Quizzes Flashcards
What are the five Service Organization Control (SOC) Trust Services principles?
A. Security, Confidentiality, Processing Integrity, Availability and Privacy
B. Security, Auditability, Processing Integrity, Confidentiality and Privacy
C. Security, Availability, Customer Integrity, Confidentiality and Privacy
D. Security, Confidentiality, Availability, Processing Integrity and Nonrepudiation
Answer: A. Security, Confidentiality, Processing Integrity, Availability and Privacy
The five so-called Trust Services principles are: security; availability; processing integrity; confidentiality; and privacy.
What portion of the CIA triad (Confidentiality, Integrity, Availability) is affected if a cloud customer cannot get access to the cloud service provider?
A. Availability
B. Integrity
C. Authentication
D. Confidentiality
Answer: A. Availability
This would be an example of lack of access or an availability issue.
The Cybersecurity Framework (CSF) Core consists of which of the following Functions?
A. Identify, Protect, Detect, Respond, Recover
B. Identify, Protect, Detect, Respond, Rebuild
C. Identify, Safeguard, Detect, Respond, Recover
D. Identify, Defend, Protect, Respond, Recover
Answer: A. Identify, Protect, Detect, Respond, Recover
Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, directed NIST to work with other industry stakeholders to develop a voluntary framework — based on existing standards, guidelines and practices — for reducing cyber-risks to critical infrastructure.
Which of the following cloud deployment models is most suitable for a large organization with high security and privacy concerns?
A. Private cloud
B. Public cloud
D. Hybrid cloud
D. Community cloud
Answer: A. Private Cloud
Correct! Private clouds provide the highest degree of control, making them ideal for organizations with significant security and privacy concerns.
Which of the following are principles of cloud security?
A. Confidentiality
B. Integrity
D. Availability
D. Scalability
Answer: A. Confidentiality, B. Integrity, C. Availability
External governance applies to which groups?
A. Data exchange partners, contractors, hosting services, on-site consultants
B. Hosting services, on-site contractors, suppliers, customers
C. Consultants, stockholders, suppliers, outsourced staff
D. On-site and off-site contractors, maintenance vendors, customers, data exchange partners
Answer: A. Data exchange partners, contractors, hosting services, on-site consultants
External governance means applying security requirements to groups that have access to your organization’s information assets. It EXCLUDES stockholders. It may also EXCLUDE customers or suppliers unless you exchange data with them or acquire Information Communications Technology (ICT) products and services from them. So, answers with customers or suppliers may or may not be true.
Vendor lock-in describes what situation?
A. A customer may be unable to leave, migrate or transfer to an alternate CSP.
B. A customer cannot access their data because of availability issues on the CSP side
C. A CSP may not be able to provide service to additional customers due to limited capacity
D. A CSP “locks” customer data because of an ongoing dispute
Answer: A. A customer may be unable to leave, migrate or transfer to an alternate CSP
Vendor lock-in highlights where a customer may be unable to leave, migrate or transfer to an alternate provider due to technical or nontechnical constraints.
The triad security model consists of what?
A. Confidentiality, Integrity and Availability
B. Confidentiality, Implementation, and Availability
C. Confidentiality, Integrity, and Authentication
D. Conditioning, Integrity, and Availability
Answer: A. Confidentiality, Integrity and Availability
The three security concepts of confidentiality, integrity and availability make up the CIA triad. The three opposites of the CIA goals are: disclosure (confidentiality); alteration (integrity); and destruction (availability). This alternate trio is known as DAD.
In the CIA triad, what is confidentiality?
A. Confidentiality is the property that information is not disclosed to system entities (processes, users, devices) unless they have been authorized to access the information.
B. Confidentiality is the property that information is authorized to system entities (users, processes, devices) to access the information
C. Confidentiality is not part of the CIA Triad
D. Confidentiality can prevent unauthorized disclosure of sensitive information
Confidentiality is the property that information is not disclosed to system entities (users, processes, devices) that have been authorized to access the information
Answer: A. Confidentiality is the property that information is not disclosed to system entities (processes, users, devices) unless they have been authorized to access the information.
Confidentiality is the property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information. It also includes preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
In the CIA triad, availability is what?
A. Availability is the timely and reliable access to and use of information by authorized users.
B. Availability is ensuring that systems are up and running so that unauthorized persons and functions can use them when they are needed.
C. Availability does not prevent disruption of service and productivity.
D. Availability is not a part of the CIA Triad.
E. Availability is ensuring that systems are available so that unauthorized persons are prevented from using them.
Answer: A. Availability is the timely and reliable access to and use of information by authorized users.
Availability is the property of being accessible and useable upon demand by an authorized entity, According to NIST, it’s ensuring timely and reliable access to and use of information by authorized users. Said another way, it’s ensuring that systems are up and running so that authorized persons and functions can use them when they are needed.
