LearnZapp Practice 5

Question 1

Fire suppression systems are often linked to a detection system. Common detection systems include all of the following except ___________

A. Heat
B. Pressure
C. Flame
D. Smoke

Answer 1

B. Pressure

Explanation:
Pressure detection is not a common detection technology

Question 2

FM-200 has all the following properties except:

A. It is colorless
B. It leaves a faint chemical residue after use
C. It is liquid when stored
D. It is non conductive

Answer 2

B. It leaves a faint chemical residue after use

Explanation:
One of the properties that makes it desirable for fire suppression in a data center is that FM-200 does not leave a residue

Question 3

Which of thje following is not a characteristic of a virtual local area network?
A. Broadcast packets sent by a machine inside the VLAN will reach all other machines in that VLAN
B. Broadcast packets sent from outside the VLAN will not reeach other machines outside the VLAN
C. Broadcast packets sent from a machine outside the VLAN will not reach machines inside the VLAN
D. Broadcast packets sent by a machine inside the VLAN will not reach machines outside the VLA N

Answer 3

B. Broadcast packets sent from outside the VLAN will not reeach other machines outside the VLAN

Explanation:
Broadcast packets sent by machines outside the VLAN will reach machines outside ther VLAN that are on the same network/segment

Question 4

An ________ is a combination of two or more distinct cloud infrastructure that remain unique entities but are bound together by standardize or proprietary technology that enables data and application portability

A. IaaS
B. PaaS
C. Hybrid cloud
D. Private Cloud

Answer 4

C. Hybrid cloud

Explanation:
A hybrid cloud is a combination of two or more disti0nct cloud infrastructures that remain unique entities but are bound together by a standardized or proprietary technology that enables data and application portability

Question 5

Which of the following aspects of cloud computing can enhance the customers business continuity and disaster recovery efforts?

A. Rapid elasticity
B. Online collaboration
C. Support of common regulatory frameworks
D. Attention to customer service 0

Answer 5

A. Rapid elasticity

Explanation:
Rapid elasticity allows the cloud customer to scale cloud operations as necessary, including during contingency operations; this is useful for BCDR activities

Question 6

Which of the following data storage types is most associated with SaaS?

A. Content delivery network
B. Databases
C. Volume storage
D. Data warehousing

Answer 6

A. Content delivery network

Explanation:
CDNs are often used in conjunction with SaaS services to deliver high quality data of large sizes (often multimedia)

Question 7

Which of the following regulatory frameworks is not covered by the CCM?

A. ISACA’s Control Objectives for Information and Related Technologies (COBIT)
B. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
C. The ALL - TRUST framework from the environmental industry
D. FedRAMP

Answer 7

C. The ALL - TRUST framework from the environmental industry

Explanation:
Option C is a nonsense term

Question 8

RESTful responses can come from the server in _________ or __________ formats

A. Extensible Markup Language (XML), JavaScript Open Notation (JSON)
B. Hypertext Transfer Protocol (HTTP), X.509
C. American Standard Code for Information Interchange (ASCII), text
D. Hypertext Markup Language (HTML), Extensible Markup Language (XML)

Answer 8

A. Extensible Markup Language (XML), JavaScript Open Notation (JSON)

Explanation:
Servers can return REST requests to clients in a number of formats

Question 9

In a managed cloud services arrangement, who invokes BCDR action?

A. The cloud provider
B. The cloud customer
C. Depends on the contract
D. Any user

Answer 9

C. Depends on the contract

Explanation:
BCDR responsibilities must be negotiated and codified in the contract; initiation could be something performed by provider of customer, depending on the circumstances, so the parties must agree before those circumstances are realized

Question 10

Because all cloud access is remote access, contact between users and the environment should include all the following except _______

A. Encryption
B. Secure login with complex passwords
C. Once in all on
D. Logging and audits

Answer 10

C. Once in all on

Explanation:
Its preferable to have compartmentalized zones of trust within the production environment and not allow total access with one set of credentials

Question 11

A cloud data encryption situations where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a:

A. Threat
B. Risk
C. Hybrid cloud deployment model
D. Case of infringing on the rights of the provider

Answer 11

C. Hybrid cloud deployment model

Explanation:
Because the cloud customer will retain ownership of some elements of hardware, software or both at the customers location, client side key management could be considered a hybrid cloud model

Question 12

When using transparent database encryption, where is the engine deployed?

A. Within the database
B. On the database server
C. At the gateway
D. In the browser

Answer 12

A. Within the database

Explanation:
Transparent database encryption requires the encryption to reside within the database itself `

Question 13

Bob is staging an attack against Alice’s website, He is able to embed a link on her site that will execute malicious code on a visitors machine if the visitor clicks on the link. This is an example of which type of attack?

A. Cross site scripting
B. Broken authentication/session management
C. Security misconfiguration
D. Insecure cryptographic storage

Answer 13

A. Cross site scripting

Explanation:
This is the definition of cross site scripting

Question 14

In some jurisdictions, it is mandatory that personnel conducting forensic analysis collection or analysis have a proper __________

A. Training credential
B. License
C. Background check
D. Approved toolset

Answer 14

B. License

Explanation:
There are certain jurisdictions where forensic data/IT analysis requires licenses; it is important for you to determine whether this is the case in your jurisdiction

Question 15

Who is responsible for performing archiving activities in a managed cloud environment?

