Managing Cloud Security - D320

Question 1

Which phase of the cloud data life cycle requires adherence to export and import restrictions, including Export Administration Regulations (EAR) and the Wassenaar Arrangement?

Answer 1

Share

Question 2

Why is the striping method of storing data used in most redundant array of independent disks (RAID) configurations?

Answer 2

It allows efficient data recovery as even if one drive fails, other drives fill in the missing data.

Question 3

What is the purpose of egress monitoring tools?

Answer 3

They are used to prevent data from going outside the control of an organization.

Question 4

A company is looking at different types of cloud storage options. One of the threats to cloud storage that the company foresees is the possibility of losing forensic artifacts in the event of an incident response investigation.

Which type of cloud storage has the highest risk of losing forensic artifacts in the event of an incident response investigation?

Answer 4

Ephemeral

Question 5

A manager is made aware of a customer complaint about how an application developed by the company collects personal and environmental information from the devices it is installed on.

Which document should the manager refer to in order to determine if the company has properly disclosed information about what data it collects from this application’s users?

Answer 5

Privacy notice

Question 6

An organization needs to store passwords in a database securely. The data should not be available to system administrators.

Which technique should the organization use?

Answer 6

Hashing

Question 7

A company is looking to ensure that the names of individuals in its data in the cloud are not revealed in the event of a data breach, as the data is sensitive and classified.

Which data masking technique should the company use to prevent attackers from identifying individuals in the event of a data breach?

Answer 7

Anonymization

Question 8

An organization needs to quickly identify the document owner in a shared network folder.

Which technique should the organization use to meet this goal?

Answer 8

Labeling

Question 9

An organization plans to introduce a new data standard and wants to ensure that system inventory data will be efficiently discovered and processed.

Which type of data should the organization use to meet this goal?

Answer 9

Structured

Question 10

An organization implemented an information rights management (IRM) solution to prevent critical data from being copied without permission and a cloud backup solution to ensure that the critical data is protected from storage failures.

Which IRM challenge will the organization need to address?

Answer 10

Replication restrictions

Question 11

A data center engineer is tasked with the destruction of data on solid-state drives (SSDs). The engineer must ensure that the data is not able to be retrieved.

Which data destruction action should the engineer take to meet this goal?

Answer 11

Crypto-shredding

Question 12

An organization wants to gather and interpret logs from its cloud environment.

Which system should the organization use for this task?

Answer 12

Security Information and Event Management (SIEM)

Question 13

An organization with a Security Information and Event Management (SIEM) system wants to minimize errors or missed issues due to human log analysis.

Which SIEM policy should the organization use in this case?

Answer 13

Automated analysis of data sets

Question 14

Which software type allows multiple operating systems to run on the same physical server in a virtualized environment?

Answer 14

Hypervisor

Question 15

What is the name of the process of automatically provisioning, configuring, and managing virtual machines and other resources in a virtualized environment?

Answer 15

Orchestration

Question 16

Which cloud computing characteristic allows customers to manage their utilization by only paying for the resources used?

Answer 16

Metered service

Question 17

Which cloud deployment model allows customers to take advantage of service and price differences from two or more cloud vendors?

Answer 17

Multi-cloud

Question 18

Which cloud consideration refers to the ability of the infrastructure to withstand disruptive events?

Answer 18

Resiliency

Question 19

Which technology is used to protect the confidentiality of data from on-path attacks?

Answer 19

Transport Layer Security (TLS)

Question 20

Which technology allows cryptographic secrets to be held in a secure way so that they can be recovered by parties who have authorization?

Answer 20

Key escrow

Question 21

Which safety control acts as a virtual firewall in cloud environments?

Answer 21

Network security group

Question 22

An organization with a single headquarters building in New York City wants to secure its cloud infrastructure so that only users at its offices can administer its cloud resources.

Which architectural concept should the organization implement?

Answer 22

Geofencing

Question 23

Which business continuity/disaster recovery (BC/DR) term refers to a secure container that contains all the necessary documentation and resources needed to conduct a proper BC/DR response action?

Answer 23

Toolkit

Question 24

An organization is planning to store its production data in a public cloud service. While researching the service, the organization discovers that its data will be stored in a proprietary data format that cannot be read by other cloud services.

Which cloud risk does this represent?

Answer 24

Vendor lock-in

Question 25

A company configures a backup solution that will automatically sync the data between the services of multiple cloud service providers to prevent data redundancy. One concern is that the different service offerings may not have the same level of data protection and may not allow direct syncing between the providers.

Which architectural concept addresses this concern?

Answer 25

Interoperability

Question 26

Which design pillar represents the ability of a workload to execute its intended function accurately and consistently when it is expected to?

Answer 26

Reliability

Question 27

A cloud customer wants to store application programming interface (API) tokens for their applications so they can be accessed from anywhere.

Which cloud provider service should the customer use?

Answer 27

Secrets management

Question 28

The Department of Justice (DOJ) assesses options for a new cloud-hosted collaboration solution.

What should it use to ensure that the vendors are compliant with the governmental regulations for data management in the United States?

