that database
Your company operates under a high degree of regulatory scrutiny. Senior management wants to migrate to a cloud environment but is concerned that providers will not meet the companys compliance needs. Which deployment model would probably best suit the companys needs?
A. Public
B. Private
C. Community
D. Hybrid
B. Private
Explanation:
A private cloud arrangement allows the customer to have greater control of the governance and policy within an environment
Which cloud data storage technique involves encrypting a data set, then splitting thed data into pieces, splitting the key into pieces, then signing the data pieces and key pieces and distributing thjem to various cloud storage locations?
A. RAID
B. Secret sharing made short (SSMS)
C. Homomorphic encryption
D. Asymmetric encryption
B. Secret sharing made short (SSMS)
Expolanation:
You are a college student in the US: you make your tuition payments directly from your bank account via a debit card. Which of the following laws and regulations will not be applicable to you, your personal data or the data you work with as a student?
A. SOX
B. HIPAA
C. PCI DSS
D. FERPA
A. SOX
Explanation:
SOX only applies to publicly traded corporations, not all companies
Aside from the fact that the cloud customer probably cannot reach the physical storage assets of the cloud provider and that wipinig an entire storage space would iompact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud?
A. All the data storage space in the cloud is already gaussed
B. Cloud data storage may not bee affected by degaussaing
C. Federal law prohibits it in the US
D. The blast radius is too wide
B. Cloud data storage may not bee affected by degaussaing
Explanation:
Cloud data storage likely uses solid state drives, which are not affected by degaussing because they dont use magnetic properties to store data
The acronym ARO is best defined to represent which of the following?
A. The number of times a specific type of security incident or event occurs within a 12 month period
B. The rate of return on a particular project over a 12 month period
C. The point in time after which a return to operations is no longer feasible
D. The number of times a security process is optimized or updated in a 12 month period
A. The number of times a specific type of security incident or event occurs within a 12 month period
Explanation:
The annual rate of occurrence is the rate opf occurrence of a specific event or security incident one could expect to occur in any given 12 month period
You are the security office for a small nonprofit organization. You are tasked with performing a risk assessment for your organization; you have one month to complete it. The IT personnel you work with have been with the organization for many years and have built the system and infrastructure from the ground up. They have little training and experience in the field of risk. Which type of risk assessment would you choose to conduct?
A. Quantitative
B. Pro forma
C. Qualitative
D. Informal
C. Qualitative
Explanation:
Qualitative risk assessments are preferable in situations where the organization has personnel who understand the IT environment but may not have a lot of Experience with risk functions and where the organization does not have a great deal of time or money to spend on the project
Under European law, a cloud customer who gives sensitive data to a cloud provider is still legally responsible for damages resulting from a data breach caused by the provider; the EU would say that it is the customers fault for choosing the wrong provider.
A. Proof
B. Evidence
C. Due diligence
D. Application of reasonableness
C. Due diligence
Explanation:
A party who does not perform sufficient due dilligence is choosing a contractor can be held accountable for the actions made by that contrtactor
Symmetric encryption involves __________
A. Two key pairs, mathematically related
B. Unknown parties, sharing info
C. Signed certificates
D. A shared secret
D. A shared secret
Explanation:
In symmetric encryption, a single key is used to both encrypt and decrypt` a message. This is often referred to as a shared secret
In general, all policies within an organization should include each of the following elements except ______________
A. The date on which the policy will expire
B. The assignment of an entity to review the applicability of the possibility occasionally
C. The assignment of an entity to monitor and maintain the process described in the policy
D. A list of the laws, regulations, practices and/or standards that drove the creation of the policy
A. The date on which the policy will expire
Explanation:
Not all policies are temporary or have expected durations; usually, policy is an enduring piece of governance that will continue until such time as it is revoked.
Which of the following best describes data masking?
A. Data masking is used in place of encryption for better performance
B. Data masking is used to hide PII
C. Data masking is used to create a similar inauthentic dataset used for training and software testing
D. Data masking is used in place of production data
C. Data masking is used to create a similar inauthentic dataset used for training and software testing
Explanation:
Options B and D are also correct, but not as comprehensive as C
Which of the following is a method for apportining resources that involve setting guaranteed minimums for all tenants/customers within the environment?