A. The cloud customer
B. The cloud provider
C. The customers regulator
D. Depends on the contract

Answer 15

D. Depends on the contract

Explanation:
Many cloud providers will offer archiving services as a feature of the basic cloud services

Question 16

Because of the nature of the cloud, all access is remote access. One of the preferred technologies employed for secure remote access is ________

A. VPN
B. HTML
C. DEED
D. DNS

Answer 16

A. VPN

Explanation:
VPN creates a trusted path across an untrusted (often public) network.

Question 17

You are in charge of creating the BCDR plan and procedures for your organization. You decide to have a tabletop test of the BCDR activity. Which of the following will offer the best value during the test?

A. Having all participants conduct their individual activities via remote meeting technology
B. Task a moderator well versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events
C.Provide copies of the BCDR policy to all participants
D. Allow all users in your organization to participate

Answer 17

B. Task a moderator well versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events

Explanation:
A trained and experienced moderator can guide the participants through the activity, enhancing their training and noting pitfalls and areas for improvement

Question 18

You are the security manager for a software company thats uses PaaS in a public cloud service. Your company’s general counsel informs you that they have received a letter from a former employee who is filing a lawsuit against your company. If you do not take proper steps to retain, capture and deliver pertinent data to the person making the request, the company could be facing legal problems with __________ as a lawsuit as well

A. Spoilation
B. Fraud
C. Jurisdiction
D. Recompositioning

Answer 18

A. Spoilation

Explanation:
Spoilation is the term used to describe the destruction of potential evidence

Question 19

There are two general types of smoke detectors. One type uses a light source to detect the present of particulate matter resulting from a fire, and the other uses _________

A. Electric pulses
B. Small amounts of radioactive material
C. Fiber optic mechanisms
D. A water pressure plate

Answer 19

B. Small amounts of radioactive material

Explanation:
Ionization based smoke detectors use trace amounts of redionuclide to detect the presence of particulate matter in the detection chamber when smoke particles interrupt the constant electric current

Question 20

A virtual NIC exists at Layer ________ of the OSI model

A. 2
B. 4
C. 6
D. 8

Answer 20

A. 2

Explanation:
Virtualized NIC is part of the Data Link Layer

Question 21

Management is interested in adopting an Agile development style. When you explain what impact this will have, you note that _____ may be decreased by this option

A. Speed of development
B. Thoroughness of documentation
C. Availability of prototypes
D. Customer collaboration

Answer 21

B. Thoroughness of documentation

Explanation:
The Agile method reduces the dependence and importance of documentation in favor of functioning software

Question 22

Event monitoring tools SIEM and SIM can aid in which of the following efforts?

A. Detecting untrained personnel
B. Predicting system outages
C. Sending alerts for conflict of interest
D. Enforcing mandatory vacation

Answer 22

B. Predicting system outages

Explanation:
Event monitoring tools can be used to predict system outages by noting decreases in performance; repeated performance issues can be an indicator a device is failing
While an event monitoring tool might be able to detect a user who continually conducts unproductivity activity or fails to complete certain functions, it is impossible to determine if the source of the problem is lack of training

Question 23

According to OWASP recommendations, active software security testing should include all of the following except __________

A. Business logic testing
B. Client side testing
C. Intuition testing
D. Information gathering

Answer 23

C. Intuition testing

Explanation:
Intuition testing is not part of the OWASP guide to active security testing.

Question 24

Data destruction in the cloud is difficult because _________

A. Cloud data doesnt have substance
B. Regulations prevent it
C. The hardware belongs to the provider
D. Most of the data is subterranean

Answer 24

C. The hardware belongs to the provider

Explanation:
The preferred methods of secure sanitization require physical access to the hardware on which the data is stored; in the cloud, this belong to the cloud provider, and the cloud customer will not be allowed to perform destructive procedures

Question 25

Which type of info can be traced back to an individual user, sometimes throujgh the use of trackinbg cookies? A. PPI B. PCI C. PII D. ISO

Answer 25

C. PII Explanation: PII is a legal category of information that identifies a specific person

Question 26

WHich of the following is probably least suited for inclusion in the SLA between a cloud customer and cloud provider? A. Bandwidth B. Jurisdiction C. Storage space D. Availability

Answer 26

B. Jurisdiction Explanation: The SLA should contain elements of the contract that can be subject to discrete, objective, repeatable, numeric metrics.