Answer 28

Federal Risk and Authorization Management Program (FedRAMP)

Question 29

A European Union (EU) citizen contacts a company doing business in the EU, claiming that its data processing activities are out of compliance with the General Data Protection Regulation (GDPR). The citizen demands that the company stops processing their personal data.

What must the company do if it wishes to continue processing this personal data?

Answer 29

Demonstrate that this data processing is authorized under approved standards

Question 30

What is used to allow additional functionality such as improved networking or video output for a guest operating system by connecting to an underlying host’s hardware?

Answer 30

Virtualization toolsets

Question 31

Which concept denotes an advantage of virtualized environments that enable them to achieve high availability?

Answer 31

Hardware abstraction

Question 32

Which storage architecture contains nodes that are logically connected rather than physically connected?

Answer 32

Loosely coupled clusters

Question 33

Which purpose does an intrusion prevention system (IPS) serve when compared to an intrusion detection system (IDS)?

Answer 33

An IPS detects and stops malicious traffic, while an IDS detects and alerts about malicious traffic.

Question 34

Which part of a network should a security information and event management (SIEM) suite use to ensure network devices in a software-defined network are properly forwarding traffic?

Answer 34

Control plane

Question 35

An analyst needs to scan hosts for misconfigurations and known security threats that could lead to a security incident.

Which type of scanner will allow the analyst to check for these types of issues?

Answer 35

Vulnerability

Question 36

An organization identified the need to improve the resiliency of a critical IT service to ensure access for its customers.

Which information technology service management (ITSM) process should be implemented to ensure the organization meets this goal?

Answer 36

Availability management

Question 37

An organization lost connectivity to one of its data centers because of a power outage.

What is used to measure the return to operational capability after the loss of connectivity?

Answer 37

Recovery time objective (RTO)

Question 38

Which type of management focuses on arranging all the elements needed to deploy new software, including QA testing and staging, before the software enters active maintenance?

Answer 38

Release management (RM)

Question 39

A security analyst is tasked with collecting evidence related to a data breach involving monetary theft.

Which action should the security analyst take when accessing the breached system?

Answer 39

Document and record all activities taken

Question 40

During an investigation, government agents asked a security professional to collect the records stored in a database and present them to the court.

Which process should the security professional use to identify and obtain that information?

Answer 40

Electronic discovery

Question 41

The service at a cloud provider has been interrupted.

Which group should this cloud provider contact with information about the expected window for which the services will be down as per a contractual agreement?

Answer 41

Customers

Question 42

An online store has declared a disaster situation because of a large storm in the area of its primary cloud data center location. The emergency plan has allowed the store to remain online and accept payments, but it has fallen out of compliance with its Payment Card Industry Data Security Standard (PCI DSS) practices.

Which party should the store keep apprised of ongoing developments and the potential solutions being considered?

Answer 42

Regulators

Question 43

Which type of communication channel should be established between parties in a supply chain to be used in a disaster situation?

Answer 43

Secondary

Question 44

An organization’s engineers recently attended a training session designed to raise awareness of the dangers of using insecure direct object identifiers to view another user’s account information.

Which Open Web Application Security Project (OWASP) Top 10 vulnerability category did their training cover?

Answer 44

Broken access control

Question 45

An organization’s engineers recently attended a training session that raised their awareness of the dangers of using weak algorithms or protocols for data security.

Which Open Web Application Security Project (OWASP) Top 10 vulnerability category did their training cover?

Answer 45

Cryptographic failures

Question 46

A company plans to deploy a new application. Before the deployment, the company hires an IT security consultant to perform a zero-knowledge test to access the application as an external hacker would.

Which testing technique applies to the work the consultant is performing?

Answer 46

Black box

Question 47

Which concept refers to multiple teams and roles within an organization that perform testing on code from end to end to ensure that the code meets all standards and requirements?

Answer 47

Quality assurance

Question 48

What is the purpose of implementing rate limiting in application programming interface (API) security?

Answer 48

To prevent API overuse

Question 49

An organization wants to ensure that untested software updates provided by a third-party vendor are not run in its mission-critical environment.

What should the organization use in this scenario?

Answer 49

Manual updates

Question 50

Which software development methodology is sequential, with each phase followed by the next phase and with no overlap between the phases?

Answer 50

Waterfall

Question 51

Which phase of software design includes gathering customer input to determine a system’s desired functionality?

Answer 51

Requirements definition

Question 52

Which technology is used to prevent cross-site request forgery (CSRF) attacks?

Answer 52

Tokens

Question 53

A project manager is working on a new software project for a customer. The project manager works closely with the customer to get input on the desired features and ranks them based on how critical they are for the project.

Which phase of the software development life cycle (SDLC) is the project manager working on?

Answer 53

Requirements definition

Question 54

Which web application firewall (WAF) feature protects the application servers behind it from systems sending requests?

Answer 54

Reverse proxy

Question 55

Which scheme would provide protection if an entire physical solid-state drive was lost or stolen?

