Siedel Chapter 4 Review Questions Flashcards
What is the term we use to describe the general ease and efficiency of moving data from one cloud provider to another cloud provider or down from the cloud?
A. Mobility
B. Elasticity
C. Obfuscation
D. Portability
D. Portability
Explanation:
Elasticity is the name for the benefit of cloud computing where resources can be apportioned as necessary to meet customer demand. Obfuscation is a technique to hide full raw datasets, either from personnel who do not have a need to know or for use in testing.
The various models generally available for cloud BC/DR activities include all of the following except _______
A. Private architecture, cloud backup
B. Cloud provider, backup from the same provider
C. Cloud provider, backup from another cloud provider
D. Cloud provider, backup from private provider
D. Cloud provider, backup from private provider
Explanation:
This is not a normal configuration and would not likely provide genuine benefit
Countermeasures for protecting cloud operations against external attackers include all of the following except ___________
A. Continual monitoring for anomalous activity
B. Detailed and extensive background checks
C. Hardened devices and systems, including servers, hosts, hypervisors and virtual machines
D. Regular and detailed configuration/change management activities
B. Detailed and extensive background checks
Explanation:
Background checks are controls for attenuating potential threats from internal actors; external threats arent likely to submit background check
All of the following are techniques to enhance the portability of cloud data in order to minimize the potential of vendor lock in except __________
A. Avoiding proprietary data formats
B. Using IRM and DLP solutions widely throughout the cloud operation
C. Ensuring there are no physical limitations to moving
D. Ensuring favorable contract terms to support portability
B. Using IRM and DLP solutions widely throughout the cloud operation
Explanation:
IRM and DLP are used for increased authentication/access control and egress monitoring respectively, and would actually decrease portability instead of enhancing it
Which of the following is a technique used to attenuate risks to the cloud environment, resulting in loss or theft of a device used for remote access?
A. Remote kill switch
B. Dual control
C. Muddling
D. Safe harbor
A. Remote kill switch
Explanation:
Dual control is not useful for remote access devices because we would have to assign two people for every device, which would decrease efficiency and productivity. Safe harbor is a policy provision that allows for compliance through an alternative method rather than the primary instruction
Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except _________
A. The cloud providers suppliers
B. The cloud providers vendors
C. The cloud providers utilities
D. The cloud providers resellers
D. The cloud providers resellers
Explanation:
The cloud providers resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer
When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is ________
A. Legal liability
B. Many stated have data breach notification laws
C. Breaches can cause the loss of proprietary data
D. Breaches can cause the loss of intellectual property
A. Legal liability
Explanation:
State notification laws and the loss of proprietary data/intellectual property preexisted the cloud; only the lack of ability to transfer liability is new
The cloud customer will have the most control of their data and systems and the cloud provider will have the least amount of responsibility in which cloud computing arrangement?
A. IaaS
B. PaaS
C. SaaS
D. Community Cloud
A. IaaS
Explanation:
IaaS entails the cloud customer installing and maintaining the OS, programs and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data
After a cloud migration, the BIA should be updated to include a review of the new risks and impacts associated with cloud operations; this review should include an analysis of the possibility of vendor lock in/lock out. Analysis of this risk may not have to be performed as a new effort because a lot of the material that would be included is already available from which of the following?
A. NIST
B. The cloud provider
C. The cost benefit analysis the organization conducted when deciding on cloud migration
D. Open source providers
C. The cost benefit analysis the organization conducted when deciding on cloud migration
Explanation:
NIST offers many informative guides and standards but nothing specific to any one organization. The cloud provider will not have prepared an analysis of lock out/lock in potential.
A poorly negotiated cloud service contract could result in all the following detrimental effects except _______
A. Vendor lock in
B. Malware
C. Unfavorable terms
D. Lack of necessary services
B. Malware
Explanation:
Malware risks and threats are not affected by the terms of the cloud contract
All of the following are cloud computing risks in a multitenant environment except ______
A. Risk of loss/disclosure due to legal seizures\
B. Information bleed
C. DDoS
D. Escalation of privilege
C. DDoS
Explanation:
DoS/DDoS threats and risks are not unique to the multitenant architecture
Countermeasures for protecting cloud operations against internal threats include all of the following except _____
A. Aggressive background checks
B. Hardened perimeter devices
C. Skills and knowledge testing
D. Extensive and comprehensive training programs, including initial, recurring and refresher sessions
B. Hardened perimeter devices
Explanation:
Hardened perimeter devices are more useful at attenuating the risk of external attack
Countermeasures for protecting cloud operations against internal threats include all of the following except ___________
A. Active physical surveillance and monitoring
B. Active electronic surveillance and monitoring
C. Redundant ISPs
D. Masking and obfuscation of data for all personnel without need to know for raw data
C. Redundant ISPs
Explanation:
ISP redundancy is a means to control the risk of externalities, not internal threats
Countermeasures for protecting cloud operations against internal threats at the providers data center include all of the following except ___________
A. Broad contractual protections to make sure the provider is ensuring an extreme level of trust in its own personnel
B. Financial penalties for the cloud provider in the event of negligence or malice on the part of its own personnel
C. DLP Solutions
D. Scalability
D. Scalability
Explanation:
Scalability is a feature of cloud computing, allowing users to dictate an increase or decrease in service as needed, not a means to counter internal threats
Countermeasures for protecting cloud operations against internal threats at the providers data center include all of the following except _______
A. Separation of duties
B. Least privilege
C. Conflict of interest
D. Mandatory vacations
C. Conflict of interest
Explanation:
Conflict of interest is a threat, not a control