A. Reservations
B. Shares
C. Cancellations
D. Limits
A. Reservations
Explanation:
Which of the following terms is not associated with cloud forensics?
A. Analysis
B. eDiscovery
C. Chain of custody
D. Plausibility
D. Plausibility
Explanation:
Of the following options, which is a reason cloud data center audits are often less easy to verify than audits in traditional data centers?
A. They frequently rely on third parties
B. The standard are too difficult to follow
C. The paperwork is cumbersome
D. There arent enough auditors
A. They frequently rely on third parties
Explanation:
Because cloud audits aree often the result of third party assertions, recipients of cloud audit reports may be more skeptical of the results than they would have been of traditional audits, which the recipients may have performed firsthand
MFA typically includes two or more of all the following elements except _________
A. What you know
B. Who you know
C. What you are
D. What you have
B. Who you know
Explanation:
MFA doesnt typically utilize associative identification
The Privacy Shield program is _________
A. Voluntary for non European Union entities
B. Mandatory for all EU entities
D. Voluntary for all EU entities
A. Voluntary for non European Union entities that do not exist in a country with a nationwide privacy law; no entity is required to join the program, but those who dont are prevented from collecting and processing citizen privacy data
A _________ consists of a computer, data, or a network site that appears to be part of a network but is actually isolated and monitored. It also appears to contain data or resources of value that are in fact fake
A. Honeypot
B. HIDS
C. Virtual appliance
D. Sandbox
A. Honeypot
Explanation:
A honeypot consists of a computer, data or a network site that appears to be part of a network and seeems to contain info or a resource of value to attackers but is actually isolated and monitored.
You are the security policy lead for your organization, which is considering migrating from your on premises, traditional IT environment into the cloud. You are reviewing the CCM as a tool for your organization. What is probably he best benefit offered by the CCM?
A. The low cost of the tool
B. Allowing your organization to leverage existing controls across multiple frameworks so as not to duplicate effort
C. Simplicity of control selection from the list of approved choices
D. Ease of implementation by choosing controls from the list of qualified vendors
B. Allowing your organization to leverage existing controls across multiple frameworks so as not to duplicate effort
Explanation:
The CCM allows you to note where specific controls (some of which you might already have in place) will address requirements listed in multiple regulatory and contractual standards, laws and guides
Which of the following characteristics is associated with DRM solutions or sometimes known as IRM?
A. Persistence
B. Influence
C. Resistance
D. Trepidation
A. Persistence
Explanation:
Persistence is the trait that allows DRM protection to follow protected files wherever they might be stored/copied.
Halon is now illegal to use for data center fire suppression. What is the reason it was outlaws?
A. It poses a threat to health and human safety when deployed
B. It can harm the environment
C. It does not adequately suppress fires
D. It causes undue damage to electronic systems
B. It can harm the environment
Explanation:
Halon was outlaws because it was blamed for depleting the earths ozonee layer
To receive a SOC 2 Type 2 report from a potential provider, the provider may require you to perform/provide a __________
A. Security deposit
B. NDA
C. CSA STAR
D. Act of fealty
B. NDA
Explanation:
In order to protect extremely sensitive material that is discussed in the SOC 2 Type 2, the provider may request that you sign an NDA and limit distribution
SSH tunnel can include all of the following services except:
A. Remote log on
C. Content filtering
C. Port forwarding
D. Command execution
C. Content filtering
Explanation:
SSH does not offer content filtering
What are the US State Department controls on technology exports known as?
