LearnZapp Practice 8 Flashcards

1
Q

Which of the following is the least challenging with regard to eDiscovery in the cloud?

A. Decentralization of data storage
B. Complexities of international law
C. Identifying roles such as data owner, controller and processor
D. Forensic analysis

A

D. Forensic analysis

Explanation:
Forensic analysis is the least challenging answer provided as it refers to the analysis of data once it is obtained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The difference between KPIs and KRIs is which of the following?

A. KPIs no longer exist, having been replaced by KRIs
B. KRIs no longer exist, having been replaced by KPIs
C. KRIs are looking forward while KPIs are backward looking
D. There is no different between KPIs and KRIs

A

C. KRIs are looking forward while KPIs are backward looking

Explanation:
Key risk indicators (KRIs) try to predict future risk, while key performance indicators (KPIs) examine eevents that have already happened.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is not a typicaly physical access control mechanism in the cloud data center?

A. Cage locks
B. Video surveillance
C. Rack locks
D. Fire suppression

A

D. Fire suppression

Explanation:
Fire suppression systems are physical controls mechanisms commonly found in cloud data centers but are not an element of access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following can enhance application portability?

A. Using the same cloud provider for the production environment and archiving
B. Conducting service trials in an alternate cloud provider environment
C. Providing cloud usage training for all users
D. Tuning WAFs to detect anomalous activity in inbound connections

A

B. Conducting service trials in an alternate cloud provider environment

Explanation:
Testing is a great way to enhance assurance that applications will work in the new environment. None of the other options are relevant to the issue of application portability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Each of the following are dependencies that must be considered when reviewing the Business Impact Analysis (BIA) after cloud migration except:

A. The cloud provider’s suppliers
B. The cloud provider’s vendors
C. The cloud provider’s utilities
D. The cloud provider’s resellers

A

D. The cloud provider’s resellers

Explanation:
The cloud provider’s resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You are the data manager for a retail company; you anticipate a much higher volume of sales activity in the final quarter of each calendar year than the other quarters. In order to handle these increased transactions, and to accommodate the temporary sales personnel you will hire for only that period, you consider augmenting your internal, on premises production environment, with a cloud capability for a specific duration, and will return to operating fully on premises after the period of increased activity. Which deployment model best describes this type of arrangement?

A. Private cloud
B. Community cloud
C. Public cloud
D. Hybrid

A

D. Hybrid

Explanation:
This is an excellent description of the hybrid model, where the customer owns elements of the infrastructure and the cloud provider owns other parts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What kind of SSAE audit reviews controls dealing with the organizations controls for assuring the confidentiality, integrity and availability of data?

A. SOC 1
B. SOC 2
C. SOC 3
D. SOC 4

A

B. SOC 2

Explanation:
SOC 2 deals with the CIA triad. SOC 1 is for financial reporting. SOC 3 is only an attestation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The physical layout of a cloud data center campus should include redundancies of all the following except:

A. Generators
B. HVAC Units
C. Generator fuel storage
D. Points of personnel ingress

A

D. Points of personnel ingress

Explanation:
People entering the facility can be vectored through a single security checkpoint as a means of enhancing access control; multiple lines of ingress are not necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In deciding which cloud provider to use, one of the characteristics you may want to determine about the provider is their leevel of professionalism. Which of the following tools could be use d to determine the thoroughness, detail and repeatability of the processes and procedures offered by a cloud provider?

A. The Cloud Star Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) and certification program
B. The Risk Management Framework (RMF)
C. The Capability Maturity Model (CMM)
D. The EuroCloud Star Audit Certification

A

C. The Capability Maturity Model (CMM)

Explanation:
The CMM is a way of determining a targets maturity in terms of process documentation and repeatability.
The CSA STAR and EuroCloud Star Pprograms are certifications based on applicable control sets and compliance with standards and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If you use the cloud for BCDR purposes, even if you do not operate your production environment in the cloud, you can cut costs by eliminating your:

A. Security personnel
B. BCDR Policy
C. Old access credentials
D. Need for physical hotsite/warm site

A

D. Need for physical hotsite/warm site

Explanation:
Having your data backed up and accessible in the cloud eliminates any need for having a distinct hot site/warm site separate from your primary operating environment; instead, your personnel can recover operations from somewhere with a good broadband connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following risks exists in the traditional environment but is dramatically increased by moving into the cloud?

A. Physical security breaches
B. Loss of utility power
C. Financial upheaval
D. Man in the middle attacks

A

D. Man in the middle attacks

Explanation:
Because all of cloud access is remote, the risks to the data in transit are dramaticallyt heightened in the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

According to the CSA, what is one reason the threat of insecure interfaces and APIs are so prevalent in cloud computing?

A. APIs are always used for administrative access
B. Customers perform many high value tasks via APIs
C. APIs are cursed
D. It is impossible to securely code APIs

A

B. Customers perform many high value tasks via APIs

Explanation:
APIs will be used for many8 tasks that could have a significant negative impact on the organization, so any vulnerabilities are of great concern

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are designing a Tier 4 data center for a large hospital. In order to plan for the possibility of losing utility power, in addition to having sufficient generators, you should plan to locate the data center ____________

A. In an urban setting
B. In a rural environment
C. Near a coast
D. At the border of different counties, regions or states

A

D. At the border of different counties, regions or states

Explanation:
Usually, different political regions are served by different utility providers; placing your data center on such a boundary may make it feasible to have redundant, overlapping power providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is not an enforceable governmental request?

A. Warrant
B. Subpoena
C. Court order
D. Affidavit

A

D. Affidavit

Explanation:
An affidavit is only a form of formal testimony presented to the court. All the other options are enforceable governmental requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ISO 31000 is most similar to which of the following regulations

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A cloud customer that does not perform sufficient due dilligence can suffer harm if the cloud provider they have selected goes out of business. What do we call this problem?

A. Vendor lock in
B. Vendor lock out
C. Vendor incapacity
D. Unscaled

A

B. Vendor lock out

Explanation:
This is the definition of vendor lockout. Vendor lock in is when data portability is limited either through unfavorable contract language or technical limitations

17
Q
A