Pocket Prep CCSP Flashcards
Recently, your organization has decided it will be using a third-party for its cloud migration. This third-party organization requires access to numerous of your organization’s file servers. You must ensure that the third-party has access to the necessary resources. What is the FIRST action your organization should take?
A. Provide minimal access for the third-party
B. Establish a written IT security policy for the third party
C. Monitor third-party access to resources
D. Conduct vendor due diligence on the third party
D. Conduct vendor due diligence on the third party
Explanation:
Before granting access to any resource, you should conduct vendor due diligence for the third-party organization. This diligence is very similar to a risk assessment, but it is usually in the form of a questionnaire completed by the vendor and analyzed by the organization.
All other options should occur after the due diligence has been conducted on the vendor.
As cloud customers will access the cloud environment over a network, the networking infrastructure plays a major role in a successful cloud environment. Which of the following is the MOST basic of physical network components?
A. Switches
B. Routers
C. Wiring and Cabling
D. Firewalls
C. Wiring and Cabling
Explanation:
The most basic aspect of networking in a cloud environment is the actual wiring that goes into the network.
Switches, routers, and firewalls would be the next step up from the wiring and cabling.
An emerging concept driven by the decentralized nature of cloud applications and services which have appended the traditional model of network with a perimeter is called:
A. SAN
B. SSL
C. SDP
D. SDS
C. SDP
Explanation:
The software-defined perimeter (SDP) is a security architecture that restricts access to resources based on user identity and a “need to know” access control methodology. Before granting access to applications and network services, this technique requires device authentication and user identity verification.
The purpose of labeling data is to accomplish which of the following?
A. Classify data based on where its located within the organization
B. Protect data that can be considered sensitive or classified
C. Know all of the locations within an organization where data could be stored
D. Group data elements together and provide information about those elements
D. Group data elements together and provide information about those elements
Explanation:
Labels are similar to metadata, but they are applied by users or processes and are more informal than metadata. Labels are used to group data elements together and provide information about those elements. However, labels can only be successful if they are applied consistently throughout the organization.
When is the MOST optimal time to determine if data is classified as secure?
A. Use Phase
B. Create Phase
C. Archive Phase
D. Store Phase
B. Create Phase
Explanation:
When data is created during the create phase, the sensitivity of the data is known. It should then be handled properly from the beginning, as all additional phases will build off of the create phase.
Data rights management (DRM) is a practice that is encapsulated within which concept?
A. Interoperability and Portability
B. Information Rights Management
C. Supply Chain Management
D. Mobile Security
B. Information Rights Management
Explanation:
Data rights management (DRM) is an extension of normal data protection where additional security measures and controls are placed upon sensitive data. It is an extension of the information rights management (IRM) concept.
Which is NOT a way to measure business requirements and capabilities for business continuity and disaster recovery in the cloud?
A. Computing Power for Systems?
B. How long are you down?
C. How much capacity for data?
D. How much data may you lose?
C. How much capacity for data?
Explanation:
How much data storage capacity is not a good indicator of business requirements and capabilities for continuity and disaster recovery in the cloud. Three metrics are used to assess business capabilities: RTO, which indicates how long systems are down, RPO, which indicates how much data may be lost, and recovery service level (RSL), which indicates how much processing power is required to maintain systems following a disaster.
Cloud security is a challenge. What aspect of cloud computing creates new complexities to security in the cloud?
A. Measured Service
B. Encryption
C. Broad network access
D. Multi-tenancy
D. Multi-tenancy
Explanation:
Multi-tenancy used in cloud computing creates new complexities to security in the cloud. Data transmissions between systems within the same cloud are potential security concerns and sources of vulnerability for data theft.
All other options are key cloud computing characteristics.
An organization has decided that the best course of action to handle a specific risk is to obtain an insurance policy. The insurance policy will cover any financial costs of a successful risk exploit.
Which type of risk response is this an example of?
A. Risk Mitigation
B. Risk Avoidance
C. Risk Transfer
D. Risk Acceptance
C. Risk Transfer
Explanation:
When an organization obtains an insurance policy to cover the financial burden of a successful risk exploit, this is known as risk transfer. It’s important to note that with risk transfer, only the financial losses would be covered by the policy, but it would not do anything to cover the loss of reputation the organization might face.
In a SaaS environment, if either SQL injection or cross-site scripting vulnerabilities exist within any SaaS implementation, every customer’s data becomes at risk. Of the following, what is the BEST method for preventing this type of security risk?
A. The provider should ensure that anti-virus software is up to date within their environment.
B. The provider should ensure that there is a patch scheduled in place and that it is adhered to
C. The provider should sign a contract stating that they are liable for any breaches
D. The provider should have different data stores for each customer and keep all customers as segregated as possible
D. The provider should have different data stores for each customer and keep all customers as segregated as possible
Explanation:
Without proper segmentation, all customers will be susceptible to vulnerabilities that exist anywhere in the environment. To mitigate this risk, the provider should have different data stores for each customer and keep all customers as segregated as possible.
As you are drafting your organization’s cloud data destruction policy, which of the following is NOT a consideration that may affect the policy?
A. Compliance and Governance
B. Data Discovery
C. Business Processes
D. Retention Requirements
B. Data Discovery
Explanation:
You should not consider data discovery when determining an organization ‘s data destruction policy. While you may discover data during other stages of the data lifecycle, this is irrelevant at the time of destruction. Compliance and governance standards, data retention requirements, and business processes should be considered while developing a data destruction policy.
WSUS and MDT can be used for maintaining which types of environments?
A. Windows
B. vSphere
C. Macintosh
D. Linux
A. Windows
Explanation:
WSUS (Windows server update service) and MDT (Microsoft deployment toolkit) can be used in conjunction to manage and maintain a Windows environment. WSUS is used to perform patch management. MDT is a collection of tools which can facilitate the automation of server and desktop deployments.
The OWASP Top 10 lists XML external entities (XXE) on their current list of security vulnerabilities. Which of the following is an example of XXE?
A. A developer has left sensitive data about the directory structure of the application inside their code
B. A malicious actor is able to send untrusted data to a user’s browser without going through any validation
C. An application is not performing any validation on the browser tokens used to access the application
D. A website is not using proper input validation on their data fields of their application
A. A developer has left sensitive data about the directory structure of the application inside their code
Explanation:
During development, it’s not uncommon for developers to leave comments or notes in their code. While this is not inherently an issue, it can become an issue when the comments and notes are not removed before the code is published. An XML external entity occurs when a developer leaves references to items such as the directory structure of the application, configuration about the hosting system, or any other information about the inner workings of the application itself, in the code.
In which security test does the tester try to actively attempt to attack or compromise a live system using the same types of tools that an actual attacker would use to simulate a real-life scenario?
A. RASP
B. Penetration test
C. Vulnerability Scan
D. SAST
B. Penetration test
Explanation:
During a penetration test, the tester is trying to actively break into the live systems. This is meant to simulate a real-life scenario and, therefore, the tester will use the same type of tools that an actual attacker would use to compromise a system.
During static application security testing (SAST), the tester has knowledge of and access to the source code, and all testing is done in an offline manner. Vulnerability scans are usually done by an organization against their own systems to ensure that their systems are hardened against known vulnerabilities. Runtime application self-protection (RASP) is a security mechanism that helps applications protect themselves by blocking attacks in real time.
Which of the following is focused on providing the required system resources needed to meet SLA requirements in a cost-effective manner?
A. Continuity Management
B. Service Level Management
C. Capacity Management
D. Change Management
C. Capacity Management
Explanation:
Capacity management is concerned with having and providing the required system resources to meet SLA requirements of customers in a cost-effective and efficient manner. It’s important to ensure that systems are not under-provisioned, leading to service and performance issues, but also not over-provisioned, leading to higher costs to the organization.
Which of the following is NOT considered one of the three main building blocks for a cloud environment’s management plan?
A. Rapid Elasticity
B. Orchestration
C. Scheduling
D. Maintenance
A. Rapid Elasticity
Explanation:
The three main building blocks that make up a cloud environment’s management plan include orchestration, maintenance, and scheduling.
Rapid elasticity is a concept that exists in cloud computing referring to the ability to quickly add more resources when necessary. It is not one of the building blocks of the management plan.
A security engineer is implementing mechanisms that are used to allow and deny possible actions on the network. What are these mechanisms called?
A. Security regulations
B. Firewalls
C. BCDR Plans
D. Security Controls
D. Security Controls
Explanation:
Mechanisms put in place to allow or deny specific actions on a network are known as security controls. It is the cloud security engineer’s responsibility to ensure that the proper security controls are put in place to keep their organization safe.
Cloud service providers will have clear requirements for items such as uptime, customer service response time, and availability. Where would these requirements MOST LIKELY be outlined for the client?
A. RTO
B. NIST
C. SLA
D. RPO
C. SLA
Explanation:
Requirements such as uptime, customer service response time, and availability should be outlined in a service level agreement (SLA). When a provider doesn’t meet their SLA requirements, it could lead to termination of the contract or financial benefits to the cloud customer.
A cloud administrator would like to reduce the risk of vendor lock-in. What cloud shared consideration should the administrator be looking for?
A. Availability
B. Reversibility
C. Versioning
D. Interoperability
B. Reversibility
Explanation:
Reversibility is a metric that indicates the ease with which your cloud services can be migrated between cloud environments. Due to the fact that solutions must be able to migrate between CSPs and to and from the cloud, reversibility reduces vendor lock-in.
An engineer is performing threat modeling. She is using a model that has “tampering with data” listed as one of the categories. Which model is this engineering using?
A. REST
B. TOGAF
C. DREAD
D. STRIDE
D. STRIDE
Explanation:
STRIDE is one of the most prominent models used for threat modeling. Tampering with data is included in the STRIDE model. DREAD is another model, but it does not include tampering with data as a category. TOGAF and REST are not threat models. STRIDE includes the following six categories:
Spoofing identify Tampering with data Repudiation Information disclosure Denial of service Elevation of privileges
Anyone who uses or consumes data which is owned by another data owner is considered which of the following?
A. Data custodian
B. Data steward
C. Data owner
D. Data Controller
A. Data custodian
Explanation:
A data custodian is anyone who uses or consumes data which is owned by someone else. The data custodians must adhere to any policies set forth by the data owner in regard to the use of the data.
In the cloud, data is frequently stored in order to be recovered later, if necessary. Which section of a data retention policy would outline the steps involved in this process?
A. Retention Formats
B. Retention Periods
C. Data Classification
D. Archiving and Retrieval Procedures
D. Archiving and Retrieval Procedures
Explanation:
The data retention policy’s archiving and retrieval procedures will detail how data should be stored in order to facilitate later recovery.
Violating the requirements of which type of PII is likely to result in criminal charges?
A. Regulated PII
B. Non-Disclosed PII
C. Contractual PII
D. Unrepresented PII
A. Regulated PII
Explanation:
There are two main types of PII (personally identifiable information) which include contractual PII and regulated PII. Failure to comply with requirements related to regulated PII could result in criminal charges in some jurisdictions, while violating contractual PII requirements is more likely to only result in a contractual penalty.
Non-disclosed PII and unrepresented PII are not recognized types of PII.
During which phase of the software development lifecycle should testing requirements be defined?
A. Requirement gathering and feasibility
B. Testing
C. Maintenance
D. Development/Coding
A. Requirement gathering and feasibility
Explanation:
During the first phase of the software development lifecycle, requirement gathering and feasibility, the risk and testing requirements are defined. Having these requirements in place before development and testing even begins helps to ensure the success of the project.
Which of the following types of security tests would be considered a “white-box” test?
A. Penetration testing
B. SAST
C. Vulnerability Scanning
D. DAST
B. SAST
Explanation:
Static application security testing (SAST) is a “white-box” type of test, meaning that the tester has knowledge of and access to the source code.
Both penetration testing and dynamic application security testing (DAST) are considered “black-box” tests because the individual performing these tests are not given any special knowledge of the environment. Vulnerability scanning is neither a “white-box” or “black-box” test. Vulnerability scans are run against systems using known attacks and methodologies to verify that systems are properly hardened against them.
What cloud development fundamental is supported by security being a part of every step of an application development program?
A. Security as a business objective
B. Training and awareness
C. Security by design
D. Shared security and responsibility
C. Security by design
Explanation:
Security by design refers to the inclusion of security at every stage of the development process, rather than after an application has been released or in reaction to a security exploit or vulnerability. From application feasibility to retirement, security is an integral element of the process.
Maxwell is developing a DLP strategy. Which of the following is NOT a component of DLP that Maxwell has to be concerned with?
A. Enforcement
B. Evidence and Custody
C. Monitoring
D. Discovery and classification
B. Evidence and Custody
Explanation:
The major components of a data loss prevention (DLP) implementation include discovery and classification, monitoring, and enforcement.
Evidence and custody is not a common component of DLP implementations.
E-mails, pictures, videos, and text files are all examples of which of the following?
A. Morphed Data
B. Structured Data
C. Unmorphed Data
D. Unstructured Data
D. Unstructured Data
Explanation:
Unstructured data refers to any data that cannot be qualified as structured data. Unstructured data doesn’t conform to any defined data structures or formats. Examples of unstructured data include emails, pictures, videos, and text files.
Unmorphed and morphed data are not actual types of data.
Which of the following BEST describes the “create” phase of the cloud data lifecycle?
A. Any time data is considered new
B. Only when data first enters a system
C. Only when data is newly created or newly imported into a system
D. Only when data is modified into a new form
A. Any time data is considered new
Explanation:
The create phase is the initial phase of the cloud data lifecycle. While it may sound like data must be newly created from scratch in this phase, that is not the case. Rather, any time data can be considered new, it is in the create phase. This encompasses data which is newly created, data that is being imported from elsewhere, and also data that already exists but has been modified into a new form.
An engineer has been placed in charge of patch management on all Windows servers in the environment. Which free tool, offered by Microsoft, can assist this engineer with patch management?
A. DRS
B. RDP
C. VUM
D. WSUS
D. WSUS
Explanation: The WSUS (Windows Server Update Service) is a free toolset offered by Microsoft to help with patch management. WSUS downloads patches and allows the administrators of the servers to control the installation of the patches in a centralized and automated manner.
Which type of AI is purely cognitive-based?
A. Humanized
B. Human-Inspired
C. Enhanced
D. Analytical
D. Analytical
Explanation:
Analytical artificial intelligence (AI) is solely cognitive-based, focusing on a system’s ability to analyze past data and make future decisions.
Of the following, which is NOT a tool used to detect and alert administrators of suspicious activity?
A. WSUS
B. IDS
C. NIDS
D. HIDS
A. WSUS
Explanation:
An IDS is an intrusion detection system. It will capture traffic and detect possible attacks or intrusions. A NIDS is a network intrusion detection system that captures all network traffic, while HIDS is a host intrusion detection system that only captures traffic for one specific host.
WSUS is a tool available to help with patch management and not a tool to help detect intrusions.
Which of the following BEST defines ARO?
A. The estimated number of times a threat will successfully exploit a vulnerability in a given year
B. The estimated amount of revenue that will be lost due to a single successful exploit
C. The amount of time a system can be operational before it will need to be replaced
D. The estimated amount of revenue that will be list in a given year
A. The estimated number of times a threat will successfully exploit a vulnerability in a given year
Explanation:
ARO stands for annualized rate of occurrence, which is defined by the estimated number of times a threat will successfully exploit a vulnerability in a given year. By multiplying the single loss expectancy (SLE) by the annual rate of occurrence (ARO), you are able to determine the annual loss expectancy (ALE).
The requirement that providers must restrict physical access to cardholder data falls under which regulatory standard?
A. FIPS 140-2
B. SOC 1
C. NIST SP 800-53
D. PCI DSS
D. PCI DSS
Explanation:
The PCI DSS (payment card industry data security standard) is a series of 12 compliance requirements, one of which being that physical access to cardholder data must be restricted.
Of the following, which is an example of a direct identifier within PII?
A. ZIP Code
B. Gender
C. National Identification Number
D. Birth Date
C. National Identification Number
Explanation:
PII (personally identifiable information) is broken up into direct identifiers and indirect identifiers. Birth date, gender, and zip code would all be indirect identifiers because they would require more information along with them to identify a specific person.
National identification numbers and social security numbers are direct identifiers because they can identify a specific person without the need for additional information.
Which of the following is NOT a protection technique for virtualization systems?
A. Privileged Access
B. Separation of Duty
C. Standard Configurations
D. Least Privilege
A. Privileged Access
Explanation:
Privileged access must be strictly limited and should enforce least privilege and separation of duty. Therefore, it is not a virtualization system protection mechanism.
Standard configurations are agreed-upon baselines and aid in managing change, which provides protection for virtualization systems.