Question 27

What is the intellectual property protection for a confidential recipe for muffins? A. Copyright B. Patent C. Trademark D. Trade secret

Answer 27

D. Trade secret Explanation: Confidential recipes unique to the organization are trade secrets

Question 28

Which of the following is not addressed by STRIDE? A. External parties presenting false credentials B. External parties illicitly modifying information C. Participants able to deny a transaction D. Users unprepared for secure operation by lack of training

Answer 28

D. Users unprepared for secure operation by lack of training Explanation: STRIDE does not address user security training

Question 29

Which of the following components are part of what a CCSP should review when looking at contracting with a cloud service provider? A. The physical layout of the datacenter B. Background checks for the providers personnel C. Use of subcontractors D. Redundant uplink grafts

Answer 29

C. Use of subcontractors Explanation: The use of subcontractors can add risk to the supply chain and should be considered

Question 30

REST outputs often take the form of _______ A. JSON B. Certs C. Database entries D. WS Policy

Answer 30

A. JSON Explanation: JSON outputs are common for REST applications_

Question 31

____________ is perhaps the main external factor driving IAM efforts A. Regulation B. Business needs C. The evolving threat landscape D. Monetary value

Answer 31

A. Regulation Explanation: Regulatory compliance has historically driven IAM efforts. All the other options can to some extent drive IAM efdforts, however not as much

Question 32

Which kind of SSAE audit report is most beneficial for a cloud customer, even though its unlikely the cloud provider will share it? A. SOC 1 Type 1 B. SOC 2 Type 2 C. SOC 1 Type 2 D. SOC 3

Answer 32

B. SOC 2 Type 2 Explanation: The SOC 3 is the least detailed, so the provider is not concerned about rvevealing it. The SOC 1 Type 1 are about financial reporting and not relevant. The SOC 2 Type 2 is much more detailed and will most likely be kept closely held by the provider

Question 33

It is very likely that your organization users will use unapproved APIs especially in a BYOD environment because ________ A. Users are constantly trying to break the security of your environment B. APIs cant ever be secure C. Hackers are constantly infiltrating all APIs D. Users enhance their productivity however they can

Answer 33

D. Users enhance their productivity however they can Explanation: Users in the production environment leverage whatever tools and techniques they can in order to get their job done in a better, faster way, often regardless of whether this complies with security policies

Question 34

A poorly negotiated cloud service contract could result in all of the following determental effects except: A. Vendor lock in B. Malware C. Unfavorable terms D. Lack of necessary services

Answer 34

B. Malware Explanation: Malware risks and threats are not affected by the terms ofd thee cloud contract

Question 35

Which type of networking model is optimized for cloud deployments and the underlying storage and IP networks are combined so as toi maximize the benefits of a cloud workload? A. SDN model B. Enterprise networking model C. Converged networking model D. Legacy networking model

Answer 35

C. Converged networking model Explanation: Optimized for cloud deployments, the converged networking model combines the underlying storage and IP networks to maximize the benefits of a cloud workload

Question 36

Data dispersion uses _______, where the traditional implementation is called parity bits A. Smurfing B. Snarfing C. Erasure coding D. Real time bitlinking

Answer 36

C. Erasure coding Explanation: Erasure coding is the practice of having sufficient data to replace a lost chunk in data dispersion, protecting against the possibility of a device failing while it holds a given chunk;

Question 37

As with the traditional IT environment, cloud data encryption includes all the following except ________ A. The user B. The data itself C. The encryption engine D. The encryption keys

Answer 37

A. The user Explanation: The user is not really an aspect of an encryption deployment, although it may be argued that the user will need to refrain from disclosing their own keys to anyone else

Question 38

Bob is designing a data center to support his organization, a financial services firm. Which of the following actions would best enhances Bobs efforts to create redundancy and resiliency in the data center? A. Ensure that all entrances are secured with bio-metric based locks B. Purchased UPSs from different vendors C, Include financial background checks in all personnel reviews for admins D. Make sure all raised floors have at least 24 inches of clearance

Answer 38

B. Purchased UPSs from different vendors Explanation: Using different vendors for multiple systems of the same type adds not only redundant but also resiliency; if one

Question 39

SDNs allow network admins and architects to perform all the following functions except: A. Reroute traffic based on current customer demand B. Create logical subnets without having to change any actual physical connections C. Filter access to resources based on specific rules or settings D. Deliver streaming media content in an efficient manner by placing it closer to the end user

Answer 39

D. Deliver streaming media content in an efficient manner by placing it closer to the end user Explanation: This is the definition of a CDN

Question 40

Software developers should receive cloud specific training that highlights the challenges involved with having a production environment that operates in the cloud. One of these challenges is ________ A. Lack of management oversight B. Additional workload in creating governance for two environments C. Increased threat of malware D. The need for process isolation

Answer 40

D. The need for process isolation Explanation: because shared resources in the cloud may mean increased opportunity for side channel attacks, developers will have to design programs to function in a way that ensures preocess isolation

Question 41

What is a form of cloud storage where data is stored as objects, arranged in a hierarchical structure, like a file tree? A. Volume storage B. Databases C. CDN D. Object storage

Answer 41

D. Object storage Explanation: Object storage stores data as objects, often arranged in a hierarchical structure.

Question 42

It is best to use variables in ________ A. Baseline configurations B. Security control implementations C. Contract language D. BCDR tests

Answer 42

D. BCDR tests Explanation: When performing BCDR tests, it is useful to create scenarios that are unpredictable and vary from previous tests so as to better approximate conditions of an actual disaster

Question 43

The various models general available for BCDR activities include all of the following except: A. Private architecture, cloud backup B. Cloud provider, backup from same provider C. Cloud provider, backup from another cloud provider D. Cloud provider, backup from private provider