A. International Traffic in Arms Regulations
B. Export administration regulations
C. Evaluation assurance level
D. Digital rights management
A. International Traffic in Arms Regulations
Explanation:
ITAR is Department of State program
EAL care part of Common Criteria standard from ISO
Dynamic testing of software is perhaps most useful for:
A. Simulating negative test cases
B. Finding errors in the source code
C. Determining the effect of social engineering
D. Pentests
A. Simulating negative test cases
Explanation:
Running the software and allowing users to operate it is great form of dynamic testing, which simulates both known good and known bad inputs
Best practices for key management include all of the following except :
A. Have key recovery processes
B. Maintain key security
C. Pass keys out of band
D. Ensure MFA
D. Ensure MFA
Explanation:
We should do all of the following except for required MFA, which is pointless in key management
The risk that a cloud provider might go out of business and the cloud customer might not be able to recover data is known as:
A. Vendor closure
B. Vendor lock out
C. Vendor lock in
D. Vending route
B. Vendor lock out
Explanation:
This is the definition of vendor lock out
Which of the following entities publishes a cloud centric set of risk benefit recommendations that includes a Top 8 list of security risks an organization might face during a cloud migration, based on likelihood and impact?
A. NIST
B. ISO
C. ENISA
D. PCI
C. ENISA
Explanation:
Which regulation introduced significant changes for data processors and controllers who work across international borders?
A. GDPR
B. GLBA
C. ISO 27000
D. HIPAA
A. GDPR
Explanation:
EU GDPR 2016 introduced significant changes for data processors and controllers operating in and across the EU
Your company uses cloud based SaaS services, including email. You receive a legal request for data pertinent to a case. Your e discovery efforts will largely de dependent on _______
A. The cloud provider
B. Regulators
C. The cloud customer
D. Internal IT personnel
A. The cloud provider
Explanation:
In a SaaS model, the customer has little insight event logs and traffic analysis and useful for evidentiaryu purposes. The customer will largely be reliant on the cloud provider to locate, collect and deliver this information for ediscovery
Designers making applications for the cloud have to take into consider risks and operational constraints that did not exist or were not as pronounced in the traditional environment. Which of the following is an element cloud app designed may want to consider incorporating in software for the cloud that might not have been as important in the traditional environment?
A. Application isolation
B. Inference framing
C. Known secure library components
D. Testing that uses known bad data
A. Application isolation
Explanation:
Because the cloud is a multitenant environment, one of the concerns that developers should consider is how well the application prevents other applications/users from observing its operation and resource calls. In the traditional environment, this is not usually required because the organization owns the underlying infrastructure as a single tenant and there is very little risk in exposing the applications functionality
Countermeasures for protecting cloud operations against internal threats include all of the following except:
A. Aggressive background checks
B. Hardened perimeter devices
C. Skills and knowledge testing
D. Extensive and comprehensive training programs, including initial, recurring and refresher sessions
B. Hardened perimeter devices
Explanation:
Hardened perimeter devices are more useful at attenuating the risk of external attack
What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another users virtual machine?
A. Unauthorized data disclosure
B. Inference attacks
C. Social engineering
D. Physical intrusion
B. Inference attacks
Explanation:
While it is possible that one guest VM seeing the resource calls of another VM could possibly allow one guest to see the others data, its much more likely that a user seeing another’s users use of rather, rather than raw data, would allow the viewer to infer something about the victims behavior/usage/assets
Which of the following is a risk associated with automated patching, especially in the cloud?
A. Patches may interfere with some tenants production environments
B. Patches dont work with SaaS service models
C. Patches dont work with private cloud builds
D. Vendors dont issue patches to cloud providers
A. Patches may interfere with some tenants production environments
Explanation:
Because a multi tenant environment may have a variety of different configurations for various customers, a given patch might interfere with a certain number of customers due to interoperability problems
The OWASP Top Ten lst often includes CSRF. Which of these is a technique to reduce the potential for a CSRF?
A. Train users to detect forged HTTP requests
B. Have users remove all browsers from their devices
C. Dont allow links to or from other websites
D. Include a CAPTCHA code as part of the user resource request process
D. Include a CAPTCHA code as part of the user resource request process
Explanation:
Having the user authenticate the international request is a way to reduce the automated, forged requests attackers might submit as part of CSRF; CAPTCHA is a great way to reduce the likelihood of success for automated attacks.