In the event of an ISP failure, the customer is responsible for ensuring communication with the CSP. Which of the following would be the BEST strategy for ensuring that a means of communication with the cloud vendor is always available?
A. Boundary Protection
B. Redundant ISP
C. Cloud to site VPN
D. Security Function Isolation
B. Redundant ISP
Explanation:
The best strategy for ensuring that a means of communication with a cloud vendor is always available when an interruption occurs would be to implement a redundant ISP.
All the other options are aspects that should be used in cloud access.
Cloud providers must have multiple and independent power feeds to ensure redundancy. What else is needed in case of a power failure on one of the power feeds?
A. Backup Router
B. Backup Internet
C. Generator
D. Firewall
C. Generator
Explanation:
Cloud providers will need to have multiple independent power feeds in case a power feed goes down. In addition, they will also typically have a generator or battery backup to serve in the meantime when a power feed goes out.
Cloud providers will likely have a backup internet provider for redundancy, but it will not help in the case of a power outage, nor will additional firewalls or routers.
An organization is considering implementing a new business continuity and disaster recovery (BCDR) strategy. Before moving forward with this, which of the following should the organization perform?
A. Onsite Technical Analysis
B. Vulnerability Scan
C. Cost-Benefit Analysis
D. Penetration Test
C. Cost-Benefit Analysis
Explanation:
When considering implementing a new BCDR strategy, organizations should first perform a cost-benefit analysis. This will provide insight to the stakeholders if the BCDR strategy is worth implementing. The cost-benefit analysis will compare the costs of a disaster and the impact of downtime against the cost of implementing the BCDR solution.
Data archiving and retention as it relates to official judicial or law enforcement requests is known as:
A. Law Retention
B. Regulatory Hold
C. Court Archiving
D. Legal Hold
D. Legal Hold
Explanation:
Organizations or individuals may need to archive and retain data that meets specific requirements to be used in legal court proceedings. This type of data retention is known as legal hold.
Members of your organization’s software development team are geographically dispersed and will work in a variety of time zones. Multiple developers will modify the configuration and source code files. How does your organization ensure that software code modifications are current and accurate?
A. Functional testing
B. Identity and Access management
C. Software Assurance Validation
D. Software Configuration Management
C. Software Configuration Management
Explanation:
Software configuration management (SCM) technologies are used to manage software assets and to ensure that changes are made in a timely and accurate manner. SCM enables changes to be rolled back. At the time of deployment, as well as during updates and patches, SCM tools are employed. Configuration management software enables auditing and reviewing configurations to ensure processes are being followed.
Which of the following is NOT classified as a physical or environmental control?
A. Locks
B. Intrusion Prevention System
C. UPSs
D. Biometrics
B. Intrusion Prevention System
Explanation:
An intrusion prevention system helps protect a network from malicious activity and intrusions, and therefore, is NOT considered a physical or environmental control.
In cloud environments, redundancy can be broken up into two areas: internal and external. Which of the following is an example of an internal redundancy?
A. Network circuits
B. Power substations
C. Power distribution units
D. Generator Fuel Tanks
C. Power distribution units
Explanation:
Internal redundancy includes power distribution units, power feeds to racks, cooling units, networking, storage units, and physical access points.
External redundancy includes power feeds/lines, power substations, generators, generator fuel tanks, network circuits, building access points, and cooling infrastructure.
Which emerging technology, that is still in the early phases of development, would allow for the manipulation of encrypted data without the need to unencrypt it?
A. Labeling
B. Tokenization
C. Homomorphic Encryption
D. Data De-Identification
C. Homomorphic Encryption
Explanation:
Encryption technologies are rapidly evolving. One new technology, which is still in the early phases of development and testing, is homomorphic encryption. Homomorphic encryption would allow for the manipulation of encrypted files without needing to unencrypt them.
Tokenization is the practice of utilizing a random or opaque value to replace what would otherwise be sensitive data. Data de-identification is the method of using masking, obfuscation, or anonymization to protect sensitive data. Labeling is a technology which can be used to group data elements together.
Your organization would like to automate a process that involves two applications. The data that moves between the applications must be synched in real time as well as one system that needs to boot up before the other. What can be used to synchronize the operations of these applications?
A. Orchestration
B. API Gateways
C. Tokenization
D. Sandboxing
A. Orchestration
Explanation:
Orchestration is a technique for synchronizing and orchestrating the operations of multiple apps that work together to complete a business activity. These are managed groups of applications, and their actions are choreographed based on the rules you establish.
Which term BEST describes the process of granting access to resources?
A. Federation
B. Identification
C. Authorization
D. Auditing
C. Authorization
Explanation:
Authorization is the process of granting access to resources.
Identification is the process of pinpointing either a system or individual in a way where they are distinct from any other identity. Federation is the process of implementing standard processes and technologies across various organizations so that they can join their identity management systems together. Auditing is the process of ensuring compliance with policy, guidelines, and regulations.
Obfuscation is a method of which of the following?
A. Hashing
B. Key Management
C. Encryption
D. Data De-Identification
D. Data De-Identification
Explanation:
Methods of data de-identification include obfuscation, anonymization, and masking.
Your company has invested in a PaaS (platform as a service) development platform. What would the organization’s new role be?
A. Cloud Service Broker
B. Cloud Service Customer (CSC)
C. Cloud Service Provider (CSP)
D. Cloud Service Partner
B. Cloud Service Customer (CSC)
Explanation:
An organization or individual who purchases a cloud service is known as a cloud service customer (CSC).
Which of the following is NOT one of the four key areas of the physical cloud environment?
A. Network
B. CPU
C. Cabling
D. Disk
C. Cabling
Explanation:
The four key physical components of a cloud environment include CPU, disk, memory, and network. These components are the aspects that a cloud provider must ensure they have adequate resources for. There should be resources in these categories for both the current needs of cloud customers and future needs for the foreseeable future.
Cabling is not considered one of the key physical aspects of the cloud environment.
Your organization is conducting a test of its disaster recovery plan. The team members describe how they would carry out their responsibilities in a certain BC/DR scenario. Which type of disaster recovery plan testing are they conducting?
A. Parallel
B. Full Cutover
C. Simulation
D. Tabletop
D. Tabletop
Explanation:
In a tabletop exercise, participants are provided with scenarios and asked to describe how they will carry out their assigned activities in a certain business continuity/disaster recovery scenario. This enables members to comprehend their roles amid disaster.
All other options are types of business continuity and disaster recovery plan tests.
Which built-in VMware tool can be used to automate patches of both the vSphere hosts and the virtual machines running under them?
A. VUM
B. RDP
C. MDT
D. WSUS
A. VUM
Explanation:
VUM (vSphere Update Manager) is a utility which is built into VMware. VUM is able to automate patches of both the vSphere hosts as well as the virtual machines running under them. VUM also provides a dashboard which gives administrators a glimpse into their patching status across the environment.
Cloud environments call for high-availability and resiliency. What can be done to ensure that there is no downtime?
A. Ensure that there are no single point of failure
B. Only perform maintenance a couple of times a year
C. Create backups of the most important servers in the environment
D. Only perform updates and upgrades during non-business hours
A. Ensure that there are no single point of failure
Explanation:
Many cloud customers expect their systems to be available at all times. In order to maintain high-availability, it’s critical to ensure that there are not any single points of failure. While its good practice to perform updates and upgrades outside a business’ normal operating hours, many organizations today have locations across the globe and operate 24 hours a day. This means, that downtown at any time is going to be unacceptable. Cloud providers must find a way to perform updates and upgrades without causing any downtime.
Backing up systems is very important, but all systems must be backed up, not just a select few. Maintenance can’t be scheduled only a few times a year. It must be done whenever necessary so it’s important to be able to do the maintenance without causing any downtime to the customer.
Which major piece of 1996 legislation focused on the security controls and confidentiality of medical records?
A. GPDR
B. GLBA
C. HIPAA
D. SOX
C. HIPAA
Explanation:
HIPAA, also known as the Health Information Portability and Accountability Act of 1996, is a major piece of legislation which focused on protecting PHI (protected health information). HIPAA focuses on the security controls and confidentiality of medical records, rather than on specific technologies being used.
Where is the BIOS stored?
A. Disk
B. Firmware
C. Memory
D. System Board
B. Firmware
Explanation:
The BIOS is a form of firmware. It is typically stored in read-only memory. The BIOS is crucial for secure booting processes, as it verifies the hardware and firmware configurations of a system before allowing the operating system or applications to execute.
All other selections are components of the system.
Within a relational database, data is put into specific fields that have known structure and possible data values. The data in these databases is very easy to search and analyze.
What is this type of data called?
A. Unstructured Data
B. Unmappted Data
C. Structured Data
D. Sensitive Data
C. Structured Data
Explanation:
Structured data is data that has a known format and content type. One example of structured data is the data that is housed in relational databases. This data is housed in specific fields that have a known structure and potential values of data. Having the data organized in these fields makes it easy to search and analyze.
Which cloud computing role delivers value by aggregating services from many vendors, integrating them with an organization’s current infrastructure, and customizing services that a CSP cannot provide?
A. Cloud Service Customer
B. Cloud Service Provider (CSP)
C. Cloud Service Broker
D. Cloud Service Partner
C. Cloud Service Broker
Explanation:
Businesses will work with a cloud service broker to identify solutions that meet their cloud computing requirements. The broker will package services in the customer’s best interest. This may entail the use of multiple CSP services.
For which of the cloud service models does the cloud customer commonly have responsibility for patch management?
A. SaaS and PaaS B. PaaS C. SaaS D. IaaS E. IaaS and PaaS
E. IaaS and PaaS
Explanation:
The CSP is fully responsible for patch management of the underlying physical infrastructure, but IaaS and PaaS customers commonly have patch management responsibilities.
In a SaaS environment, the customer has no responsibility for patching.
A web application is using browser cookies for sessions and state. However, when the user logged out, the cookies were not properly destroyed. Another user had access to the same browser as the previous user and was able to log in using the same cookies from the previous session.
What is this an example of?
A. Security Misconfigurations
B. Sensitive Data Exposure
C. Broken Authentication
D. Broken Access Control
C. Broken Authentication
Explanation:
Broken authentication is one of the OWASP Top 10 vulnerabilities. Broken authentication occurs when an issue with a session token or cookie makes it possible for an attacker to gain unauthorized access to a web application. This can occur when session tokens are not properly validated, making it possible for an attacker to hijack the token and gain access. Another example of this can occur when cookies are not properly destroyed after a user logs out, making it possible for the next user to gain access with their cookies.
An organization would like to plan a test of a their business continuity and disaster recovery (BCDR) in which a real-world scenario is simulated as realistically as possible.
What type of BCDR test should they carry out?
A. Parallel Test
B. Walk through test
C. Paper Test
D. Full-Interruption
D. Full-Interruption
Explanation:
In a full-interruption BCDR test, a real life scenario is carried out as realistically as possible. During a full-interruption test, all of the production systems are shut down at the primary site, and operations are shifted to the backup site according to the disaster recovery plan.
Which of the following is NOT a type of blockchain?
A. Consortium
B. Semi-Open
C. Private
D. Hybrid
B. Semi-Open
Explanation:
There are four types of blockchain: private, public, consortium, and hybrid.
Semi-open is not a type of blockchain.
Your organization has tasked you with updating the IT best practices for your organization which includes updating the service strategy to include cloud practices. Which framework is your organization most likely using?
A. NIST CSF
B. COBIT 5
C. ITIL
D. ISO 27001
C. ITIL
Explanation:
Your organization is most likely using IT Infrastructure Library (ITIL) because it is an IT best practices framework. Its five core subjects are: Service strategy, Service design, Service transition, Service operation, and Continual improvement.
NIST CSF provides cybersecurity guidance, not IT best practices. ISO 27001 provides requirements for an information security management system (ISMS). COBIT 5 is a business framework for governance of IT.
An engineer just purchased a software suite for his organization. The software is hosted by a cloud provider and that cloud provider maintains and manages the application itself, as well the entire infrastructure and platform. The software is accessed over the Internet and is not installed locally on any employee’s machine.
What type of cloud service is being described here?
A. CaaS
B. PaaS
C. IaaS
D. SaaS
D. SaaS
Explanation:
Software as a Service (SaaS) is a cloud service in which the cloud provider manages and maintains everything from the application/software itself, to the servers they run on and the platform they were built on. The cloud client is not responsible for anything to do with managing the program; they can simply access it over the Internet.
An engineer needs to find out when a document was originally created. What could this engineer look at to find this information?
A. Data Maps
B. Data Tags
C. Metadata
D. Sanitized Data
C. Metadata
Explanation:
Metadata is information about data, including the type of data, when the data was created, where the data is stored, and more.
What toolset can provide assistance in database compliance, contractual, or regulatory requirements such as PCI-DSS, HIPAA and GDPR?
A. WAF
B. XML Firewall
C. API Gateways
D. DAM
D. DAM
Explanation:
Those who provide database activity monitor (DAM) services, as well as CSPs who provide services that are customized for their database offers, can do much more than monitor database consumption and usage patterns. Data discovery, data classification, and privileged use are all features that can be monitored in databases. Database compliance, contractual requirements, and regulatory requirements such as PCI-DSS, HIPAA, and GDPR needs can be addressed by database activity monitors.
An organization has implemented a SIEM solution to collect logs from various sources and store them in a centralized location. What is the main security benefit of having the logs in a centralized location?
A. To prevent log manipulation
B. To encrypt all of the logs from the servers
C. To automatically block traffic that appears suspicious
D. To send alerts to administrators about suspicious activity
A. To prevent log manipulation
Explanation:
Log manipulation occurs when a malicious actor is able to delete or modify the logs on a system. Sending or copying the logs to a centralized location such as a SIEM prevents this since the attacker may be able to delete them on the system itself, but will likely not have gotten access to the SIEM to change them there as well.
To protect sensitive data, an organization must implement non-shared resources like a stand-alone host. What should the organization be cautious of when justifying the new stand-alone host?
A. More control over governance of the environment
B. Greater administrative control of the environment
C. High costs for the environment
D. Higher overall security of the environment
C. High costs for the environment
Explanation:
The organization should be cautious due to the fact that standalone hosting will cost more than pooled resources and multi-tenancy. The organization will need to gather and analyze their requirements to identify if the costs of standalone hosting are justifiable.
All the other options are characteristics of standalone hosting.
Which of the OWASP Top 10 security vulnerabilities addresses the protection of personally identifiable information (PII)?
A. Broken Access Control
B. Broken Authentication
C. Sensitive Data Exposure
D. Insecure Deserialization
C. Sensitive Data Exposure
Explanation:
When creating and managing a web application it’s vital to keep sensitive user information private. Many web applications use data such as credit card information, authentication data, and other personally identifiable information. The OWASP Top 10 addresses these items under the sensitive data exposure vulnerability and states that applications should implement various security controls to protect sensitive user data.
In an IaaS model, what is the customer NOT responsible for?
A. Enforcing company policies
B. Technology Provided
C. Technology Usage
D. Configuring the environment
B. Technology Provided
Explanation:
The cloud service provider (CSP) is responsible for providing the technology, but the customer is accountable for its use. Additionally, the client is accountable for setting up the environment and enforcing organizational policies.
Which type of load balancer for web-based content makes use of edge servers in remote locations to serve users who are physically closer to the edge server than to the original web server?
A. SDN
B. CDN
C. RDM
D. SDS
B. CDN
Explanation:
A content delivery network (CDN) is a form of load balancing specifically designed for web servers. Its major purpose is to accelerate users’ access to web resources that are geographically dispersed. CDNs enable users in remote places to access web data via servers located closer to their location than the original web server.
Software defined storage (SDS), software defined networking (SDN) and raw device mapping (RDM) are incorrect options.
What is an essential layer around a virtual machine, subnet, or cloud resource as part of a layered defense strategy?
A. Cloud Gateway
B. Network Security Group
C. Contextual-based Security
D. Ingress and Egress Monitoring
B. Network Security Group
Explanation:
A network security group (NSG) protects a group of cloud resources. It provides a set of security rules or virtual firewall for those resources. This gives the customer additional control over security.
A cloud gateway adds an additional layer of security by transferring data between the customer and the CSP away from the public internet. Contextual-based security leverages contextual information such as identification to assist in securing cloud resources. External access attempts from the public internet can be blocked by ingress controls. Egress controls are a technique for preventing internal resources from connecting to unauthorized and potentially harmful websites.
An IT manager is weighing their options for protecting the organizations’ external-facing applications from SQL injection, cross site scripting and cross site forgery attacks. The manager decided to implement a mechanism to filter HTTP/HTTPS traffic. Why type of solution has the IT manager selected to protect the external-facing applications?