Answer 55

Full-disk encryption

Question 56

A small organization adopts a strategy to ensure that the cryptographic keys it uses in its cloud environment are securely stored and handled.

Which third-party service should the organization leverage for key administration in the given scenario?

Answer 56

Cloud access security broker (CASB)

Question 57

An organization started the transition to using a public cloud service for a customer-facing application. The organization’s security team has concerns about the application programming interface (API) tokens being lost or exposed to malicious actors.

Which service do cloud providers offer that the organization should leverage to administer its API tokens?

Answer 57

Secrets management

Question 58

What is the benefit of virtualization management tools with respect to the management plane?

Answer 58

They allow more effective handling of resource demands.

Question 59

Which component provides improved availability and path redundancy?

Answer 59

Network interface card (NIC) teaming

Question 60

After an internal audit, an organization determined that its cloud deployment may be vulnerable to threats from external attackers.

What should the organization implement to mitigate this risk?

Answer 60

Hardened virtual machines with strong access controls

Question 61

A group of colleges decided to pool their resources to create a community cloud.

Which risk is associated with this type of cloud deployment?

Answer 61

Shared access and control mechanisms between members

Question 62

An organization believes that a man-in-the-middle attack is possible but unlikely to occur. However, if a successful attack occurs, the consequences will be serious. The cost estimate for reducing the risk of such an attack is much more than the organization wishes to pay.

Which factor will determine whether the organization decides to pay the amount to mitigate the risk of an attack?

Answer 62

Risk appetite

Question 63

Which tier of service is provided by a data center that is designed to have independent and physically isolated systems, multiple distribution paths, and fault tolerance for components?

Answer 63

Tier 4

Question 64

Which concept focuses on balancing virtual machines across clusters to ensure reliable and consistent performance?

Answer 64

Distributed resource scheduling

Question 65

An organization exclusively uses Microsoft software and prefers to use tools that run natively on Windows whenever possible.

Which tool should this organization use to provide remote access to machines over an encrypted channel?

Answer 65

Remote Desktop Protocol (RDP)

Question 66

An organization opens an office with a reception area. Visitors are required to sign in at the reception and collect a visitor’s badge, which turns from white to red after eight hours.

Which security concept is the organization employing?

Answer 66

Controlled entry point

Question 67

An organization wants to include a second factor of authentication in its authentication, authorization, and accounting scheme for its cloud environment. It wants to ensure that the additional authentication mechanism will not be compromised if an employee’s laptop or smartphone is compromised.

Which type of authentication token will meet the organization’s requirements?

Answer 67

Hardware such as key fob devices

Question 68

An organization deploying a greenfield cloud-based system wants to validate users’ identities and access before they are allowed to interact with data.

Which scheme should the organization leverage to ensure that users are properly validated?

Answer 68

Zero trust

Question 69

An organization is taking part in a disaster recovery (DR) exercise that simulates a natural disaster. The key players are performing minimal actions that test the call tree to ensure that all the contact information is up to date.

Which type of testing is the organization performing?

Answer 69

Dry run

Question 70

After a severe storm, the local power grid used by an organization’s primary European data center was damaged and could no longer provide the necessary power to keep the services running. Management has established that this event does not meet the definition of a disaster but is a business continuity impacting event since a failover site can temporarily bear the load.

What should the organization leverage to return operations to the data center?

Answer 70

Generators

Question 71

Which legal requirement mandates companies in the United States to provide federal officials with data even if the data is not stored in the United States and disclosure of the data is illegal under the laws where it is stored?

Answer 71

The Clarifying Lawful Overseas Use of Data (CLOUD) Act

Question 72

Which process describes the tracking and monitoring of evidence, including who had access and what controls were used, from the time it is classified and gathered for evidential purposes until the time it is delivered to a court or law enforcement officials?

Answer 72

Chain of custody

Question 73

The General Data Protection Regulation (GDPR) provides data subjects with various rights related to privacy.

What do organizations need to do in order to acquire and use personal information under GDPR?

Answer 73

Have the data subject opt in for the data use

Question 74

An organization has devised a new use for the personal data that it stores about its customers.

What should the organization do in this situation according to the Generally Accepted Privacy Principles (GAPP)?

Answer 74

Obtain additional consent before using personal data in a different way

Question 75

Which type of analysis compares a control analysis against a baseline standard?

Answer 75

Gap analysis

Question 76

Which type of statement issued by an auditor indicates that an organization did not disclose enough information to perform a fair audit?

Answer 76

Scope limitation

Question 77

Which risk management strategy involves changing business practices to eliminate the potential of an enterprise risk?

Answer 77

Avoidance

Question 78

Which risk management strategy involves continuing business operations as normal after being made aware of an enterprise risk?

Answer 78

Acceptance

Question 79

Which document specifies the service guarantees a vendor will provide and the remedies available if the vendor fails to adhere to them?

Answer 79

Service level agreement (SLA)

Question 80

Which document provides a contract for a vendor’s work for an organization over an extended period and usually includes security requirements?

Answer 80

Master service agreement (MSA)