Answer 43

D. Cloud provider, backup from private provider Explanation:

Question 44

OWASP Top Ten lists sometimes includes unvalidated redirects and forwards. Which of the following is a good way to protect against this problem? A. HTML Escape all HTML attributes B. Train users to recognize invalidated links C. Block all inbound resource requests D. Implement audit logging

Answer 44

B. Train users to recognize invalidated links Explanation:

Question 45

What is a form of cloud data protection where data is spread across multiple storage device locations? A. Infringing B. Data dispersion C. Voiding D. Cryptoshredding

Answer 45

B. Data dispersion Explanation: Data dispersion is the cloud version of using RAID arrays, protectin data by spreading it across multiple volumes/devices

Question 46

All of the following are data analytics modes, except: A. Reeal time analytics B. Datamining C. Agile business intelligence D. refactory iiterations

Answer 46

D. refactory iiterations Explanation:

Question 47

PCI DSS requires ___________ security requirements for entities involved in credit card payments and processing A. Technical B. Nontechnical C. Technical and nontechnical D. Neither technical nor nontechnical

Answer 47

C. Technical and nontechnical Explanation: PCI DSS requires multiple kinds of technical and nontechnical security requirements for those entities that choose to subscribe to the standard

Question 48

___________ is a method of hiding data with substitute such as Xs or asterisks A. Sandboxing B> Data masking C. Encryption D. Virtualization

Answer 48

B> Data masking Explanation: This is an example of data masking

Question 49

Who will determine where your organizations cloud migration is satisfactory from a compliance perspective? A. THe cloud provider B. The cloud customer C. The regulators D. ISP

Answer 49

C. The regulators Explanation: Regulators overseeing your industry will make the final determination as to whether your cloud configuration is suitable to meet their requirements

Question 50

Which of the following is a risk associated with manual patching especially in the cloud? A. No notice before the impact is realized B. There is a lack of applicability to the environment C. Patches may or may not address the vulnerability they were designed to fix D. The possibility for human error exists

Answer 50

D. The possibility for human error exists Explanation: Patching is a mundane, repetitive process and people have trouble focusing on such tasks especially for the number of times necessary to patch a cloud environment

Question 51

VM configuration management tools should probably include: A. Biometric recognition B. Anti-tampering mechanisms C. Log file generation D. Hackback capabilities

Answer 51

C. Log file generation Explanation: Event logging is essential for incident management and resolution; this can be set as an automated function of the CM tools

Question 52

Which of the following is a risk in the cloud environment that does not exists or is not as prevalent in the traditional environment? A. Loss of availability due to DDoS B. Loss of value due to DDoS C. Loss of confidentiality due to DDoS D. Loss of liability due to DDoS

Answer 52

A. Loss of availability due to DDoS Explanation: In the traditional environment, if DDoS prevent the organizations with the Internet or other organizations, users still had access to their own data but simply cloud not share it or use it in external transactions

Question 53

A cloud provider will probably require all of the following except __________ before a customer conducts a pentest A. Notice B. Description of scope of the test C. Physical location of the launch point D. Knowledge of time frame/duration

Answer 53

C. Physical location of the launch point Explanation: Becausee cloud access is remote access, pentests will be remote tests; it doesnt really matter what the physical origin of the simulated attack is

Question 54

The lack/ambiguity of physical endpoints as individual network components in the cloud environment creates what kind of threat/concern? A. The lack of defined endpoints makes it difficult to uniformly define, manage and protect IT assets B. Without physical endpoints, it is impossible to apply security controls to an environment C. Without physical endpoints, it is impossible to track user activity D. The lack of physical endpoints increases the opportunity for physical theft/damage

Answer 54

A. The lack of defined endpoints makes it difficult to uniformly define, manage and protect IT assets Explanation:

Question 55

OWASP Top Ten includes sensitive data exposure. All of the following are techniques for reduing the possibility of exposing sensitive data except _______ A. Destroying sensitive data as soon as possible B. Avoiding categorizing data as sensitive C. Using proper key management D. Disabling autocomplete on forms that collect sensitive info

Answer 55

B. Avoiding categorizing data as sensitive Explanation: Data needs to be categorized according to its value/sensitivity; avoiding accurate categorization is just as troublesome, from a security perspective, as not categorizing the data or over-categorizing it

Question 56

Security controls installed on a guest virtual machine operating system will not function when: A. The user is accessing the VM remotely B. The OS is not scanned for vulnerabilities C. The OS is not subject to version control D. The VM is not active while in storage

Answer 56

D. The VM is not active while in storage Explanation: Security controls operating on a guest VM OS are onlny actiive while the VM is acvtive, when the VM is stored, it is snapshotted and saved as a file, so those controls wont be active either

Question 57

It is probably fair to assume that SaaS functions take player at layer ______ of the OSI model A. 1 B. 3 C. 5 D. 7

Answer 57

D. 7 Explanation: Layer 7 is the applications entry point to networking

Question 58

Which of the following is not a method for creating logical segmentation in a cloud data center? A. VLANs B. NAT C. Bridging D. Hubs

Answer 58

D. Hubs Explanation: A hub is a network device that simply connects physical machines together; it cannot serve the purpose of network segmentation