A. Application Programming Interface
B. Database Activity Monitor
C. Extensible Markup Language Firewall
D. Web Application Firewall
D. Web Application Firewall
Explanation:
By filtering HTTP/HTTPS traffic, a web application firewall (WAF) specifically addresses attacks on applications and external services. A WAF can assist in defending against SQL injection, cross-site scripting, and cross-site request forgery attacks.
A cloud provider has several of its cloud customers sharing access to its pool of resources. What term is used to describe the customers?
A. Partner
B. Hybrid
C. Tenant
C. Auditor
C. Tenant
Explanation:
Any cloud customer who is sharing access to a pool of resources is known as a tenant.
The data technique by which data dispersion encrypts data along with parity bits is referred to as:
A. RAID
B.Erasure Coding
C. Hashing
D. Data Encoding
B.Erasure Coding
Explanation:
Erasure encoding is a technique employed by data dispersion to encrypt data with parity bits added. This is quite similar to the concept of RAID storage parity bit calculation. On the segments, a mathematical calculation is performed and the results are stored with the data. If segments are lost, the parity bit enables the data to be recovered.
All other options are toolsets and technologies commonly used as data security strategies.
Your organization has paid for cloud services, but when users seek to access them, the cloud services are unresponsive. The SLA requirements do not cover these repeated failures. What obstacles does the organization face?
A. Availability
B. Portability
C. Interoperability
D. Reversibility
A. Availability
Explanation:
The organization is currently experiencing service availability issues. Due to the fact that this failure is not covered by the SLA’s requirements, the organization may file a claim against the service provider.
The FIPS 140-2 standard defines four levels of security. Of the four levels, which provides the HIGHEST level of security and tamper protection?
A. Level 3
B. Level 2
C. Level 1
D. Level 4
D. Level 4
Explanation: The FIPS (Federal Information Processing Standard) 140-2 standard defines four levels of security. Level 1 is the lowest level of security and level 4 provides the highest level of security and tamper protection. Levels 2 and 3 are in between.
Which form of auditor is accountable for evaluating the effectiveness of a provider’s service and detecting control flaws between the CSC and CSP, as well as the CSB, if used?
A. External Auditor
B. Third-party auditor
C. Cloud Auditor
D. Internal Auditor
C. Cloud Auditor
Explanation:
A cloud auditor is uniquely tasked with the responsibility of auditing cloud systems and cloud-based applications. The cloud auditor is responsible for evaluating the cloud service’s efficiency and finding control gaps between the cloud customer and the cloud service provider, as well as the cloud broker, if one is utilized.
All the other options are types of auditors.
A malicious actor created a free trial account for a cloud service using a fake identity. Once the free trial cloud environment was up and running, he used it as a launch pad for several cloud-based attacks. Because he used a fake identity to set up the free trial, it would be difficult (if not impossible) for the attacks to be traced back to him.
What type of cloud-based threat is being described here?
A. Shared Technology Issues
B. Advanced Persistent Threats
C. Denial-of-Service
D. Abuse or nefarious use of cloud services
D. Abuse or nefarious use of cloud services
Explanation:
Abuse or nefarious use of cloud services is listed as one of the top twelve threats to cloud environments by the Cloud Security Alliance. Abuse or nefarious use of cloud services occurs when an attacker is able to launch attacks from a cloud environment either by gaining access to a poorly secured cloud or using a free trial of cloud service. Often times, when using a free trial, the attacker will configure everything using a fake identity so attacks can’t be traced back to him.
Which technology allows the use of home and native systems to provide authentication to users without requiring an established user base to be present?
A. Federation
B. Role-Based Access
C. Identification
D. Separation
A. Federation
Explanation:
Federation is a set of base policies and technologies which allow systems to accept credentials without requiring an established user base to be present. This works by establishing policies and guidelines that each member of the federation must adhere to.
Which of the following is concerned with the proper restoration of systems after a disaster or unexpected outage?
A. Change Management
B. Incident Management
C. Information Security Management
D. Continuity Management
D. Continuity Management
Explanation:
Continuity management, sometimes known as business continuity management, is concerned with restoring systems and devices after a disaster or unexpected outage has occurred. Business continuity and disaster recovery (BCDR) plans are a part of continuity management.
Which applications are possible targets for denial of service attacks?
A. Only applications hosted in the cloud
B. All Applications
C. Only applications hosted in a traditional data center
D. Only applications that do not have input validation
B. All Applications
Explanation:
A denial of service attack occurs when a system is flooded with useless data from an attacker in an attempt to overload the system resources, making the system unavailable to valid users. All applications are possible targets for denial of service attacks. In order to help prevent denial of service attacks, developers should limit how many operations can be performed by non-authenticated users.
Which of the following terms BEST describes the role of someone who connects existing systems and services to the cloud?
A. Cloud service business manager
B. Cloud Service Auditor
C. Cloud Service Integrator
D. Cloud Service Operations Manager
C. Cloud Service Integrator
Explanation:
A cloud service integrator is someone who connects (or integrates) existing systems and services to the cloud for a cloud customer.
A criminal is targeting a cloud web application. He was able to send a properly formatted SELECT statement through one of the input fields. This returned him data about the database, which he can use to further attack the application.
What is the name of this type of attack?
A. Cross-site request forgery
B. Cross-site scripting
C. Browser Hijacking
D. SQL Injection
D. SQL Injection
Explanation:
A SQL injection attack occurs when an attacker is able to send a properly formatted SQL SELECT statement through one of the input fields in the web applications. This malicious query can return information about the database that should not be publicly available. In order to prevent injection attacks, it’s important to ensure that any data sent through an input field is properly sanitized and validated.
Through the Common Criteria standard, what does an EAL2 score tell us about the organization’s security practices and results?
A. It has been structurally tested
B. It has a formally verified design and has been tested
C. It has been methodically tested and checked
D. It has been functionally tested
A. It has been structurally tested
Explanation:
The possible EAL (evaluation assurance level) scores are as follows:
EAL1 - Functionally tested EAL2 - Structurally tested EAL3 - Methodically tested and checked EAL4- Methodically designed, tested, and reviewed EAL5 - Semi-formally designed and tested EAL6 - Semi-formally verified design and tested EAL7 - Formally verified design and tested
What is used to fix bugs found in software, apply security vulnerability fixes, and introduce new software features?
A. Scanning
B. Vulnerability Assessment
C. Patching
D. Imaging
C. Patching
Explanation:
Patching is used to fix bugs found in software, apply security vulnerability fixes, introduce new software features, and much more. Regardless of the types of applications and systems involved, all software will require regular patching. Before patches are applied, they should be properly tested and validated. There should be a process in place for patch management in each organization.
The management plan for operations in a cloud environment includes scheduling, orchestration, and which of the following?
A. Patching
B. Repudiation
C. Scanning
D. Maintenance
D. Maintenance
Explanation:
The management plan for operations in a cloud environment includes scheduling, orchestration, and maintenance. In a cloud environment it’s vital to ensure that careful planning and management are put in place to operate systems.
Through sustained cooperation with a cloud service provider, the third-party file hosting and sharing platform extends its reach to service areas where it lacks infrastructure. What functional cloud computing role does the third-party file hosting and sharing platform play in this scenario?
A. Cloud Service Broker
B. Cloud Service Provider (CSP)
C. Cloud Service Partner
D. Cloud Service Customer (CSC)
C. Cloud Service Partner
Explanation:
A cloud service partner is a third-party provider of cloud-based services (infrastructure, storage and application, and platform services) through the CSP with which it is associated. The third-party cloud service partner makes use of the cloud service provider’s service in this scenario.
Under the Federal Information Security Management Act (FISMA), all U.S. Government agencies are required to conduct risk assessments that align with what framework?
A. FedRAMP
B. ISO 31000
C. NIST CSF
D. NIST RMF
D. NIST RMF
Explanation:
The NIST Risk Management Framework acts as a guide for risk management practices used by United States federal agencies.
NIST developed the NIST CSF to assist commercial enterprises in developing and executing security strategies. FedRAMP is a cloud-specific version of NIST 800-53 that contains policies and procedures to assist cloud service providers in adopting security controls and risk assessment.
ISO 31000 are “Risk Management - Guidelines,” to be used during the risk management process.
Your organization has been using ISO/IEC 27001 as a reference standard. What are the objectives of your organization in terms of design and implementation?
A. Data Handling Procedures
B. eDiscovery Management Plan
C. Information Security Management System
D. Audit Plan
C. Information Security Management System
Explanation:
ISO/IEC 27001 provides guidelines for creating and managing an ISMS.
All other options would not use ISO/IEC 27001 as a guideline.
In regard to data sanitization, which type of cloud service model requires special considerations as the data is often more interconnected throughout the platform?
A. SaaS
B. IaaS
C. DaaS
D. PaaS
A. SaaS
Explanation:
Data sanitization in cloud environments already differs from that of on-prem environments since physical destruction methods are not possible. However, of the three types of cloud service models (which include IaaS, PaaS, and Saas), SaaS requires special consideration because the data is often far more interconnected than in the other two service models.
DaaS is not an accepted cloud service model.
Data that is easily searchable and organized within a database is known as:
A. Unstructured Data
B. Uncorrelated Data
C. Correlated Data
D. Structured Data
D. Structured Data
Explanation:
In cloud environments, redundancy can be broken up into two areas: internal redundancy and external redundancy. Which of the following is an example of external redundancy?
A. Networking
B. Storage units
C. Generators
D. Power Distribution Units
C. Generators
Explanation:
External redundancy includes power feeds/lines, power substations, generators, generator fuel tanks, network circuits, building access points, and cooling infrastructure.
Internal redundancy includes power distribution units, power feeds to rack, cooling units, networking, storage units, and physical access points.
Which of the following would benefit the MOST from a private cloud deployment?
A. A healthcare organization that needs to keep all of its patients data secure, no matter the cost
B. A student building a lab for testing purposes
C. A medium-sized business that requires some data to be kept confidential, but also has a lot of non-private data stored
D. A small business that needs to keep costs low
A. A healthcare organization that needs to keep all of its patients data secure, no matter the cost
Explanation:
Private clouds are the most expensive of the cloud deployments, but they are also the most secure. This is because the owner of the private cloud controls and retains ownership of all the data in that cloud. Healthcare organizations have to meet HIPAA requirements and, therefore, patient data must be kept extremely safe.
An organization has just completed the design phase of developing their business continuity and disaster recovery (BCDR) plan. What is the next step for this organization?
A. Test the plan
B. Implement the plan
C. Revise
D. Assess Risk
B. Implement the plan
Explanation:
The steps of developing a BCDR plan are as follows: Define scope, gather requirements, analyze, assess risk, design, implement, test, report, and finally, revise. Once an organization has completed all of the design phase, they are ready to implement their BCDR plan. Even though the plan has already gone through design, it will likely require some changes (both technical and policy-wise) during implementation.
An organization implemented a data rights management program. The cloud security specialist has been tasked with the responsibility of ensuring an in-depth report on the usage and access history that can be generated for all files. Which of the following BEST represents this functionality?
A. Replication Restrictions
B. Continuous Auditing
C. Rights Revocation
D. Persistent Protection
B. Continuous Auditing
Explanation:
Continuous auditing ensures that you can provide an in-depth report on usage and access history for all files that are protected by data rights management.
Which of the following would benefit the MOST from using a hybrid cloud?
A. A group of organizations looking to create a shared service for all their customers to use
B. A healthcare company that needs to ensure that all of their data is kept extremely secure and private, no matter the expense
C. A small business that doesnt have much sensitive data and is just looking to move email to the cloud
D. An organizations that only requires certain items are kept very secure, but cant afford a full private cloud
D. An organizations that only requires certain items are kept very secure, but cant afford a full private cloud
Explanation:
Hybrid clouds are the best solution for any organization that requires the security of a private cloud for some, but not all, of their data. By only needing some of the data to be kept in a private cloud, the expense of building a full private cloud can be greatly reduced.
The process of removing all identifiable characteristics from data is known as:
A. Obfuscation
B. Anonymization
C. Hashing
D. Masking
B. Anonymization
Explanation:
Anonymization is a method used in data de-identification. Unlike masking or obfuscation, in which the data is replaced, hidden, or removed entirely, anonymization is the process of removing any identifiable characteristics from data. It is often used in conjunction with another method such as masking.
An attacker is trying to steal data regarding a new product that an organization is developing. The attacker has planted malware on the system and has left it on the system for eight months.
What is the name of this type of attacker?
A. Malicious Insider
B. Insecure API
C. Worm
D. Advanced Persistent Threat
D. Advanced Persistent Threat
Explanation:
Many types of malware and malicious programs are loud and aim to disrupt a system or network. Advanced persistent threats are the opposite. Advanced persistent threats (APTs) are attacks which attempt to steal data and stay hidden on the system or network for as long as possible. The longer the APT can stay in the system, the more data it is able to collect.
A network engineer wants to move all of his organization’s physical hardware to the cloud. This includes routers, switches, firewalls, and servers. He is looking for a service that will allow him to manage the operating systems of the servers and all of the applications that will be installed on the servers, but he no longer wants to have to manage any physical hardware.
Which type of cloud provider would BEST fit this network engineer’s needs?
A. IaaS
B. MaaS
C.PaaS
D. SaaS
A. IaaS
Explanation:
Infrastructure as a Service (IaaS) providers will provide cloud customers with everything they need from a hardware standpoint, including routers, switches, firewalls, and servers. The customer will still be responsible for managing all of the software and operating systems, but will not need to manage any hardware.
Your organization is conducting a test of its disaster recovery plan. The team members take the steps needed in case of a disaster while critical systems continue to run. Which type of disaster recovery plan testing are they conducting?
A. Full cutover
B. Simulation
C. Parallel
D. Tabletop
C. Parallel
Explanation:
In a parallel test, team members replicate the procedures necessary in the event of a disaster. Their objective is to ensure that critical business operations can continue to function in parallel if existing systems are affected by a disaster.
All other options are types of business continuity and disaster recovery plan tests.
Of the following, which feature of cloud computing allows data to move between multiple cloud providers seamlessly?
A. Portability
B. Interoperability
C. Resiliency
D. Auditability
A. Portability
Explanation:
Portability is the feature that allows data to move between multiple cloud providers without any issues.
Interoperability is a term used to describe the ease with which components of an application can be moved or reused. Resiliency is the ability to recover quickly after an issue has occurred. Auditability is the ease with which a cloud environment can be audited.
Which of the following is a disadvantage of resource pooling?
A. Interoperability
B. Self-service
C. Auditiability
D. Multi-tenancy
D. Multi-tenancy
Explanation:
Resource pooling is one of the many benefits of cloud computing. Multiple clients share a set of resources, such as servers, storage, and application services, and each customer pays only for the resources they consume. This can create a problem when resources are pooled, since multi-tenancy may result, and a competitor or rival may share physical hardware with you. If the system is compromised, particularly the hypervisor, sensitive data may be exposed.
An organization had a large amount of private data stolen by a hacker and then leaked online. This is an example of which type of threat?
A. Malicious Insider
B. Advanced Persistent Threat
C. Account Hijacking
D. Data Breach
D. Data Breach
Explanation:
A data breach occurs when data is leaked or stolen, either intentionally or unintentionally.
Which of the following statements regarding responding to risk is FALSE?
A. An organization can transfer risk via insurance policies to cover financial costs of successful exploits
B. Organizations may opt to implement procedures and controls to ensure that a specific risk is never realized
C. Risk mitigation typically depends on the results of a cost benefit analysis
D. There is never an appropriate scenario in which to accept a risk
D. There is never an appropriate scenario in which to accept a risk
Explanation:
There are times when a company may choose to simply accept a risk rather than do anything to deal with it. This is often done when the cost of mitigating the risk outweighs the cost of simply dealing with the consequences if the risk was to occur.
A small business was unhappy with its cloud provider’s services. For this reason, the business decided to remove all data and applications from its cloud provider’s environment and move to a new cloud provider. It was able to do so without any major impact on its production and operations.
What term BEST describes the ability to do this?
A. Reversibility
B. Rapid Elasticity
C. On-demand Self-service
D. Multitenancy
A. Reversibility
Explanation:
Reversibility is the ability of a cloud customer to quickly remove all data, applications, and anything else that may reside in the cloud provider’s environment, and move to a different cloud provider with minimal impact on operations.
Which should be the PRIMARY concern for all cloud customers when looking into cloud providers?
A. Ensuring 100% uptime
B. Ensuring the confidentiality and integrity of their data
C. Cost
D. Preventing vendor lock in
B. Ensuring the confidentiality and integrity of their data
Explanation:
While things like uptime, cost, and preventing vendor lock-in are all important concerns, the primary concern when reviewing cloud providers should always be ensuring the confidentiality and integrity of data. Because of this, it’s vital that cloud customers know where and how their data is going to be stored at all times.