Question 59

In terms of greatest stringency and requirements for security validation, which is the highest merchant level in the PCI standard? A. 1 B. 2 C. 3 D. 4

Answer 59

A. 1 Explanation: Merchant level 1 is for the merchant that engage in the most transactions per year. It carries with it the requirement for the most comprehensive, detailed and repeated security validation actions. It may be tempting to choose the highest number when choosing an answer for the highest merchant level

Question 60

An _________ includes reviewing the oprganizations current position/performance as revealed by an audit against a given standard A. SOC Report B. Gap analysis C. Audit scoping statement D. Federal guideline

Answer 60

B. Gap analysis Explanation: This is the definition of a gap analysis

Question 61

The logical design of a cloud environment can enhance the security offered in that environment. For instance, in a SaaS cloud, the provider can incorporate ________ capabilities into the application itself A. High speed processing B. Logging C. Performance enhancing D. Cross platform functionality

Answer 61

B. Logging Explanation: The ability to log activity is useful for many security purposes; having that purposefully included in SaaS applications reduces the need to have a different tool added to the environment to achieve that same goasl

Question 62

Software security testing should involve both known good and known bad data in order to simulate both ______ and _______ A. Managers, users B. Regulators, users C. Vendors, users D. Users, attackers

Answer 62

D. Users, attackers Explanation: KNown good data is used to determine if the software fulfills the business requirements for which it was acquired Known bad data tests the ability of the software to handle inputs and conditions that might put it into a fail state

Question 63

A user signs on to a cloud based social media platform. In another browser tab, the user finds an article worth posting to social media platform. The user clicks on the platforms icon listed on the articles website and the article is automatically posted to the users account on the socla media platform. This is an example of what? A. Single sign on B. Insecure direct identifiers C. Identity federation D. Cross site scripting

Answer 63

C. Identity federation Explanation: This is a very popular function of federated identity

Question 64

A formal policy that is signed by management and acknowledged by the user is known as __________ A. Password policy B. Risk assessment C. Acceptable use policy D. Information security policy

Answer 64

C. Acceptable use policy Explanation: The acceptable user policy is designed to make clear to employees what is acceptable as well as unacceptable use of company owned computing equipment and data such as email

Question 65

When presenting forensic evidence in court as testimony, you should include, if at all possible ___________ A. Your personal opinion B. A clear, concise view of your side of the case C. Alternative explanations D. Historical examples that have bearing on the circumstances of the current case

Answer 65

C. Alternative explanations Explanation: Its important to present a full view of the evidence, including any alternative findings that were considered but eliminated through reason.

Question 66

According to ENISA, a cloud risk assessment should provide a means for customers to accomplish all these assurance tasks except ___________ A. Assess risks associated with cloud migration B. Compare offerings from different cloud providers C. Reduce the risk of regulatory noncompliance D. Reduce the assurance burden on cloud providers

Answer 66

C. Reduce the risk of regulatory noncompliance Explanation: ENISAs approach to cloud risk assessments does not specifically address this type of assurance, probably because of the wide variety of possible regulators and the difficult in crafting a risk assessment that would address them all

Question 67

Which of the following is appropriate to include in the SLA? A. That the provider deliver excellent uptime B. That the provider host the customers data only within specific jurisdictions C. That any conflicts arising from the contract be settled within a particular jurisdiction D. The specific amount data that can be uploaded to the cloud environment in any given month

Answer 67

D. The specific amount data that can be uploaded to the cloud environment in any given month Explanation: SLA elements should be objective, numeric values for repeated activity

Question 68

It is important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ___________ A. Prevent unknown, unpatched assets from being used as back doors to the environment B. Ensure that any lost devices are automatically entered into the acquisition system for repurchasing and replacement C. Maintain user morale by having their devices properly catalogued and annotated D. Ensure that billing for all devices is handled by the appropriate departments

Answer 68

A. Prevent unknown, unpatched assets from being used as back doors to the environment Explanation: An asset that is not tracked will not be maintained properly, and an improperly maintained asset provides an avenue for attack

Question 69

In terms of the number of security functions offered, which is the highest Federal Information Processing Standard (FIPS) 140-2 security level a cryptographic module can achieve in certification? A. 1 B. 2 C. 3 D. 4

Answer 69

D. 4 Explanation: The highest security level a product can reach is 4. Option is incorrect because Level 1 is the lowest level of security

Question 70

Which of the following is not typically a BCDR construct involving cloud computing? A. On premises production environment; cloud BCDR environment B. Cloud production environment; same provider BCDR environment C. Cloud production environment; different provider BCDR environment D. Cloud production environment; on premises BCDR environment

Answer 70

D. Cloud production environment; on premises BCDR environment Explanation: Organizations do not typically host contingency operations at an on premises facility when they already operate a production environment in the cloud

Question 71

Which of the following is probably the most volatile form of data that might serve a forensic purpose? A. Virtual instance RAM B. Hardware RAM C. Hypervisor logs D. Drive storage

Answer 71

A. Virtual instance RAM Explanation: Because RAM is inherently volatile and virtual resources are simulated only for limited time periods, virtual RAM is probably the most volatile data store