You are accountable for the security of medical records at a community hospital. Which types of data are you safeguarding?
A. PCI
B. PII
C. PD
D. PHI
D. PHI
Explanation:
You are safeguarding protected health information that may be contained within the medical records you are accountable for. These can be in the form of lap reports, visit summaries or other types of medical records.
Personally identifiable information (PII) is unique to an individual, such as a Social Security number or phone number. Payment card industry (PCI) is not a data type. Personal data (PD) is not a known acronym.
Private clouds are more expensive than other cloud deployment models. With that in mind, what unique feature does a private cloud offer that makes it a better choice for certain organizations?
A. Multitenancy
B. Rapid Elasticity
C. Ownership Retention
D. Disaster Recovery
C. Ownership Retention
Explanation:
Private clouds are a must for organizations that need to retain complete ownership of their entire cloud environment. Public, hybrid, and community clouds can’t offer this.
A college student is looking to set up her own cloud server so that she can install a few programs and create a lab. She needs a cloud option that is cost-effective and will allow her to only pay for what she needs. She doesn’t have the funds to purchase and maintain her own hardware.
Which cloud model would suit this student’s needs the BEST?
A. Community Cloud
B. Private Cloud
C. Public Cloud
D. Hybrid Cloud
C. Public Cloud
Explanation:
A public cloud would be the best option for this student because it is the least expensive and will allow her to pay only for the resources that she uses. Since she is planning to use the server as a lab environment, it’s unlikely that security will be a large concern for this student.
As part of the risk management process, an engineer has been asked to perform an assessment where hard values such as SLE, ARO, and ALE can be used for a numerical analysis.
Which type of assessment has this engineer been asked to perform?
A. Risk benefit analysis
B. Cost Benefit Analysis
C. Quanitative Assessment
D. Qualitative Assessment
C. Quanitative Assessment
Explanation:
The two main types of assessments used in the risk management process are quantitative assessments and qualitative assessments. Qualitative assessments are nonnumerical assessments. Quantitative assessments use values such as single loss expectancy (SLE), annual loss expectancy (ALE), and annual rate of occurrence (ARO) for a numeric approach.
Which cloud storage type operates as a web service call or as an API?
A. Structured
B. Unstructured
C. Object
D. Volume
C. Object
Explanation:
Object storage is a storage type used in IaaS cloud environments which operates as an API or a web service call. In object file storage, files are stored in an independent system and given a value for retrieval and reference.
During which phase of the TLS process is the connection between the two parties negotiated and established?
A. TLS Negotiation
B. TLS Functional Protocol
C. TLS Record Protocol
D. TLS Handshake Protocol
D. TLS Handshake Protocol
Explanation:
TLS (transport layer security) is broken up into two main phases: TLS Handshake Protocol and TLS Record Protocol. During the TLS Handshake Protocol, the TLS connection between the two parties is negotiated and established.
During the TLS Record Protocol, the actual secure communications method for transmitting data occurs.
It is important that the security team is involved at every step of the software development lifecycle. What is the FIRST step of the software development lifecycle?
A. Development
B. Requirement Gathering and Feasibility
C. Testing
D.Design
B. Requirement Gathering and Feasibility
Explanation:
The initial step of the software development lifecycle (SDLC) is to gather all of the requirements and determine their feasibility. This is determined through setting goals, reviewing the timeline for the project, performing cost analysis, and reviewing possible risks of the project.
Which term BEST describes a group of hosts combined together to achieve the same purpose, such as redundancy or fail over?
A. Multitenancy
B. Cluster
C. VPN
D. SAN
B. Cluster
Explanation:
A cluster is a group of hosts that are combined together to achieve the same purpose, such as redundancy, configuration synchronization, fail over, or to minimize downtime. Clusters can be groups of hosts that are physically or logically grouped together. Clusters are handled as one unit, meaning that resources are pooled and shared between the hosts within the group.
The software as a service (SaaS) hosting model uses which of the following types of storage methods?
A. Structured
B. Object
C. Volume
D. Content and File Storage
D. Content and File Storage
Explanation:
Each cloud service model uses a different method of storage as shown below:
Software as a Service (SaaS) - content and file storage, information storage and management Platform as a Service (PaaS) - structured, unstructured Infrastructure as a Service (IaaS) - volume, object
An engineer entered a data center and noticed that the humidity level was 20 percent relative humidity. What risk could this pose to systems?
A. Condensation may form causing water damage
B. Excess electrostatic discharge
C. There is not risk because 20% relative humidity is the ideal humidity level
D. Systems may overheat and fry internal components
B. Excess electrostatic discharge
Explanation:
The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) recommends that data centers have a moisture level of 40-60 percent relative humidity. Having the humidity level too high could cause condensation to form and damage systems. Having the humidity level too low could cause an excess of electrostatic discharge which may cause damage to systems.
What type of testing is performed during the maintenance phase of software development to guarantee that changes to the software program do NOT destroy existing functionality, introduce new vulnerabilities, or resurface previously resolved vulnerabilities?
A. Unit Testing
B. Integration Testing
C. Regression Testing
D. Useability Testing
C. Regression Testing
Explanation:
Regression testing is carried out during the maintenance phase of the software development lifecycle to ensure that changes to the software program do not break existing functionality, introduce new vulnerabilities, or resurface previously addressed problems.
Which of the following focuses on personally identifiable information (PII) as it pertains to financial institutions?
A. GDPR
B. GLBA
C. FRCP
D. HIPAA
B. GLBA
Explanation:
The Gramm-Leach-Bliley Act, officially named the Financial Modernization Act of 1999, focuses on PII as it pertains to financial institutions, such as banks.
HIPAA is concerned with the privacy of protected healthcare information and healthcare facilities. GDPR is an EU specific regulation that encompasses all organizations in all different industries. FRCP is a set of federal rules for handling civil legal proceedings in federal courts.
In which type of scenario would it make sense to accept risk?
A. When there is a low chance the risk will actually occur, but the cost of dealing with the risk if it did occur would be overwhelming to the organization
B. When the cost to mitigate the risk outweights the cost to simply deal with the risk if it were to occur
C. When simple measures can be put in place within the organization to ensure that the risk is never realized
D. When the cost of mitigating the risk and the cost of dealing with the risk when it occurs are about the same
B. When the cost to mitigate the risk outweights the cost to simply deal with the risk if it were to occur
Explanation:
There are some instances where organizations will choose to accept risk rather than to do anything to deal with it. This is typically done whenever the cost to mitigate the risk outweighs the cost to simply deal with the risk when or if it were to occur.
Accepting the risk would never be a good option if the risk being realized could financially overwhelm an organization.
In log management, what defines which categories of events are and are NOT written into logs?
A. Transparency Level
B. Quality Level
C. Clipping Level
D. Retention Level
C. Clipping Level
Explanation:
Many systems and apps allow you to customize what data is written to log files based on the importance of the data. The clipping level determines which events, such as user authentication events, informational system messages, and system restarts, are written in the logs and which are ignored. Clipping levels are used to ensure that the correct logs are being accounted for.
What should be the FIRST step for any organization that is considering a move to the cloud?
A. Proof of concept
B. Cost-benefit analysis
C. Create a cloud committee
D. Hire a team of cloud experts
B. Cost-benefit analysis
Explanation:
Any organization that is considering a move from an on-premises solution to the cloud should first perform a cost-benefit analysis to ensure that the decision makes sense for its company.
DREAD and STRIDE are both used in which type of business activity?
A. Project Planning
B. Threat Modeling
C. Penetration Testing
D. Vulnerability Scanning
B. Threat Modeling
Explanation:
Threat modeling is the processing of finding threats and risks that face an application or system once it has gone live. This is an ongoing process that will change as the risk landscape changes and is, therefore, an activity that is never fully completed. DREAD and STRIDE, which were both conceptualized by Microsoft, are two prominent models recommend by OWASP.
In which layer of the TLS protocol does the secure communications method for transmitting data occur?
A. TLS Handshake Protocol
B. TLS Record Protocol
C. TLS Combined Protocol
D. TLS Connection Protocol
B. TLS Record Protocol
Explanation:
TLS (transport layer security) is broken up into two main phases: TLS Handshake Protocol and TLS Record Protocol. During the TLS Handshake Protocol, the TLS connection between the two parties is negotiated and established. During the TLS Record Protocol, the actual secure communications method for transmitting data occurs.
An organization within the European Union experienced a data breach. During the breach, personally identifiable data was stolen by the attackers. Under which regulation is this organization required to notify the applicable government agencies of the breach within 72 hours?
A. GLBA
B. SOX
C. APEC
D. GDPR
D. GDPR
Explanation:
The European Union implemented GDPR (general data protection regulation), which covers the entire European Union and the European Economic Area. GDPR focuses on the protection of private and personal user data for all EU citizens, regardless of where the data was created, collected, processed, or stored. Any organization that has a data breach where protected or private user information is viewed or stolen by an attacker must report it to the applicable government agencies within 72 hours.
Through Common Criteria, what does an EAL4 score tell us about an organization’s security practices and results?
A. It has been semi-formally designed and tested
B. It has been functionally tested
C. It has been methodically designed, tested and reviewed
D. It has been structurally tested
C. It has been methodically designed, tested and reviewed
Explanation:
The possible EAL (evaluation assurance level) scores are as follows:
EAL1 - Functionally tested EAL2 - Structurally tested EAL3 - Methodically tested and checked EAL4- Methodically designed, tested, and reviewed EAL5 - Semi-formally designed and tested EAL6 - Semi-formally verified design and tested EAL7 - Formally verified design and tested
An organization has implemented a new system and communication protection. The security and compliance officer has been tasked with the responsibility of ensuring that the foundations for all security actions are covered in documentation by setting purpose, scope, roles and responsibilities. What control is being described?
A. Security function isolation
B. Separation of system and user functionality
C. Policy and Procedures
D. Boundary Protection
C. Policy and Procedures
Explanation:
Policies and procedures are a primary control in protecting systems and communications. Defining the objective, scope, roles, and responsibilities of all security actions, policies and procedures establishes a codified framework for all security actions.
An engineer has been asked to determine how much data and information must be restored in order to get to a minimum acceptable operating level after a disaster.
What has this engineer been asked to determine?
A. RSL
B. MTR
C. RPO
D. RTO
C. RPO
Explanation:
The recovery point objective (RPO) is defined as the amount of data and information which must be restored and recovered after a disaster to meet business continuity and disaster recovery objectives.
Which of the following is a security concern within an IaaS environment?
A. System Isolation
B. Multitenancy
C. Cross-site scripting
D. Web Application Security
B. Multitenancy
Explanation:
In an IaaS environment, resources are hosted on a cloud system which is often shared by other cloud customers. Therefore, the cloud provider must take precautions to ensure that the data between the multiple clients is not accessible by the others. This can pose a risk if the cloud provider doesn’t take great care in keeping that separation.
Virtualization hosts, along with which of the following, have BIOS settings in place that control hardware configurations as well as security technologies which assist in preventing access to the BIOS?
A. VUMs
B. TLS
C. RDP
D. TPMs
D. TPMs
Explanation:
TPMs (Trusted Platform Modules) and virtualization hosts have BIOS settings in place that control hardware configurations and security technologies to prevent unauthorized access to the BIOS. It’s important to ensure that access to the BIOS is locked down for all systems to prevent unauthorized changes to the systems at the BIOS-level.
Storage in the cloud typically consists of:
A. RAID and SANs
B. VLANs and SANs
C. RAID and VLANs
D. NAS and VLANs
A. RAID and SANs
Explanation:
Storage in the cloud is very similar to storage used in a traditional datacenter. The storage consists of RAID (redundant array of inexpensive disks) an SANs (storage area networks). These are connected to the virtualized server structure.
Of the following, how is data in use typically protected?
A. Hashing
B. Secure API calls and web services
C. Encrypted transport methods
D. Antivirus
B. Secure API calls and web services
Explanation:
Data in use is protected through secure API calls and web services, which make use of technologies such as digital signatures.
Data in transit is best protected through encrypted transport methods like TLS. To protect data at rest, encryption methods such as AES should be used.
Which of the following is listed on the Cloud Security Alliance’s Treacherous Twelve, but NOT listed on the OWASP Top 10?
A. Injection
B. XML external entities
C. Broken Access Control
D. Denial of Service
D. Denial of Service
Explanation:
A denial of service attack occurs when an attacker (or attackers) flood systems with so much useless traffic that the resources are unable to respond to legitimate traffic. Denial of service is listed as one of the Cloud Security Alliance’s Treacherous Twelve, but is not on the OWASP Top 10 list.
XML external entities, injection, and broken access control are all listed on the OWASP Top 10 list and not the Cloud Security Alliance’s Treacherous Twelve list.
An organization utilized data event logging recommendations by OWASP in their cloud auditing plan. Which of the following is NOT a recommendation?
A. Differing classification schemes
B. Network traffic logs
C. Time synchronization
D. Identity attribution
B. Network traffic logs
Explanation:
The OWASP data event logging cheat sheet does not recommend network traffic logs. However, other logging recommendations by OWASP include:
Synchronize time across all servers and devices Differing classification schemes Identity attribution Application-specific logs Integrity of log files
The full logging cheat sheet is available here: cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
Volume storage is a storage type where a virtual machine has storage allocated to it and configured as a hard drive or file system. In a volume storage system, the main storage is sliced into smaller segments that are then assigned to a virtual machine by a hypervisor and mounted to that machine.
What is the name of the smaller segments described here?
A. VLAN
B. LUN
C. LAN
D. SAN
B. LUN
Explanation:
In a volume storage system, the main storage is sliced into smaller segments, called LUNs (logical units) that are then assigned to a virtual machine by a hypervisor and mounted to that machine.
A SAN is a storage area network, and not a small segment of storage. The terms LAN and VLAN refer to types of networks and are not applicable to this question.
An organization is alerted that a regulatory agency is initiating an investigation against it and the organization must suspend all relevant data destruction activities until the investigation has been fully resolved. What process is being described?
A. Attribution
B. Chain of custody
C. Legal Hold
D. Non-repudiation
C. Legal Hold
Explanation:
When an organization is told that a regulatory body is commencing an inquiry against it, a legal hold should be immediately imposed. The organization must pause all data deletion actions relevant to the investigation until the matter is resolved. A legal hold has significant ramifications for data retention.
A cloud engineer needs to make use of the cloud component that can create, stop, and start virtual machines, as well as provision them with the needed resources such as memory, storage, and CPU.
What cloud component can be used to do all the above items?
A. API
B. Federation Server
C. Software Defined Network
D. Management Plane
D. Management Plane
Explanation:
The management plane in a cloud environment can be used to create, stop and start virtual machines, as well as provision the virtual machines with the needed resources. Because the management plane has access to all the virtual machines from a high level it’s very important that security measures are taken to prevent unauthorized access to the management plane.
After seeing “Broken Authentication” listed as one of the top vulnerabilities on the OWASP Top 10, a security engineer has started looking into options to protect against this.
Which of the following could the engineer implement to help protect against broken authentication?
A. MFA
B. DLP
C. Proper Logging
D. Input Validation
A. MFA
Explanation:
Multi-factor authentication (MFA) is an authentication method in which a user is required to provide two or more types of factors proving they are who they claim to be. For example, a user would need both a password and a randomly generated code sent to their smartphone to access an application. MFA factors are broken up into categories such as something you know (passwords, pin), something you are (biometrics), something you have (key card, smartphone), and something you do (behavioral).
Which of the following BEST defines a trust zone?
A. The ability to shared pooled resources among different cloud customers
B. Virtual tunnels that connect resources at different locations
C. Set of rules that define which employees have access to which resources
D. Physical, logical or virtual boundaries around network resources
D. Physical, logical or virtual boundaries around network resources
Explanation:
A trust zone is a physical, logical, or virtual boundary around network resources. Before a cloud provider can implement trust zones, they must undergo threat and vulnerability assessments to determine where their weaknesses are within the environment. This will help to determine where trust zones would be most useful.
The main method of protecting data at rest is which of the following?
A. Encrypted transport methods such as TLS
B. Secure APIs
C. Antivirus
D. Encryption
D. Encryption
Explanation:
The main method for protecting data at rest is to use encryption methods such as AES.
Data in transport is protected by encrypted transport methods such as TLS. To protect data in use, secure API calls and web services must be used.
The mechanism that directs and controls the provisioning and use of cloud services both internally and externally is referred to as
A. SLA
B. Governance
C. Privacy
D. Interoperability
B. Governance
Explanation:
Governance is the system by which the provisioning and usage of cloud services are directed and controlled. Governance will put a framework in place to ensure compliance with regulatory obligations.
All other options are shared cloud considerations.
When systems are given a set of seed data and patterns to search for and then continuously change their behavior depending on information and analysis of continuing trends, this process is referred to as?
A. Quantum Computing
B. Blockchain
C. Machine Learning
D. Artificial Intelligence
C. Machine Learning
Explanation:
Artificial intelligence relies heavily on machine learning. Machine learning enables a solution to learn and develop on its own without the need for extra programming. Intrusion detection, email filtering, and virus scanning are all examples of current machine learning usage.
Blockchain, quantum computing and artificial intelligence are other related technologies.
When conducting functional testing, which is NOT an important consideration?
A. Testing must use limited information about the application
B. Testing must be realistic for all environments
C. Testing must be sufficient to have reasonable assurance there are no bugs
D. Testing must be designed to exercise all requirements
A. Testing must use limited information about the application
Explanation:
Testing that must use limited information about the application is called grey-box testing and occurs after functional testing and deployment.
Functional testing is performed on an entire system and the following are important considerations: Testing must be realistic, must exercise all requirements, and be bug free.
When developing a business continuity and disaster recovery (BCDR) plan, what step should be completed after the scope has been defined?
A. Analyze Risk
B. Gather requirements
C. Report and revise
D. Test the plan
B. Gather requirements
Explanation:
After defining the scope, the next step of developing a BCDR plan is to gather requirements. This stages determines what should be included in the plan and looks at items such as the recovery time objective (RTO) and recovery point objective (RPO). It will be necessary during this stage to identify critical systems within the environment.
What is the FINAL stage of the risk management process?
A. Monitoring the risk
B.Transferring the risk
C. Framing the risk
D. Responding to the risk
A. Monitoring the risk
Explanation:
After a risk has been responded to, whether by accepting, transferring, avoiding, or mitigating the risk, it must still be monitored. Monitoring the risk is an ongoing process to determine if the same threats and risk still exist in the same form. Monitoring risk serves as a way to ensure that current risk evaluations and mitigation meet current regulatory requirements.
An engineer is adding validation processes to an application that will check that session tokens are being submitted by the valid and original obtainer of the token.
What OWASP Top 10 vulnerability is this engineer mitigating by doing so?
A. Insecure deserialization
B. Broken Access Control
C. Security Misconfiguration
D. Broken Authentication
D. Broken Authentication
Explanation:
The OWASP Top 10 is an up to date list of the most critical web application vulnerabilities and risks. Broken authentication refers to the ability for an attacker to hijack a session token and use it to gain unauthorized access to an application. This risk can be mitigated by adding proper validation processes to ensure that session tokens are being submitted by the valid and original obtainer of the token.
What is the first step in establishing communications with vendors?
A. Creating a support ticket
B. Inventory of critical parties
C. Set up bidirectional communication
D. Review documentation
B. Inventory of critical parties
Explanation:
The first step in communicating with vendors is to compile a list of all key third parties on which the business relies. This inventory will serve as the basis for risk management operations with third parties or vendors. Additionally, contact with vendors will be nearly entirely driven by contract and service level agreement obligations.
All other options are not steps in establishing communications with vendors.
What is generally part of the development coding phase of the SSDLC?
A. Unit Testing
B. Integration testing
C. Acceptance testing
D. Useability Testing
A. Unit Testing
Explanation:
The coding phase of the SSDLC covers the generation of software components as well as integrations and the build of the overall solution. Unit testing is part of the coding process. This is a developer’s test of the modules that are being developed as part of a larger architecture. All of the module’s pathways must be tested.
Which of the following places controls on how protected health information must be handled in the United States?
A. HIPAA
B. SOX
C. GDPR
D. PCI
A. HIPAA
Explanation:
In the United States, any protected health information (PHI) must be kept secure and confidential. The Health Insurance Portability and Accountability Act (HIPAA) places controls on how PHI must be handled and protected.
Which OWASP Top 10 vulnerability is defined as the capacity of unauthenticated users to see unauthorized and sensitive data, perform unauthorized functions, and modify access rights?
A. Injection
B. Sensitive Data Exposure
C.Broken Authentication
D. Broken Access Control
D. Broken Access Control
Explanation:
Broken access control vulnerabilities may enable authenticated users to view unlawful and sensitive data, perform unauthorized functions, and modify access privileges. It is imperative that applications perform checks when each function is accessed to ensure the user is properly authorized to access it.
Your organization needs to come up with a plan to continue operations during and after an incident. What can the cloud provide during and after an incident?
A. Resiliency
B. Performance
C. Privacy
D. Governance
A. Resiliency
Explanation:
Resilience is the ability to continue operating under adverse or unexpected conditions. Many organizations plan a resiliency strategy that includes internal resources and the capabilities of the cloud. A cloud strategy allows the company to continue to operate during and after an event such as a natural disaster or severe weather event.
Performance, governance and privacy are other shared cloud considerations.
The move to utilize cloud resources partnered with an increasingly regulated and dispersed supply chain elevates the priority of stakeholder coordination. Which of the following stakeholder groups is the LEAST likely to have contracts or formal agreements with a cloud provider?
A. Regulators
B. Partners
C. Customers
D. Vendors
A. Regulators
Explanation:
CSPs are likely to have contracts or some form of agreement with vendors, partners, and customers, but rarely (if ever) with a regulator.
The CCSP is responsible for ensuring their cloud environment is in compliance with all regulatory obligations applicable to their organization.
An organization needs to use multiple data formats, including both JSON and XML, in their cloud deployment. Which API type should they use?
A. REST
B. DAST
C. SAST
D. SOAP
A. REST
Explanation
Representational State Transfer (REST) is a software architectural scheme which support multiple data types, including both JSON and XML.
Simple Object Access Protocol (SOAP) supports only the use of XML-formatted data types, so it would not work for the organization. DAST and SAST are testing methodologies and are not API types.
Which of the following allows the cloud provider to manage all the hosts in the environment from a centralized location?
A. Virtual Dashboard
B. Management Plane
C. Hypervisor
D. Software Defined Network
B. Management Plane
Explanation:
The management plane allows for cloud providers to manage all the hosts from a centralized location instead of needing to log into each individual server when needing to perform tasks. The management plane is typically hosted on its own dedicated server.
Emilia is a cloud security engineer. She needs to verify the integrity and completeness of data stored within a cloud environment. Which of the following technologies can help Emilia to ensure the integrity of data in a cloud environment?
A. Hashing
B. Obfuscation
C. Metadata
D. Mapping
A. Hashing
Explanation:
If multiple files contain the exact same data, they will produce the same hash value as long as the same hashing algorithm is used. In this way, hashing can verify integrity. In order to do this, a hash value must be created for the original data. Next time the data is accessed, the same hashing algorithm can be used to verify integrity. If the hash value is different from the first hash value, then the data has changed in some way.
The ability to confirm the origin or authenticity of data to a high degree of certainty is known as:
A. E-Discovery
B. Non-repudiation
C. Compliance
D. Encryption
B. Non-repudiation
Explanation:
Nonrepudiation is the ability to confirm the origin or authenticity of data to a high degree of certainly. Nonrepudiation is typically done through methods such as hashing and digital signatures.
An engineer is using DREAD for threat modeling. Which is the correct algorithm when using DREAD to determine the quantitative value for risk and threats?
A. RISK_DREAD = (Damage + Restoration + Exploitability + Affected Users + Discoverability) / 5
B. RISK_DREAD= (Damage + Recoverability + Exploitability + Affected Users + Discoverability) / 10
C. RISK_DREAD= (Damage - Reproductibility + End Users Affected - Awareness + Discoverability) / 10
D. RISK_DREAD = (Damage + Reproductibility + Exploitability + Affected Users + DIscoverability) /5
D. RISK_DREAD = (Damage + Reproductibility + Exploitability + Affected Users + DIscoverability) /5
Explanation:
DREAD looks at the categories of damage potential, reproducibility, exploitability, affected users, and discoverability. Risk is given a value of 0 to 10 in each category, with 10 being the highest risk value. The algorithm used in DREAD is RISK_DREAD = (Damage + Reproducibility + Exploitability + Affected Users + Discoverability) / 5
According to the ASHRAE, what is the ideal temperature for a data center?
A. 49.8 - 70.6 degrees F
B. 64.4 - 80.6 degrees F
C. 55.7 - 78.5 degrees F
D. 70.2 - 85.0 degrees F
B. 64.4 - 80.6 degrees F
Explanation:
Due to the amount of systems running, data centers produce a lot of heat. If the systems in the data center overheat, it could fry the systems and make them unusable. In order to protect the systems, adequate and redundant cooling systems are needed. The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) recommend that the ideal temperature for a data center is 64.4 - 80.6 degrees F.
Which of the following statements regarding VLANs is TRUE?
A. VLANs are dependent on the physical wiring and cabling infrastructure
B. VLANs work the best if implemented in the same geographical location
C. VLANs can be used across multiple datacenters without concerns for geographical location
D. VLANs are used to allow remote access for employees working outside the office
C. VLANs can be used across multiple datacenters without concerns for geographical location
Explanation:
VLANs are not dependent on the physical infrastructure at all, so this makes them ideal for network segmentation across multiple datacenters without the need to worry about the geographical location.
As cloud service customers, the majority of businesses will get communications from their cloud service providers. What are the primary responsibilities of cloud service customers?
A. Defining SLA terms
B. Creating support tickets
C. Active participants in the Shared Responsibility Model
D. Provide IT services
A. Defining SLA terms
Explanation:
Receiving communications from CSPs doesn’t imply much responsibility. However, cloud customers have a critical accountability to define SLA terms. This will ensure that the CSC receives the proper level of communication, and through the correct channels from the CSP.
All other options support communications with relevant parties.
A cloud engineer needs to rapidly deploy an application package throughout a large cloud environment. Which of the following could this engineer use to accomplish this easily?
A. MDM
B. Machine Learning
C. Containers
D. Key management
C. Containers
Explanation:
A wrapper that contains all of the configuration, code, and libraries needed for an application, which can be rapidly deployed across a cloud environment, is known as a container.
Which of the following is an example of the Internet of Things (IoT)?
A. A computer with the capability to analyze data in a human-like manner
B. A computing device that can perform actions that it has not been programmed to do
C. An engineer using cryptography to link a list of records together
D. A smart refrigerator that can send a grocery list to the owner via a push notification to their mobile phone
D. A smart refrigerator that can send a grocery list to the owner via a push notification to their mobile phone
Explanation:
The Internet of Things (IoT) refers to non-traditional devices (such as lamps, refrigerators, and other home devices) having access to the Internet to perform various processes.
What networking practice is based on hierarchical, distributed tables, and when a change is made to the relationship between a domain and a specific IP address, the change is registered at the top of the hierarchical table and filters down to all remaining entries?
A. DHCP
B. TLS
C. VPN
D. DNS
D. DNS
Explanation:
The Domain Name Service (DNS) is how computers translate IP addresses to domain names. When a user wants to communicate with another machine, the user’s machine queries a device within the DNS table to get the correct address.
All other options are other basic networking practices or protocols.
An engineer is moving an application from one cloud provider to another cloud provider. Which of the following gives him the ability to do this?
A. Cloud Data Portability
B. Multitenancy
C. Rapid Elasticity
D. Cloud Application Portability
D. Cloud Application Portability
Explanation:
The ability to move an application between multiple cloud providers is known as cloud application portability, while cloud data portability refers, instead, to the ability to move data between cloud providers.
Rapid elasticity refers to the ability to quickly (or rapidly) expand resources in the cloud as needed. Multitenancy is the term used to describe a cloud provider housing multiple customers and/or applications within an environment.
A large organization has just implemented a SIEM. Their main reason for implementing this SIEM was to take data from many different sources and have it housed in a single indexed system.
Which function of a SIEM is being described here?
A. Reporting
B. Alerting
C. Aggregation
D. Compliance
C. Aggregation
Explanation:
Security information and event management (SIEM) systems are able to take data and logs from a large number of sources and house it in one single indexed system. This process is known as aggregation.
During a cyber investigation, it is critical that any time evidence changes hands, it is documented. What is this process known as?
A. Chain of Custody
B. Evidence Correlation
C. Non Repudiation
D. Evidence Retention
A. Chain of Custody
Explanation:
During an investigation, it’s important that there is a paper trail which can document where evidence was and who was handling it at any given time. This process is known as chain of custody. Chain of custody is crucial in investigations so that evidence is usable in court.
Which of the following organizations publishes security standards applicable to any systems used by the federal government and its contractors?
A. SOC
B. NIST
C. ISO
D. ISACA
B. NIST
Explanation:
The National Institute of Standards and Technology (NIST) is a part of the United States government which is responsible for publishing security standards applicable to any systems used by the federal government and its contractors.
An application utilizes a browser token to maintain state, but it doesn’t have any validation processes in place to ensure that the token is submitted by the original and valid obtained of the token. An attacker was able to hijack a browser token and gain unauthorized access to application.
Which of the OWASP Top 10 vulnerabilities is this an example of?
A. XML External Entities
B. Insecure Deserialization
C. Injection
D. Broken Authentication
D. Broken Authentication
Explanation:
Broken authentication occurs when applications do not have the proper controls or processes in place to secure their authentication and session tokens. This type of vulnerability allows for attackers to hijack session tokens and use them for their own nefarious purposes.
A small enterprise would like to move their environment from one cloud provider to another. However, the cloud provider implemented techniques which have made it very difficult to move their systems to a new provider. What is this an example of?
A. Provider Control
B. Data Elasticity
C. Vendor Lock-In
D. Cloud Proprietary
C. Vendor Lock-In
Explanation:
Vendor lock-in is the term used to describe the scenario in which a cloud customer is stuck using one cloud provider for one reason or another. Vendor lock-in can occur when the cloud provider has implemented technologies that make it difficult for the customer to move their data without hassle to another provider.
An engineer is working on developing a process that will allow his organization to manage and control the risks and impacts associated with changes. What is this process called?
A. Capacity Management
B. Continuity Management
C. Deployment Management
D. Change Management
D. Change Management
Explanation:
The change management process is concerned with the impact of change on the organization. This change can include the implementation of new systems or simply configuration changes to already existing systems. Change management allows for changes in the organization to only be made by following a strict and structured procedure.
What two organizational activities are reliant on identifying and mapping the location of data within an organization?
A. Antivirus and DLP
B. Supply chain management and communications
C. Problem management and Continuous Improvement
D. Asset Inventory and Risk Assessment
D. Asset Inventory and Risk Assessment
Explanation:
Identification and mapping of data locations within an organization is crucial for asset inventory and risk assessment tasks. According to a common adage, you cannot secure your assets if you are unaware they exist. Mapping enables a business to keep track of its assets, which is crucial for risk assessment and asset protection.
All other options are important activities within an organization. However, they are not reliant on mapping the location of data within the organization.
A person’s birth date is an example of what type of PII?
A. Direct Identifier
B. Indirect Identifier
C. Descript Identifier
D. Nondescript Identifier
B. Indirect Identifier
Explanation:
PII (personally identifiable information) is broken up into direct and indirect identifiers. Because a birth date is not enough information to identify just one single person, it is an indirect identifier.
An example of a direct identifier would be a social security number. Nondescript and descript identifiers are not real types of PII.
When an application is accessed via a network and is NOT installed locally onto a user’s computer, this application is known as which of the following?
A. Tenant
B. Measured Service
C. Cloud Application
D. IaaS
C. Cloud Application
Explanation:
When an application resides in the cloud and is accessed via the network, instead of being locally installed on a user’s computer, it is known as a cloud application.
A measured service is a method for billing for cloud services. A tenant is the term used to describe one or more cloud customers sharing the same pool of resources. IaaS stands for infrastructure as a service and is a cloud service category in which the provider supplies infrastructure devices such as servers, network devices, etc.
The following are examples of what?
Microsoft Active Directory Domain Services
Microsoft Azure Active Directory
Google Cloud Discovery
Amazon Services Directory
A. Federated Identities
B. CASB
C. APIs
D. Identity Providers
D. Identity Providers
Explanation:
Identity providers create and manage security principals (users, devices, and software). On-premises and cloud-based identity providers can be synchronized so that users can access on-premises and cloud-based applications using their existing on-premises credentials. Identity providers support identity federation. Identity federation allows multiple parties to trust the use of a central identity provider. This eliminates the requirement for each application to create its own user credentials.
Which of the following is an example of a sandboxing strategy?
A. Application Virtualization
B. Encryption
C. Orchestration
D. Tokenization
A. Application Virtualization
Explanation:
Sandboxing can be done with application virtualization by employing containers, which allow applications to be bundled with all dependencies and rigorous configuration management. While testing code or apps, sandboxing isolates components while protecting the operating system and other applications.
Encryption, Tokenization and Orchestration are other ways to protect components such as operating systems and applications.