Question 72

What is one of the reasons the threat of insecure interfaces and APIs is so prevalent in cloud computing? A. Cloud customers and third parties are continually enhancing and modifying APIs B. APIs can have automated settings C. It is impossible to uninstall APIs D. APIs are a form of malware

Answer 72

A. Cloud customers and third parties are continually enhancing and modifying APIs Explanation: The continuous modification of APIs issued/designed by cloud providers introduces the potential for vulnerabilities

Question 73

Which of the following aspects for the BCDR process poses a risk to the organization? A. Threat intelligence B. Prereplacement of response assets C. Budgeting for disaster D. Full testing of the plan

Answer 73

D. Full testing of the plan Explanation: A full test of the BCDR plan can result in an actual disaster because it may involve interruption of service; the simulation can become the realitry

Question 74

Which of the following is a management risk that organizations migrating to the cloud will have to address? A. Insider threat B. Virtual sprawl C. DDoS attacks D. Natural disasters

Answer 74

B. Virtual sprawl Explanation: In the cloud environment, it is very easy for a user to generate a new virtual instance; that is one of the advantages of the cloud.

Question 75

Data destruction in the cloud is difficult because _________ A. Only law enforcement is permitted to destroy cloud data B. The largest cloud vendors have prevented customers from destroying data C. Cloud data renews itself automatically D. The cloud is often a multitenant environment

Answer 75

D. The cloud is often a multitenant environment Explanation: Secure sanitization would affect storage resources where more than one customer stores their data; truly secure destrictive measures would likely result in destroying data belonging to someone else

Question 76

Which of the following is probably the most important element to address if your organization is using two different cloud providers for the production BCDR environments? A. Do they cost the same? B. Do they have similar facility protections in place? C. What level of end user support do they each offer? D. Can the backup provider meet the same SLA requirements as the primary?

Answer 76

D. Can the backup provider meet the same SLA requirements as the primary? Explanation: If the contingency operation will last for any extended period of time. It is important to know whether all the same service expectations can be met by the backup provider as were available in the production environment

Question 77

Which of the following is not a step in the crypto shredding process? A. Encrypt data with a particular encryption engine B. Encrypt first resulting keys with another encryption engine C. Save backup second resulting keys D. Destroy original second resulting keys

Answer 77

C. Save backup second resulting keys Explanation: In cryptoshredding, the purpose is to make the data unrecoverable; saving a backup of the keys would attenuate that outcome because the keys would still exist for the purpose of recovering data. All other steps outline the crypto shredding process

Question 78

Which form of authentication is used to enable SSO and ebales the user to log into more than one application or website using the same credentials? A. SSL B. Username and password C. MFA D. OpenID

Answer 78

D. OpenID Explanation: OpenID is one form of authentication used to enable SSO and enable the user to log into more than one application or website using the same credentials

Question 79

What type of data storage is often used in PaaS arrangements? A. Ephemeral B. Database C. Long term D. Nefarious

Answer 79

B. Database Explanation: The PaaS model allows the cloud customer to install and run applications in the cloud environment. With a database, the cloud customer can store data in a database administered by the cloud provider but can tailor applications services for reaching into and manipulating that database

Question 80

Your company operates under a high degree of regulatory scrutiny. Senior management wants to migrate to a cloud environment but is concerned that providers will not meet the companys compliance needs. Which deployment model would probably best suit the companys needs? A. Public B. Private C. Community D. Hybrid

Answer 80

B. Private Explanation: A private cloud arrangement allows the customer to have greater control of the governance and policy within an environment

Question 81

Which cloud data storage technique involves encrypting a data set, then splitting thed data into pieces, splitting the key into pieces, then signing the data pieces and key pieces and distributing thjem to various cloud storage locations? A. RAID B. Secret sharing made short (SSMS) C. Homomorphic encryption D. Asymmetric encryption

Answer 81

B. Secret sharing made short (SSMS) Expolanation:

Question 82

You are a college student in the US: you make your tuition payments directly from your bank account via a debit card. Which of the following laws and regulations will not be applicable to you, your personal data or the data you work with as a student? A. SOX B. HIPAA C. PCI DSS D. FERPA

Answer 82

A. SOX Explanation: SOX only applies to publicly traded corporations, not all companies

Question 83

Aside from the fact that the cloud customer probably cannot reach the physical storage assets of the cloud provider and that wipinig an entire storage space would iompact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud? A. All the data storage space in the cloud is already gaussed B. Cloud data storage may not bee affected by degaussaing C. Federal law prohibits it in the US D. The blast radius is too wide

Answer 83

B. Cloud data storage may not bee affected by degaussaing Explanation: Cloud data storage likely uses solid state drives, which are not affected by degaussing because they dont use magnetic properties to store data

Question 84

The acronym ARO is best defined to represent which of the following? A. The number of times a specific type of security incident or event occurs within a 12 month period B. The rate of return on a particular project over a 12 month period C. The point in time after which a return to operations is no longer feasible D. The number of times a security process is optimized or updated in a 12 month period

Answer 84

A. The number of times a specific type of security incident or event occurs within a 12 month period Explanation: The annual rate of occurrence is the rate opf occurrence of a specific event or security incident one could expect to occur in any given 12 month period