IRM can be used as a means for:
A. Data control and data modification
B. Data classification and data deletion
C. Data modification and data deletion
D. Data classification and control
D. Data classification and control
Explanation:
Information rights management (IRM) can be used as a means for data classification and control. It isn’t used as a means for data modification or data deletion.
Your organization is considering using a data rights management solution that incorporates dynamic policy controls. Which of the following is the MOST accurate description of this functionality?
A. Data is secure no what where it is stored
B. Permissions can be modified after a document has been shared
C. The illicit or unauthorized copying of data is prohibited
D. Expiration dates and time-limitations can be applied
B. Permissions can be modified after a document has been shared
Explanation:
Dynamic policy controls allow data owners to modify the permissions for their protected data even after it has been shared with others.
All other options are descriptions of functionalities provided by other features of data rights management solutions.
To allow automation and orchestration within a cloud environment, what network protocol must be enabled?
A. IPSec
B. DHCP
C. DNS
D. SSL
B. DHCP
Explanation:
The Dynamic Host Configuration Protocol (DHCP) assigns an IP address and other networking information to devices in the network automatically. This facilitates the creation of a centralized management system. New hosts can be activated with DHCP, as well as hosts that need to be auto-scaled, dynamically optimized, or relocated between physical hardware programmatically. DHCP allows network information to be readily updated and changed as needed.
IPSEC, DNS and SSL are other networking protocols that work together with DHCP.
In terms of cloud services, at what point are there concerns regarding data protection and privacy present?
A. During a contract
B. At the end of a contract
C. All options are correct
D. During the erasure or destruction of data
C. All options are correct
Explanation:
Privacy concerns are present during and after a contract, as well as during data erasure or destruction.
Your organization is transitioning from one cloud service provider to another and is apprehensive that data will remain retrievable even after it has been requested to be destroyed. Which data disposal method is the BEST for ensuring data recovery is impossible?
A. Anonymization
B. Clearing
C. Crypto-shredding
D. Mapping
C. Crypto-shredding
Explanation:
The optimal solution would be cryptographic shredding. Crypto-shredding encrypts the data and then destroys the encryption key, rendering the data unrecoverable.
All other options are data security methods. However, there is a possibility that data can be recovered after it has been destroyed.
What management strategy is focused on preventing issues from occurring within a system or process in a proactive manner?
A. Release Management
B. Incident management
C. Service Level Agreement
D. Problem management
D. Problem management
Explanation:
Problem management is focused on preventing potential issues from occurring within a system or process.
All other options are types of management strategies.
Which of the following is NOT one of the main cloud service categories?
A. Infrastructure service capability
B. Platform service capability
C. Software service capability
D. Internet Service Capability
D. Internet Service Capability
Explanation:
The three main cloud service categories are infrastructure service capability, platform service capability, and software service capability.
What is used to consolidate large amounts of structured data, often from desperate sources inside or outside the organization, with the goal of supporting business intelligence and analysis efforts?
A. Data warehouse
B. Data mart
C. Data Lake
D. Data Mining
A. Data warehouse
Explanation:
A data warehouse is structured storage in which data has been normalized to fit a defined data model.
All other selections are data storage mechnisims
Which of the following operates by consuming a large amount of data and analyzing that data for patterns?
A. Internet of Things
B. Machine Learning
C. Block Chaining
D. Artificial Intelligence
D. Artificial Intelligence
Explanation:
Artificial intelligence is the ability of devices to perform human-like analysis. Artificial intelligence operates by consuming a large amount of data and recognizing patterns and trends in the data.
An engineer has implemented data loss prevention solutions that are installed on each of the systems which house and store data. This includes any servers, workstations, and mobile devices which hold data.
These DLP solutions are used to protect data in which state?
A. Data in transit
B. Data at rest
C. Data in use
D. Data in motion
B. Data at rest
Explanation:
In order to protect data at rest (DAR), data loss prevention (DLP) solutions must be deployed on each of the systems that house data, including any servers, workstations, and mobile devices. This is the simplest of DLP solutions but, in order to be most effective, it may also require network integration.
Due to the volume of log data generated by systems, it poses a challenge for organizations when performing log reviews. What can an organization implement to help solve this issue?
A. SIEM
B. DLP
C. Next-generation firewall
D. IDS/IPS
A. SIEM
Explanation:
An organization’s logs are valuable only if the organization makes use of them to identify activity that is unauthorized or compromising. Due to the volume of log data generated by systems, the organization can implement a System Information and Event Monitoring (SIEM) system to overcome these challenges. The SIEM system provides the following:
Log centralization and aggregation Data integrity Normalization Automated or continuous monitoring Alerting Investigative monitoring
All other options are security solutions implemented within an organization.
An attack on which of the following would give an attacker complete control over the entire environment?
A. Management plane
B. Hypervisor
C. Software defined network
D. Virtual host
A. Management plane
Explanation:
The management plane is used by cloud providers to manage all of the hosts from one centralized location. If the management plane were to be compromised, the attacker would have complete control over the entire cloud environment.
Of the following, which term describes the “slices” of the main storage infrastructure which are then allocated virtual machines in volume storage?
A. LUNs
B. RAM
C. CPU
D. RAID
A. LUNs
Explanation:
Volume storage is where storage is allocated to a virtual machine and configured as a typical hard drive and file system on that server. In a volume storage system, the main storage system is sliced into pieces called LUNs (logical units) and then allocated to a particular virtual machine by the hypervisor.
Which phase of the cloud data lifecycle is the first phase in which security controls are implemented to protect data at rest?
A. Create
B. Destroy
C. Use
D. Store
D. Store
Explanation:
While security controls are implemented in the create phase in the form of SSL/TLS, this only protects data in transit and not data at rest. The store phase is the first phase in which security controls are implemented to protect data at rest.
In the shared responsibility model, the consumer will always be responsible for what in the IaaS, SaaS, and PaaS models?
A. Identity and access management
B. Network security
C. Application security
D. Data classification
D. Data classification
Explanation:
In any cloud deployment model, IaaS, PaaS, or SaaS, the cloud consumer will be responsible for any control over the data they store in the cloud. This includes its classification.
All other options are functions in the cloud. However, the cloud deployment model being used will determine who is responsible.
Data dispersion is BEST described as which of the following?
A. Data can be easily erased from a cloud provider system
B. Data can be distributed across many data centers in different geographical locations
C. Data storage can quickly be added to a cloud environment with little intervention from the cloud provider
D. Data can be quickly moved from one cloud provider to another
B. Data can be distributed across many data centers in different geographical locations
Explanation:
Data dispersion is the concept that data can be distributed across many data centers in different geographical locations. This is a key benefit in cloud environments because it provides disaster recovery. Having data in numerous geographical locations reduces the risk of traditional problems posed by disaster scenarios.
Which of the following statements regarding type 2 hypervisors is TRUE?
A. Due to being software-based, it’s less likely that an attacker will be able to inject malicious code into the hypervisor.
B. Due to being hardware-based, it’s less likely that an attacker will be able to inject malicious code into the hypervisor.
C. Due to being software-based, they are more vulnerable to flaws and exploits than type 1 hypervisors.
D. Due to being hardware-based, they are more vulnerable to flaws and exploits than type 1 hypervisors.
C. Due to being software-based, they are more vulnerable to flaws and exploits than type 1 hypervisors.
Explanation:
Since type 1 hypervisors are tied into the physical hardware of the machine, it can be more difficult to inject malicious code. However, type 2 hypervisors are software-based and operate independent of the hardware. This can make type 2 hypervisors more susceptible and vulnerable to flaws and software exploits than type 1 hypervisors.
Although the cloud data lifecycle is not necessarily iterative, it does have distinct phases. What is the proper sequence of the data lifecycle phases?
A. Create, Use, Share, Store, Archive, Destroy
B. Create, Store, Share, Use, Archive, Destroy
C. Create, Store, Use, Share, Archive, Destroy
D. Create, Use, Store, Share, Archive, Destroy
C. Create, Store, Use, Share, Archive, Destroy
Explanation:
Create, Store, Use, Share, Archive, Destroy are the phases in the cloud data lifecycle, in order.
All other options are in the incorrect order.
Which of the following statements regarding SOAP and REST is TRUE?
A.REST only allows the use of XML-formatted data.
B. REST is typically only used when technical limitations prevent the use of SOAP.
C. SOAP does not allow for caching, making it less scalable and having lower performance than REST.
D. SOAP supports a wide variety of data formats, including both JSON and XML.
C. SOAP does not allow for caching, making it less scalable and having lower performance than REST.
Explanation:
SOAP does not allow for caching, making it less scalable and having lower performance than REST. Because of this, SOAP is typically used only when there are restrictions which prevent the use of REST in the environment.
REST is more flexible and supports a variety of data formats, including both JSON and XML, while SOAP only allows the use of XML-formatted data.
An engineer wants to ensure the security of a single host. She would like to run a program on that host which would analyze all inbound and outbound traffic for that specific host.
Which of the following should this engineer use?
A. NIDS
B. HIDS
C. Honeypot
D. IPS
B. HIDS
Explanation:
A host intrusion detection system (HIDS) runs on a single host and analyzes all inbound and outbound traffic for that host to detect possible intrusions.
A network intrusion detection system (NIDS) is similar to a HIDS, but rather than running on a single host, it analyzes all of the traffic on the network. An intrusion prevention system (IPS) works in the same manner as a NIDS, but it also has the capability to prevent attacks rather than just detect them. A honeypot is an isolated system used to trick an attacker into believing that it is a production system.
A breach occurred at a doctor’s office in which information about a patient’s medical history and treatment were stolen. What type of data has been stolen in this scenario?
A. PCD
B. PCI
C. PHI
D. PII
C. PHI
Explanation:
PHI, which stands for protected health information, includes a wide spectrum of data about an individual and their health. Medical history, treatment, lab results, demographic information, and health insurance information is all considered to be PHI.
Because an organization is in a multitenant cloud, they have decided that they need to implement cryptography and encryption into their cloud application.
In order to provide maximum security and high performance, which of the following should be used?
A. SSL 2.0
B. TLS 1.3
C. TLS 1.2
D. SSL 3.0
B. TLS 1.3
Explanation:
TLS (transport layer security) has replaced SSL (secure sockets layer) as the best encryption of network traffic. Currently TLS 1.3 is the latest form of TLS and should be used, as it provides maximum security and high performance.
An organization is in the process of fighting a civil legal battle with a previous employee. The organization has requested that one of their engineers search for and collect electronic data (such as emails and stored files) regarding the case so that it can be used in the court proceedings.
What task has this engineer been asked to complete?
A. eDiscovery
B. eForensics
C. Digital examination
D. Digital discovery
A. eDiscovery
Explanation:
eDiscovery is the process of searching for and collecting electronic data of any kind (emails, digital images, documents, etc.) so that the data can be used in either civil legal proceedings or criminal legal proceedings.
Which of the following BEST describes a SOC?
A. A centralized group in an organization that handles network configurations
B. A centralized group in an organization dedicated to addressing general help desk tickets
C. A centralized group in an organization that handles security issues
D. A centralized group in an organization dedicated to collecting evidence for digital forensics cases
C. A centralized group in an organization that handles security issues
Explanation: A SOC (security operations center) is a centralized group within an organization that handles security issues.
A NOC (network operations center) is a centralized group within an organization that handles network configurations. SOC engineers are not likely to handle general help desk tickets or collect evidence for a forensics investigation.
Which of the following is widely considered to be the “gold standard” in regard to the security of information systems and their data?
A. NIST SP 800-53
B. PCI DSS
C. FIPS 140-2
D. ISO/IEC 27001
D. ISO/IEC 27001
Explanation:
The ISO/IEC 27001, with its newest update of 27001:2013 is widely considered to be the gold standard in regard to the security of information systems and their data.
In the cloud, what are the major cloud performance concerns?
A, Availability and bandwidth
B. Encryption and security
C. Identity and access
D. Virtualization
A, Availability and bandwidth
Explanation:
In the cloud, the primary performance issues are network availability and bandwidth. A network is a critical component of cloud services. If the network is down, the service will be unavailable. If the service is unavailable, performance will be impacted.
All other options are minor cloud performance concerns.
Virtualization in the cloud is powerful and has specific risks. Who is responsible for protecting the hypervisor under the shared security model of the cloud?
A. Cloud service provider
B. Cloud data center operations
C.Cloud service customer
D. Cloud service broker
A. Cloud service provider
Explanation:
In a shared security model, the cloud service provider controls the hypervisor. If the hypervisor is compromised, all virtual machines running on it may be vulnerable as well. As a result, the CSP’s role in securing the hypervisor is important.
All other options are roles related to the cloud.
An engineer needs to protect confidential information, but doesn’t want to go through the complexity of encryption. Instead, the engineer is going to use a technique in which data is replaced by an arbitrary value generated by an application. The application is then able to map the arbitrary value back to the original value.
What is this technique known as?
A. Tokenization
B. De-identification
C. Hashing
D. Key management
A. Tokenization
Explanation:
Tokenization is a method used to protect data without needing to go through the process of encryption. In tokenization, an application is used to replace confidential data with an arbitrary value (known as a token). The application has the ability to map the token back to the original data when needed.
An application uses application-specific access control and users must authenticate with their own credentials to gain their allowed level of access to the application. A user was able to log into the application using another user’s credentials and received an elevated level of privileges due to this.
According to the STRIDE threat model, what type of threat is this?
A. Spoofing identity
B. Insufficient due diligence
C. Broken authentication
D. Tampering with data
A. Spoofing identity
Explanation:
The STRIDE threat model has six threat categories, including spoofing identity, tampering with data, repudiation, information disclosure, denial of service, and elevation of privileges. When a user is able to gain access to something they shouldn’t by using another user’s account, this is known as spoofing identity. It’s important to have controls in place to prevent users from leveraging another user’s account to gain additional permissions.
Which is NOT an overall countermeasure strategy to mitigate risks in the cloud environment?
A. Secure configuration management
B. User education
C. Security by design
D. Due diligence
B. User education
Explanation:
Due diligence on vendors, a trusted cloud service provider, security built into system design, encryption, and CSP security configuration management tools are all risk mitigation strategies in the cloud environment. User education is critical, but it is not as successful as the countermeasures outlined above
A user is moving data from one system to another. What phase of the cloud data lifecycle is occurring?
A. Archive
B. Store
C. Share
D. Create
D. Create
Explanation:
Any time data can be considered new, it is in the create phase. Data can be considered new whenever it is newly created, moved from one system to another, or modified into a new form.
An engineer has recently started working for an organization. They are concerned about which regulations might affect how long they need to retain or store financial and accounting data.
Which of the following regulations does this engineer need to be aware of to address the organization’s concerns?
A. GLBA
B. SOX
C. APEC
D. HIPAA
B. SOX
Explanation:
SOX (Sarbanes-Oxley Act) regulates accounting and financial practices within an organization. IT engineers need to be aware of SOX, as it can affect which type of data needs to be stored/retained, and for how long.
Using two or more storage servers together to increase performance, capacity, and reliability is known as which of the following?
A. Storage area network
B. Dynamic optimization
C. Clustered storage
D. Network attached storage
C. Clustered storage
Explanation:
A cluster is taking two or more systems and treating them as one entity. Clustered storage is the process of taking two or more storage servers and combining them to increase performance, capacity, and reliability. Storage clusters are used in cloud environments because high availability is extremely important.
Which API relies on the HTTP protocol to support data formats such as XML an JSON?
A. SOAP
B. FTP
C. SOP
D. REST
D. REST
Explanation: The REST (representational state transfer) API relies on the HTTP protocol and supports a variety of data formats including both XML and JSON. It allows for caching, which increases performance and scalability.
Data loss prevention (DLP) is made up of three common stages. Which of the following is the FIRST stage of DLP implementation?
A. Enforcement
B. Data de-identification
C. Monitoring
D. Discovery and classification
D. Discovery and classification
Explanation:
DLP is made up of three common stages which include discovery and classification, monitoring and, finally, enforcement. Discovery and classification is the first phase, as the security requirements of the data must be addressed.
Which is NOT one of the three key elements of incident management?
A. Incident response team
B. Incident classification
C. Incident response plan
D. Root-cause analysis
B. Incident classification
Explanation:
Incident management exists to help organizations plan for incidents, identify when they occur, and restore normal operations as quickly as possible with minimum adverse impact. This is referred to as a capability, or the combination of procedures and resources needed to respond to incidents. It generally comprises of three key elements: incident response plan (IRP), incident response team (IRT), and root-cause analysis.
Incident classification ensures an incident is dealt with correctly. It is important to determine how critical an incident is and prioritize the response appropriately.
Which of the following is NOT one of the four main categories for responding to risk?
A. Avoiding risk
B. Transferring risk
C. Ignoring risk
D. Accepting risk
C. Ignoring risk
Explanation:
After risk has been identified and evaluated, either through qualitative or quantitative assessments, the decision must be made on how to respond to risk. There are four main categories for responding to risk, which include accepting risk, avoiding risk, transferring risk, and mitigating risk.
Ignoring the risk is not one of the four categories.
During which phase of the cloud data lifecycle would data undergo overwriting?
A. Archive
B. Use
C. Store
D. Destroy
D. Destroy
Explanation:
As the name suggests, the destroy phase is where data is removed completely from a system (or “destroyed”) and should be unable to be recovered. In cloud environments, methods such as degassing and shredding can’t be used because they require physical access to the hardware. Instead, in cloud environments, techniques like overwriting and cryptographic erasure are used to destroy the data.
Which one of the ten key principles of GAPP focuses on organizations having well documented and communicated privacy policies and procedures?
A. Collection
B. Management
C. Security for privacy
D. Quality
B. Management
Explanation:
The management principle of the Generally Accepted Privacy Principles (GAPP) focuses on ensuring that organizations have well documented privacy policies and procedures. In addition, this information is communicated to necessary parties, and official measures are taken to ensure accountability.
Your organization currently hosts its cloud environment in the organization’s data center. The organization utilizes a provider for their backup solution in accordance with their business continuity plan. Which configuration BEST describes their deployment?
A. Private cloud, private backup
B. Cloud service backup, private backup
C. Cloud service backup, third-party backup
D. Private cloud, cloud service backup
D. Private cloud, cloud service backup
Explanation:
The organization is using their own private data center with backups being replicated to the cloud.
Who is responsible for the security of the public internet?
A. Users
B. CSC
C. CSP
D. ISP
A. Users
Explanation:
The individuals using the public internet are responsible for security. Security is a shared responsibility.
The CSP, CSC or ISP would not be responsible.
Which of the following standards establishes internationally recognized standards for eDiscovery?
A. ISO/IEC 27050
B. ISO/IEC 27002
C. ISO/IEC 27018
D. ISO/IEC 27001
A. ISO/IEC 27050
Explanation:
ISO/IEC 27050 provides internationally accepted standards related to eDiscovery processes and best practices.
All other options are technology standards set forth by the International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC)
In which phase of implementing a cloud data center should security be considered?
A. Testing
B. Design
C. Implementation
D. Maintenance
B. Design
Explanation:
Security is extremely important to consider when implementing a cloud data center. Due to its importance, security should be taken into consideration in the design phase so that it doesn’t have to be added as an afterthought later on.
Insecure services such as FTP are disallowed on all organization systems. However, an FTP client is found on a terminal server. What can the organization do to ensure there are no other internal servers responding to FTP requests?
A. Antivirus Scan
B. Patch Scan
C. Penetration Test
D. Vulnerability Scan
D. Vulnerability Scan
Explanation:
By running a vulnerability scan, the organization can easily identify a server responding to FTP requests. This vulnerability indicates a system that does not conform to the baseline configuration and that requires immediate remediation action.
Securing supply chain management software in the cloud and securely connecting vendors globally through cloud services reduces what type of risk?
A. IT-related Risk
B. Cloud-Related Risk
C. Software-related Risk
D. Application-related
A. IT-related Risk
Explanation:
Supply chain management entails a plethora of dangers, one of which is cloud computing. By protecting supply-chain management software in the cloud and securely linking providers globally via cloud services, risk associated with information technology is reduced.
Which type of plan allows an organization to be prepared for what needs to be done in the event of a disaster or critical failure?
A. Data privacy
B. BCDR
C. SOC
D. DLP
B. BCDR
Explanation:
A business continuity and disaster recovery (BCDR) plan lays out the steps for what an organization must do immediately following a disaster or critical failure. BCDR plans should be regularly tested to ensure that they will work in the event of a real situation. BCDR plans cover what to do in the event of scenarios such as natural disasters, acts of war, equipment failures, and utility failures.
A forensic investigator must complete the task of identifying, collecting, and securing electronic data and records so that they can be used in a criminal court hearing.
What task is this forensic investigator completing?
A. Chain of custody
B. eDiscovery
C. Repudiation
D. Digital sweep
B. eDiscovery
Explanation:
eDiscovery is the process of searching for and collecting electronic data of any kind (emails, digital images, documents, etc.) so that the data can be used in either civil legal proceedings or criminal legal proceedings.
Structured and unstructured storage pertain to which of the three cloud service models?
A. SaaS
B. DaaS
C. IaaS
D. PaaS
D. PaaS
Explanation:
Each cloud service model uses a different method of storage as shown below:
Platform as a Service (PaaS) - structured, unstructured Infrastructure as a Service (IaaS) - volume, object Software as a Service (SaaS) - content and file storage, information storage and management
DaaS is not a real type of cloud service model.
Which of the following is the MAIN concern for using a BCDR solution in the cloud?
A. The number of organizations that share the same cloud environment as your organization
B. The location where the data is stored and the local laws and jurisdictions that apply to it
C. The number of individuals who have access to the data and their credentials
D. The cost and timeline for recovery
B. The location where the data is stored and the local laws and jurisdictions that apply to it
Explanation:
When using a cloud environment as a BCDR solution, it’s likely that data will be housed in numerous cloud datacenters in various geographical locations. It’s important to take into consideration what types of regulations and jurisdictions are applicable to the locations where your data is being stored.
Which eDiscovery investigative method includes services set forth by pre-arranged contractual obligations that can be exercised when necessary?
A. On-Premises eDiscovery
B. Third-party eDiscovery
C. Hosted eDiscovery
D. SaaS-based eDiscovery
C. Hosted eDiscovery
Explanation:
With Hosted eDiscovery, your cloud service provider incorporates eDiscovery into contractual responsibilities that can be executed as needed. However, a list of pre-selected forensic solutions may have limitations.
SaaS-based eDiscovery is hosted on the cloud and is used to collect, store, and evaluate evidence by investigators and law firms. Third-party eDiscovery is not bound by contract and can be engaged to undertake eDiscovery operations on an as-needed basis. On-premises eDiscovery is a distractor.
An organization has too many systems for administrators to manually configure network settings on each one. Which technology can this organization implement to handle the assigning of network configurations from a central server?
A. IPSec
B. DHCP
C. TLS
D. DNS
B. DHCP
Explanation:
DHCP (dynamic host configuration protocol) runs on a centralized server and is able to dynamically assign network configurations such as IP address, DNS server address, and other settings to systems on the network. This removes the need for administrators to go around to each computer and statically assign network information.
Which of the following regulatory requirements applies to a retail clothing store that accepts credit cards?
A. NFPA
B. HIPAA
C. PCI DSS
D. FISMA
C. PCI DSS
Explanation: PCI DSS (Payment Card Industry Data Security Standard) is a regulatory requirement that applies to financial and retail environments, specifically those that accept payment cards.
Of the following, performing checks against client browsers to ensure they meet security standards can help to mitigate which vulnerability?
A. Insufficient logging
B. Injection
C. Sensitive data exposure
D. XML external entities
C. Sensitive data exposure
Explanation:
Even with proper encryption methods put in place, sensitive data is still at risk if the client’s browser is insecure. In order to help mitigate this vulnerability, web applications can perform checks against client browsers to ensure they meet security standards. If the browser doesn’t meet the security standards, it will not be granted access to the web application.
The cloud enables operations in geographically dispersed places and increases hardware and data redundancy. What is the end result of this in terms of disaster recovery and business continuity?
A. Lower RPOs and RTOs B. Lower RTOs and Higher RPOs C. Higher RSLs D. Lower RPOs and RSLs E. Higher RTOs and RPOs
A. Lower RPOs and RTOs
Explanation:
The capacity to operate in geographically remote locations and to provide increased hardware and data redundancy results in lower recovery time objectives (RTOs) and recovery point objectives (RPOs) for disaster recovery and business continuity.
The recovery service level (RSL) measures the percentage of the total production service level that needs to be restored to meet BCDR objectives.
Of the following technologies, which can be used to verify the integrity of data?
A. Hashing
B. Encryption
C. Tokenization
D. Key management
A. Hashing
Explanation:
Hashing is a process that can be used to verify the integrity of data. This is because if you use the same hashing algorithm on the same data time and time again, the hash value that is generated will be the same. If the data is changed, the hash value will be different, confirming that the integrity of the data is not intact.
While encryption, key management, and tokenization can help you to protect data, they can’t guarantee the integrity of the data.
According to studies, the later in the software development that phase errors are discovered, the more expensive it is to remedy them. What can be done to avert such problems?
A. SAMM
B. OWASP
C. SSDF
D. SSDLC
D. SSDLC
Explanation:
Including security in the Software Development Lifecycle (SDLC) aids in the creation of secure software. The Secure Software Development Lifecycle (SSDLC) is expected to yield software solutions that are more secure against attack, minimizing the risk of important business and consumer data being exposed.
Which of the following can be used on the network to stop attacks automatically when an intrusion has been detected?
A. IPS
B. IDS
C. HIDS
D. Honeypot
A. IPS
Explanation:
An intrusion prevention system (IPS) is placed at the network level. It analyzes all traffic on the network in the same way as an IDS. However, rather than simply alerting administrators when an intrusion is detected, it can actually stop and block the malicious traffic and prevent an attack from occurring automatically.
Which of the following statements regarding recovery time objectives is false?
A. The role of IT is to implement the decision and to meet the business RTO.
B. The organization requires complete information on RTO solutions and associated expenses.
C. RTOs are an IT decision.
D. IT’s responsibility is to assist the organization with RTO options and costs.
C. RTOs are an IT decision.
Explanation:
Recovery time objectives are a business decision and not an IT decision. IT’s responsibility is to assist the organization with RTO options and costs. To make the best decision, the organization requires complete information on RTO solutions and associated expenses. Once a decision is reached, it is up to IT to implement it and make all attempts to adhere to the business RTO.
Which entity would be responsible for only providing identity and access management?
A. Cloud broker
B. CASB
C. CSP
D. Service Provider
B. CASB
Explanation:
One of the services provided by a Cloud Access Security Broker (CASB) is the monitoring of Identity and Access Management (IAM) in your cloud. A CASB does not provide any other services. A cloud access security broker (CASB) sits between the cloud application and the customer. This service keeps track of all activities and ensures that corporate security requirements are followed.
Which of the following statements regarding “portability” is TRUE?
A. Transitioning between a traditional data center model and a cloud environment is typically a seamless, simple, and transparent process.
B. Even legacy systems from traditional data centers are typically programmed to work within a cloud environment.
C. It is unlikely that controls or configurations will require any reengineering or changes to work in the cloud.
D. It is unlikely that an application from a traditional data center model can simply be picked up and dropped into a cloud environment.
Michael needs to perform data destruction within a public cloud model. What method is Michael able to use?
A. Shredding
B. Overwriting
C. Incineration
D. Degaussing
B. Overwriting
Explanation:
Michael will not be able to perform incineration, shredding, or degaussing because these require physical access, which is not available in a public cloud.
Overwriting is the process of writing a pattern of ones and zeros over the data. For especially sensitive data, it may be best to overwrite the data more than once.
REST and SOAP are two common examples of which of the following?
A. Policies
B. State regulations
C. Security protocols
D. APIs
D. APIs
Explanation:
Cloud environments rely heavily on APIs (application programming interfaces) for both access and function. SOAP (simple object access protocol) and REST (representation state transfer) are two examples of commonly used APIs.
RSL, recovery service level, can BEST be described as:
A. The average time it takes to recover services back to their normal production state
B. The length of time that is acceptable for services to be offline or unavailable during a disaster recovery scenario
C. The percentage of data needed to be restored to meet BCDR objectives
D. The percentage of the performance level which must be restored to meet BCDR objectives
D. The percentage of the performance level which must be restored to meet BCDR objectives
Explanation:
Recovery service level (RSL or RSL%) is a newer term used to describe the percentage of the performance level which needs to be restored to meet BCDR objectives. For example, an RSL of 50% would specify that the DR system would need to operate at a minimum of 50% of the performance level of the normal production system.
Which of the following terms is used to describe the minimum amount of data needed to be recoverable by an organization for it to function at an acceptable level?
A. MTR
B. RSL
C. RPO
D. RTO
C. RPO
Explanation:
RPO stands for recovery point objective, and it is the minimum amount of data that would be needed to be retained and recovered for an organization to function at a level which is acceptable to stakeholders. The RPO does not mean that the organization has to be operating at full capacity, just at an acceptable level where crucial systems are online.
The General Data Protection Regulation (GDPR) covers which of the following?
A. United States
B. Russian Federation
C. China
D. European Union
D. European Union
Explanation:
The General Data Protection Regulation, or GDPR, is a regulation and law which affects all countries in the European Union (EU) and the European Economic Area. The purpose of the GDPR is to protect data on all citizens of the EU, regardless of where the data is created, stored, or processed.
While similar legislation has and will be implemented in other parts of the world, GDPR specifically covers the EU.
Which of the following events is likely to cause the initiation of a BCDR plan?
A. Moving offices
B. An earthquake
C. A manager forgetting their password
D. Changing internet providers
B. An earthquake
Explanation:
Business continuity and disaster recovery (BCDR) plans are likely to be initiated as a result of the following: natural diaster (earthquakes, floods, tornadoes, etc.), terrorist attacks or acts of war, equipment failures, utility failures or disruptions, and service provider failures.
The other items listed should not result in the initiation of a BCDR plan.
Your cloud environment has changed significantly during the last year. Several of these adjustments resulted in service interruptions. You’ll want to develop a mechanism to track these modifications, and rollback if necessary. What are the requirements for your cloud?
A. Configuration management
B. Data management
C. Resource management
D. Change management
A. Configuration management
Explanation:
Configuration management is required. Configuration management technologies aid in cloud deployment management by centrally storing and archiving cloud configurations. It enables the tracking of configuration changes and the identification of the individuals who made the changes. These provisions enable you to guarantee that your cloud conforms with applicable regulations.
All other selections are operational controls and standards within an organization.
What does the “R” in the DREAD threat model stand for?
A. Reproducibility
B. Repudiation
C. Rapid deployment
D. Reconstruction
A. Reproducibility
Explanation:
The DREAD threat model looks at five categories, including damage potential, reproducibility, exploitability, affected users, and discoverability. Reproducibility is the measure of how easy an exploit is to reproduce.
Which of the following is NOT one of the three values needed for performing a quantitative assessment?
A. MTR
B. SLE
C. ARO
D. ALE
A. MTR
Explanation:
When performing a quantitative assessment, the values needed are the single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).
MTR stands for mean time to recovery, which is not used when performing a quantitative assessment.
In a cloud environment, the key functionality of applications and the management of the cloud are based on which of the following?
A. TPMs
B. iSCSI
C. APIs
D. KVM
C. APIs
Explanation:
In a cloud environment, the key functionality of applications and the management of the cloud are based on APIs (application programming interfaces). It’s very important that APIs are implemented in a secure and appropriate manner. When possible, TLS (transport layer security) should be used for API communication.
Which type of attack could be caused by a compromised DHCP server?
A. Redirecting legitimate users to compromised or spoofed systems
B. Flooding the systems on the network with traffic so that they can’t reply to legitimate traffic
C. Stealing personally identifiable information (PII)
D. All files on the network being encrypted by an attacker
A. Redirecting legitimate users to compromised or spoofed systems
Explanation: A DHCP (dynamic host configuration protocol) is used to automatically configure network settings on systems without the need for admins to do this manually on each computer. DHCP servers must be kept secure. If a DHCP server were to be compromised, the attacker would have access to change network settings that are given out by the DHCP server. This would allow them to redirect legitimate users to compromised or spoofed systems.
Which of the following is a benefit of using a private cloud over a hybrid, community, or public cloud deployment?
A. Security
B. Easier setup
C. Most scalable
D. Less expensive
A. Security
Explanation:
The private cloud deployment model is the most secure cloud deployment model. However, private clouds do not offer an easier setup, less expense, or more scalability than the other cloud deployment methods.
Which statement is false in regards to validated open-source software?
A. Open-source software is validated in a business environment.
B. Open-source software must follow the same verification as commercial software.
C. Open-source software has less risk because it’s inexpensive.
D. Open-source software has the advantage of code being available.
C. Open-source software has less risk because it’s inexpensive.
Explanation:
The widespread idea that open-source software carries fewer risks due to its low cost is false. Risk is defined by the asset being protected, not by the cost of the software being employed. Losing your data to low-priced software does not mitigate the expense of a data breach and exfiltration
Which attack can be used to deface a web page?