Question 85

You are the security office for a small nonprofit organization. You are tasked with performing a risk assessment for your organization; you have one month to complete it. The IT personnel you work with have been with the organization for many years and have built the system and infrastructure from the ground up. They have little training and experience in the field of risk. Which type of risk assessment would you choose to conduct? A. Quantitative B. Pro forma C. Qualitative D. Informal

Answer 85

C. Qualitative Explanation: Qualitative risk assessments are preferable in situations where the organization has personnel who understand the IT environment but may not have a lot of Experience with risk functions and where the organization does not have a great deal of time or money to spend on the project

Question 86

Under European law, a cloud customer who gives sensitive data to a cloud provider is still legally responsible for damages resulting from a data breach caused by the provider; the EU would say that it is the customers fault for choosing the wrong provider. A. Proof B. Evidence C. Due diligence D. Application of reasonableness

Answer 86

C. Due diligence Explanation: A party who does not perform sufficient due dilligence is choosing a contractor can be held accountable for the actions made by that contrtactor

Question 87

Symmetric encryption involves __________ A. Two key pairs, mathematically related B. Unknown parties, sharing info C. Signed certificates D. A shared secret

Answer 87

D. A shared secret Explanation: In symmetric encryption, a single key is used to both encrypt and decrypt` a message. This is often referred to as a shared secret

Question 88

In general, all policies within an organization should include each of the following elements except ______________ A. The date on which the policy will expire B. The assignment of an entity to review the applicability of the possibility occasionally C. The assignment of an entity to monitor and maintain the process described in the policy D. A list of the laws, regulations, practices and/or standards that drove the creation of the policy

Answer 88

A. The date on which the policy will expire Explanation: Not all policies are temporary or have expected durations; usually, policy is an enduring piece of governance that will continue until such time as it is revoked.

Question 89

Which of the following best describes data masking? A. Data masking is used in place of encryption for better performance B. Data masking is used to hide PII C. Data masking is used to create a similar inauthentic dataset used for training and software testing D. Data masking is used in place of production data

Answer 89

C. Data masking is used to create a similar inauthentic dataset used for training and software testing Explanation: Options B and D are also correct, but not as comprehensive as C

Question 90

Which of the following is a method for apportining resources that involve setting guaranteed minimums for all tenants/customers within the environment? A. Reservations B. Shares C. Cancellations D. Limits

Answer 90

A. Reservations Explanation:

Question 91

Which of the following terms is not associated with cloud forensics? A. Analysis B. eDiscovery C. Chain of custody D. Plausibility

Answer 91

D. Plausibility Explanation:

Question 92

Of the following options, which is a reason cloud data center audits are often less easy to verify than audits in traditional data centers? A. They frequently rely on third parties B. The standard are too difficult to follow C. The paperwork is cumbersome D. There arent enough auditors

Answer 92

A. They frequently rely on third parties Explanation: Because cloud audits aree often the result of third party assertions, recipients of cloud audit reports may be more skeptical of the results than they would have been of traditional audits, which the recipients may have performed firsthand

Question 93

MFA typically includes two or more of all the following elements except _________ A. What you know B. Who you know C. What you are D. What you have

Answer 93

B. Who you know Explanation: MFA doesnt typically utilize associative identification

Question 94

The Privacy Shield program is _________ A. Voluntary for non European Union entities B. Mandatory for all EU entities D. Voluntary for all EU entities

Answer 94

A. Voluntary for non European Union entities that do not exist in a country with a nationwide privacy law; no entity is required to join the program, but those who dont are prevented from collecting and processing citizen privacy data

Question 95

A _________ consists of a computer, data, or a network site that appears to be part of a network but is actually isolated and monitored. It also appears to contain data or resources of value that are in fact fake A. Honeypot B. HIDS C. Virtual appliance D. Sandbox

Answer 95

A. Honeypot Explanation: A honeypot consists of a computer, data or a network site that appears to be part of a network and seeems to contain info or a resource of value to attackers but is actually isolated and monitored.

Question 96

You are the security policy lead for your organization, which is considering migrating from your on premises, traditional IT environment into the cloud. You are reviewing the CCM as a tool for your organization. What is probably he best benefit offered by the CCM? A. The low cost of the tool B. Allowing your organization to leverage existing controls across multiple frameworks so as not to duplicate effort C. Simplicity of control selection from the list of approved choices D. Ease of implementation by choosing controls from the list of qualified vendors

Answer 96

B. Allowing your organization to leverage existing controls across multiple frameworks so as not to duplicate effort Explanation: The CCM allows you to note where specific controls (some of which you might already have in place) will address requirements listed in multiple regulatory and contractual standards, laws and guides

Question 97

Which of the following characteristics is associated with DRM solutions or sometimes known as IRM? A. Persistence B. Influence C. Resistance D. Trepidation

Answer 97

A. Persistence Explanation: Persistence is the trait that allows DRM protection to follow protected files wherever they might be stored/copied.