A. Cross-site request forgery
B. Cross-site scripting
C. Broken authentication
D. SQL injection
B. Cross-site scripting
Explanation:
A cross-site scripting attack is a type of injection attack. It occurs when an attacker is able to inject malicious code into a web application. While this type of attack is mainly used to execute scripts and hijack a user’s session, it can also be used to deface or edit a web page without going through any authentication processes. The web application runs the scripts injected without validating them.
What is the MAIN reason that eDiscovery is typically easier in a traditional data center than it is in a cloud environment?
A. Systems aren’t able to be simply physically isolated and preserved in a cloud environment
B. Cloud providers are often not willing to work with lawyers on legal matters
C. There are no tools available to perform eDiscovery in a cloud environment
D. Organizations don’t own any of the data they store in the cloud
A. Systems aren’t able to be simply physically isolated and preserved in a cloud environment
Explanation:
When eDiscovery must be done within a traditional data center, it’s possible to physically isolate the system and preserve the data. In a cloud environment, however, many cloud customers are using the same hardware, so it’s not possible to physically isolate a system and preserve it. Instead, special measures must be taken to achieve eDiscovery in a cloud environment.
Which of the following is TRUE regarding virtualization?
A. The most important component to secure in a virtualized environment is the hypervisor
B. It’s more important to secure the virtual images than the management plane in a virtualized environment
C. Virtual images are susceptible to attacks whether they are running or not
D. Virtual images are susceptible to attacks only when they are online and running
C. Virtual images are susceptible to attacks whether they are running or not
Explanation:
Virtual images are susceptible to attacks, even when they are not running. Due to this, it’s extremely important to ensure the security of where the images are housed.
Ensuring that the management plane and the hypervisor are secured is the first step to ensuring the virtual images are secure. The management plane is the most important component to secure first because a compromise of the management plane would lead to a compromise of the entire environment.
When enforcing OS baselines, which of the following is LEAST likely to be covered?
A. Data retention
B. Approved protocols
C. Compliance requirements
D. Approved access methods
A. Data retention
Explanation:
OS baselines establish and enforce known good states of system configuration, and focus on ensuring least privilege and other security OS and application best practices. Each configuration option should match a risk mitigation (security control objective).
Data retention and other data-specific requirements are not commonly part of an OS baseline
Under the General Data Protection Regulation (GDPR) passed in the EU, how long does a data controller have to notify the applicable government agency after a data breach or leak of personal or private information?
A. 48 hours
B. 72 hours
C. 96 hours
D. 24 hours
B. 72 hours
Explanation:
Under GDPR, data controllers must notify the applicable government agencies within 72 hours of a data breach or leak of personal or private information; however, there are some exemptions for law enforcement and national security agencies. GDPR is mostly focused on scenarios where the data is viewable by a malicious party, rather than instances where the data is erased or encrypted.
What is the purpose of hot/cold aisles?
A. Hot aisles are used in colder climates, while cold aisles are mainly used in warmer clients
B. Servers are placed in cold aisles, while network equipment is placed in hot aisles
C. Some systems require more more cooling than others, so the systems are separated into hot and cold rows
D. To avoid one row of racks pushing hot air directly into another row
D. To avoid one row of racks pushing hot air directly into another row
Explanation:
Heating and cooling within a data center is a very important component. Servers and network equipment use a lot of energy which, in turn, produces a lot of hot air. In order to avoid one row of racks pushing hot air directly into another row, many data centers will use the concept of hot/cold aisles. This practice includes alternating rows of physical racks in order to have hot and cold rows for optimal air flow.
What are the functions of substitution, shuffling, value variance, nullification, and encryption on data used for?
A. Obfuscation
B. Discovery
C. DLP
D. Tokenization
A. Obfuscation
Explanation:
Obfuscation is the process of replacing, concealing, or erasing sensitive data from a data set. By substituting random or replaced data for sensitive data fields, it can be swiftly employed without exposing sensitive information to systems. Substitution, shuffling, value variance, nullification, and encryption are all methods for concealing data.
Which of the following standards was developed by a joint privacy task force consisting of the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants?
A. SOX
B. GDPR
C. ISO/IEC 27018
D. GAPP
D. GAPP
Explanation:
GAPP (Generally Accepted Privacy Principles) is a privacy standard developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. GAPP contains ten main privacy principles and is focused on managing and preventing threats to privacy.
In order to access their cloud environment remotely, a cloud engineer set up a method to connect in. This method uses a system which is publicly accessible on the Internet; however, the machine is extremely hardened to prevent attacks and is focused to allow access to a single application.
Which of the following did the cloud engineer create?
A. Bastion host
B. VPN
C. Federated server
D. Jump server
A. Bastion host
Explanation:
A bastion host is a method for remote access to a secure environment. The bastion host is an extremely hardened device that is typically focused on providing access to one application or for one particular usage. Having the device set up in this focused manner makes hardening it more effective. Bastion hosts are made publicly available on the Internet
Which of the following is officially known as the “Financial Modernization Act of 1999”?
A. General Data Protection Regulation
B. Asian-Pacific Economic Cooperation
C. The Gramm-Leach-Bliley Act
D. The Sarbanes-Oxley Act
C. The Gramm-Leach-Bliley Act
Explanation:
Although it is officially named the Financial Modernization Act of 1999, it is most commonly known as and referred to as the Gramm-Leach-Bliley Act, or GLBA. This name pays tribute to the lead sponsors and authors of the act. GLBA is focused on protecting personally identifiable information (PII) as it related to financial institutions.
The architecture of an encryption system has three components. Which of the following is NOT one of the three components?
A. Hashing algorithm
B. Encryption engine
C. Encryption keys
D. Data
A. Hashing algorithm
Explanation:
The three basic components of an encryption system include the data itself, the encryption engine, and the encryption keys.
Hashing is a separate technology from encryption used to verify the integrity of data. Hashing algorithms are used in hashing and are not a part of encryption.
In which phase of the cloud data lifecycle should security controls using SSL/TLS be implemented?
A. Create phase
B. Use phase
C. Share phase
D. Store phase
A. Create phase
Explanation:
The create phase is an ideal time to implement technologies such as SSL/TLS technologies with the data that is inputted or imported. It should be done in the create phase so that the data is protected initially before any further phases.
What is a cloud storage architecture that organizes data into fields based on the properties of individual data elements?
A. Database
B. Raw-data
C. File-based
D. Object-based
A. Database
Explanation:
Databases store data in fields, following a related pattern.
All other options are cloud storage architectures.
The decisions regarding where traffic is filtered or sent to and the actual forwarding of traffic are separate from each other when which of the following technologies is being used?
A. SAN
B. SDN
C. VLAN
D. VPN
B. SDN
Explanation:
Within a software defined network (SDN), decisions regarding where traffic is filtered or sent to and the actual forwarding of traffic are completely separate from each other.
A VLAN (virtual local private network) is used to expand a local area network beyond physical/geographical limitations. A VPN (virtual private network) securely provides access to a private network over a public network. A SAN (storage area network) is used for mass storage.
A cloud engineer needs to access the cloud environment remotely for administration purposes. The MOST common ways for engineers to get administrative access are via VPN tunnels and which of the following?
A. Hypervisors
B. Virtual switches
C. Federated servers
D. Jump servers
D. Jump servers
Explanation:
A jump server, sometimes called a jump box, is a hardened and monitored system on the network that has one purpose, which is to be used as a means to access and manage devices in a separate security zone. The jump server will span two different security zones, which makes this possible
Cloud computing would not be possible without the use of which underlying technology?
A. Resource pooling
B. Multitenancy
C. Object storage
D. Virtualization
D. Virtualization
Explanation:
Sometimes, the terms virtualization and cloud computing are used interchangeably. However, they are two very separate concepts. Cloud computing is defined by NIST as “enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.” Virtualization is the underlying technology that makes cloud computing possible.
IPsec can be used to accomplish which of the following?
A. Create an additional layer of security to the DNS protocol
B. Extend a private network over a public network
C. Isolate and segregate portions of the network
D. Encrypt and authenticate packets during transmission between two servers
D. Encrypt and authenticate packets during transmission between two servers
Explanation:
IPsec can be used to encrypt and authenticate packets during transmission between two systems. Examples of this include between two servers, between two network devices, and between network devices and servers.
DNSSEC is used to add an additional layer of security to the DNS protocol. A VPN is used as a way to extend a private network over public network. A VLAN is used to create a logical isolation and separation within a network.
The process of pinpointing an entity (an individual or a system) in a way that they are distinctive from any other identify is known as which of the following?
A. Authorization
B. Identification
C. Auditing
D. Federation
B. Identification
Explanation:
Identification is the process of pinpointing either a system or individual in a way where they are distinctive from any other identify.
Authorization is the process of granting access to resources. Federation is the process of implementing standard processes and technologies across various organizations so that they can join their identity management systems together. Auditing is the process of ensuring compliance with policy, guidelines and regulations.
An engineer is deciding between using a cloud BCDR solution or using a physical/traditional BCDR solution. He must weigh the pros and cons of each solution.
Of the following, which is NOT an advantage to moving to a cloud BCDR solution?
A. Scalability
B. Cost benefits
C. Access from anywhere
D. Full ownership of hardware
D. Full ownership of hardware
Explanation:
Using a cloud provider for a business continuity and disaster recovery (BCDR) solution comes with many benefits, including cost benefits, scalability, and access from anywhere.
Full ownership of hardware is not an advantage of a cloud BCDR solution as the cloud customer doesn’t typically have ownership of the hardware. The hardware will belong to the cloud provider.
Very detailed logging should be in place for which of the following?
A. Wherever the client accesses the management plane only
B. Only specific levels of the virtualization structure
C. Each level of the virtualization infrastructure, as well as wherever the client accesses the management plane
D. Only access to the hypervisor and the management plane
C. Each level of the virtualization infrastructure, as well as wherever the client accesses the management plane
Explanation:
Logging is imperative for a cloud environment. Role-based access should be implemented, and logging should be done at each and every level of the virtualization infrastructure, as well as wherever the client accesses the management plane (such as web portal).
Of the following examples, which is NOT a risk associated with having a BCDR plan?
A. Maintaining redundancy
B. Location changes
C. Functionality with external services
D. Budget
D. Budget
Explanation:
The risks associated with a business continuity and disaster recovery (BCDR) plan include changes in location, maintaining redundancy, having proper failover mechanisms, having the ability to bring services online quickly, and having functionality with external services.
Budget is something that should already be factored in and accounted for and, therefore, should not pose any risks to your BCDR plan.
What adds to security and reduces susceptibility to spoofing by providing origin authority, data integrity, and authenticated denial of service?
A. DNSSEC
B. FQDN
C. PKI
D. SDP
A. DNSSEC
Explanation: DNS security (DNSSEC) extensions is a set of specifications primarily aimed at reinforcing the integrity of DNS. It provides cryptographic authentication of DNS data using digital signatures.
Software defined permitter (SDP), Public Key Infrastructure (PKI), and Fully Qualified Domain Name (FQDN) are distractors.
It is vital to have an understanding of how data located in cloud storage is being accessed by members of an organization. What should be maintained to preserve visibility and promote monitoring?
A. Classification log scheme
B. Centralized logs
C. Chain of custody
D. Application-specific logs
B. Centralized logs
Explanation:
Logging is the process of documenting events or activities that occur against an asset. Logging is crucial for any business since it serves as the primary repository of information about previous events. Security information and event management (SIEM) technology is used to centralize these logs. A SIEM technology enables the collection, analysis, aggregation, correlation and reporting of suspected security incidents in a centralized manner. SIEM solutions can ingest a variety of different forms of log data from hardware, software, and data sources. Logging and a SIEM solution operate in tandem to centralize data and make it visible where it is needed.
The organization has deployed a federated single sign-on system (SSO). The organization is configured to generate tokens for users and send them to the other provider. Which BEST describes the organization’s role?
A. Certificate Authority
B. Domain Registrar
C. Identity Provider
D. Service Provider
C. Identity Provider
Explanation:
The organization would act as the identity provider, while the relying party would act as the service provider. The identity provider is the organization that generates tokens for users.
To take a snapshot and backup a virtual machine, which of the following backup solutions is typically used?
A. All options are correct
B. Agentless
C. Snapshots
D. Agent-based
B. Agentless
Explanation:
Agentless backups generally interact directly with your hypervisor to snapshot and backup your VMs.
All other options do not apply.
Interoperability can BEST be described as:
A. The ability for two customers to share the same pool of resources while being isolated from each other
B. The ease with which resources can be rapidly expanded as needed by a cloud customer
C. The ease with which components of an application or service can be moved or reused
D. The ability of customers to make changes to their cloud infrastructure with minimal input from the cloud provider
C. The ease with which components of an application or service can be moved or reused
Explanation:
Interoperability is the ease with which components of an application or service can be moved or reused.
The ability for two customers to share the same pool of resources while being isolated from each other is known as multitenancy. The ability of customers to make changes to their cloud infrastructure with minimal input from the cloud provider is known as on-demand self-service. The ease with which resources can be rapidly expanded as needed by a cloud customer is called rapid elasticity.
What function is focused on maintaining compliance, and hence assumes the role of a regulator with correctional authority rather than a trusted advisor?
A. Internal auditor
B. External auditor
C. Cloud auditor
D. Compliance auditor
B. External auditor
Explanation:
An external auditor is not employed by the company being audited. An external auditor may be necessary to ensure compliance with information security regulations. Because the external auditor’s primary objective is to ensure compliance, they do not act as a trusted counsel, but rather as a regulator with enforcement authority.
All other options are types of auditors.
What is the MOST commonly used communications protocol for network-based storage?
A. CHAP
B. SAN
C. NetBIOS
D. iSCSI
D. iSCSI
Explanation:
iSCSI allows for the transmission of SCSI commands over a TCP-based network. SCSI allows systems to use block-level storage that behaves like a SAN would on physical servers, but leverages the TCP network within a virtualized environment. iSCSI is the most commonly used communications protocol for network-based storage.
Which of the following is NOT an accurate statement about Remote Desktop Protocol (RDP)?
A. Client-server operation
B. Available to most operating systems
C. GUI access to interact with a remote computer
D. Secure means of remotely accessing machines
D. Secure means of remotely accessing machines
Explanation:
RDP is considered an insecure protocol and should be used only with a private network.
If used over the internet, a VPN should be considered a strict requirement. Additionally, filtering should be applied on the firewall to allow only those with permitted access to connect. RDP is GUI accessible, available for Linux, Mac and Windows devices and uses a client-server operation.
From a legal perspective, what is the MAIN factor that differentiates a cloud environment from a traditional data center?
A. Rapid elasticity
B. Self-service
C. Multitenancy
D. Repudiation
C. Multitenancy
Explanation:
Multitenancy is the main factor, from a legal perspective, which differentiates a cloud environment from a traditional data center. Multitenancy is a concept in cloud computing in which multiple cloud customers may be housed in the same cloud environment and share the same resources. Because of this, the cloud provider has legal obligations to all cloud customers housed on its hardware.
Which of the following statements regarding moving from a data center model to a cloud model is TRUE?
A. Using a cloud environment or a traditional data center will incur the exact same costs.
B. A traditional data center will have higher costs on the operational side and lower costs in regard to hardware.
C. The pricing for cloud computing may be less predictable than that of a traditional data center.
D. A traditional data center is much more secure than a cloud environment.
C. The pricing for cloud computing may be less predictable than that of a traditional data center.
Explanation:
In a traditional data center, it is fairly easy to map out costs for the year, including necessary equipment upgrades and licensing. In a cloud environment with metered pricing, resources are added right as they are needed and, therefore, the cost can change over time, making it unpredictable.
Confidentiality, integrity, and availability are the three core aspects of security. With the recent increase in mobile computing and apps, which of the following has become a fourth core aspect?
A. Privacy
B. Recovery
C. Restoration
D. Budget
A. Privacy
Explanation:
Confidentiality, integrity, and availability are the three core aspects of security. This is often known as the CIA triad. In recent years, as mobile and cloud computing have increased, privacy has become the fourth major aspect of security. While privacy could technically be consolidated within confidentiality, it’s often thought of as its own aspect due to its importance.
What is the FIRST stage of the risk treatment process?
A. Framing risk
B. Defining scope
C. Qualitative assessments
D. Assessing risk
A. Framing risk
Explanation:
In regard to risk treatment and the risk management process, the first stage is framing risk. Framing risk refers to determining what risk and levels are to be evaluated.
Which of the following BEST describes the types of applications that create risk in a cloud environment?
A. Every piece of software in the environment
B. Software with administrator privileges
C. Full application suites
D. Small utility scripts
A. Every piece of software in the environment
Explanation:
Any piece of software, from major software suites to small utility scripts, can have possible vulnerabilities. This means that every program and every piece of software in the environment carries an inherent amount of risk with it. Any software that is installed in a cloud environment should be properly vetted and regularly audited.