Question 98

Halon is now illegal to use for data center fire suppression. What is the reason it was outlaws? A. It poses a threat to health and human safety when deployed B. It can harm the environment C. It does not adequately suppress fires D. It causes undue damage to electronic systems

Answer 98

B. It can harm the environment Explanation: Halon was outlaws because it was blamed for depleting the earths ozonee layer

Question 99

To receive a SOC 2 Type 2 report from a potential provider, the provider may require you to perform/provide a __________ A. Security deposit B. NDA C. CSA STAR D. Act of fealty

Answer 99

B. NDA Explanation: In order to protect extremely sensitive material that is discussed in the SOC 2 Type 2, the provider may request that you sign an NDA and limit distribution

Question 100

SSH tunnel can include all of the following services except: A. Remote log on C. Content filtering C. Port forwarding D. Command execution

Answer 100

C. Content filtering Explanation: SSH does not offer content filtering

Question 101

What are the US State Department controls on technology exports known as? A. International Traffic in Arms Regulations B. Export administration regulations C. Evaluation assurance level D. Digital rights management

Answer 101

A. International Traffic in Arms Regulations Explanation: ITAR is Department of State program EAL care part of Common Criteria standard from ISO

Question 102

Dynamic testing of software is perhaps most useful for: A. Simulating negative test cases B. Finding errors in the source code C. Determining the effect of social engineering D. Pentests

Answer 102

A. Simulating negative test cases Explanation: Running the software and allowing users to operate it is great form of dynamic testing, which simulates both known good and known bad inputs

Question 103

Best practices for key management include all of the following except : A. Have key recovery processes B. Maintain key security C. Pass keys out of band D. Ensure MFA

Answer 103

D. Ensure MFA Explanation: We should do all of the following except for required MFA, which is pointless in key management

Question 104

The risk that a cloud provider might go out of business and the cloud customer might not be able to recover data is known as: A. Vendor closure B. Vendor lock out C. Vendor lock in D. Vending route

Answer 104

B. Vendor lock out Explanation: This is the definition of vendor lock out

Question 105

Which of the following entities publishes a cloud centric set of risk benefit recommendations that includes a Top 8 list of security risks an organization might face during a cloud migration, based on likelihood and impact? A. NIST B. ISO C. ENISA D. PCI

Answer 105

C. ENISA Explanation:

Question 106

Which regulation introduced significant changes for data processors and controllers who work across international borders? A. GDPR B. GLBA C. ISO 27000 D. HIPAA

Answer 106

A. GDPR Explanation: EU GDPR 2016 introduced significant changes for data processors and controllers operating in and across the EU

Question 107

Your company uses cloud based SaaS services, including email. You receive a legal request for data pertinent to a case. Your e discovery efforts will largely de dependent on _______ A. The cloud provider B. Regulators C. The cloud customer D. Internal IT personnel

Answer 107

A. The cloud provider Explanation: In a SaaS model, the customer has little insight event logs and traffic analysis and useful for evidentiaryu purposes. The customer will largely be reliant on the cloud provider to locate, collect and deliver this information for ediscovery

Question 108

Designers making applications for the cloud have to take into consider risks and operational constraints that did not exist or were not as pronounced in the traditional environment. Which of the following is an element cloud app designed may want to consider incorporating in software for the cloud that might not have been as important in the traditional environment? A. Application isolation B. Inference framing C. Known secure library components D. Testing that uses known bad data

Answer 108

A. Application isolation Explanation: Because the cloud is a multitenant environment, one of the concerns that developers should consider is how well the application prevents other applications/users from observing its operation and resource calls. In the traditional environment, this is not usually required because the organization owns the underlying infrastructure as a single tenant and there is very little risk in exposing the applications functionality

Question 109

Countermeasures for protecting cloud operations against internal threats include all of the following except: A. Aggressive background checks B. Hardened perimeter devices C. Skills and knowledge testing D. Extensive and comprehensive training programs, including initial, recurring and refresher sessions

Answer 109

B. Hardened perimeter devices Explanation: Hardened perimeter devices are more useful at attenuating the risk of external attack

Question 110

What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another users virtual machine? A. Unauthorized data disclosure B. Inference attacks C. Social engineering D. Physical intrusion

Answer 110

B. Inference attacks Explanation: While it is possible that one guest VM seeing the resource calls of another VM could possibly allow one guest to see the others data, its much more likely that a user seeing another's users use of rather, rather than raw data, would allow the viewer to infer something about the victims behavior/usage/assets

Question 111

Which of the following is a risk associated with automated patching, especially in the cloud? A. Patches may interfere with some tenants production environments B. Patches dont work with SaaS service models C. Patches dont work with private cloud builds D. Vendors dont issue patches to cloud providers

Answer 111

A. Patches may interfere with some tenants production environments Explanation: Because a multi tenant environment may have a variety of different configurations for various customers, a given patch might interfere with a certain number of customers due to interoperability problems

Question 112

The OWASP Top Ten lst often includes CSRF. Which of these is a technique to reduce the potential for a CSRF? A. Train users to detect forged HTTP requests B. Have users remove all browsers from their devices C. Dont allow links to or from other websites D. Include a CAPTCHA code as part of the user resource request process

Answer 112

D. Include a CAPTCHA code as part of the user resource request process Explanation: Having the user authenticate the international request is a way to reduce the automated, forged requests attackers might submit as part of CSRF; CAPTCHA is a great way to reduce the likelihood of success for automated attacks.