TST Attempt 1 Flashcards
What does the acronym “SOC” refer to with audit reports?
A. Service Organization Control
B. System Organization Control
C.Service Origin Confidentiality
D.. System Organization Confidentiality
A. Service Organization Control
Explanation:
A is correct. SOC is an acronym for Service Organization Control.
Your company runs a media distribution site that offers users rich video content and audio files. It is used by a large international audience, and you want the delivery of your content to have the lowest possible latency for the customers. Which technology would you look to employ to solve this problem?
A. Broad network access
B. Edge computing
C. Resource pooling
D. Ephemeral computing
B. Edge computing
Explanation:
Edge computing is a computing paradigm that is based on putting the processing of data and computing resources as close to the source of that data as possible. The main purpose of edge computing is to reduce latency by removing the need for data and computing resources to be accessed over remote networks.
Which step in the cloud secure data lifecycle comes immediately after Create?
A. Use
B. Share
C.. Store
D. Secure
C.. Store
Explanation:
C is correct. With the Store step, data is placed into a storage system. This includes but is not limited to databases, files, and spreadsheets. This is typically done as part of creation or immediately thereafter. (The steps are as follows: Create, Store, Use, Share, Archive, and Destroy.)
What is the official term for the process of determining audit results that deviate from intended configurations and policies?
A. Findings
B. Gap analysis
C. Audit deficiency
D. Noncompliance
B. Gap analysis
Explanation:
B is correct. A gap analysis is performed to determine if the results found from information discovery and testing match with the configuration standards and policies. Any resulting deviation from them will be considered a finding and a gap between the desired state of a system or operations and the actual verified current state.
Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment and only for the duration in which they consume them?
A.. Metered service
B. Billable service
C. Consumable service
D. Measured service
D. Measured service
Explanation:
D is correct. With measured service, cloud services are delivered and billed in a metered way. The cloud customer only pays for those services they use and the duration of time in which they use them.
What feature of a SIEM solution can simplify an organization’s strategy for log retention compliance?
A. Alerting
B. Aggregation
C. Reporting
D. Dashboards
B. Aggregation
Explanation:
B is correct. Because a SIEM solution aggregates logs together from across the enterprise, an organization could implement log retention at the point of the SIEM solution and have a single source to retain and back up, versus each device or system having its own log retention strategies.
What does a cloud system use from a technical perspective to make decisions on the allocation of resources with shares?
A.Size of the customer
B. Cost of the resources
C. Prioritization weighting
D. Owner of the cloud provider
C. Prioritization weighting
Explanation:
C is correct. The cloud system will use a prioritization weighting defined by the cloud provider to determine the allocation of resources. The weighting can be determined by many different values and will often be reflected in the contract or SLA with the cloud customer, based on the needs and resources of the particular system.
What does the REST API use to protect data transmissions?
A. TLS
B.. NetBIOS
C.. Encapsulation
D. VPN
A. TLS
Explanation:
A is correct. REST uses Transport Layer Security (TLS) for communication over secured channels. Although REST also supports Secure Sockets Layer (SSL), at this point SSL has been phased out due to vulnerabilities and has been replaced by TLS.
Which European Union directive pertains to personal data privacy and an individual’s control over their personal data?
A. 95/46/EC
B. 2000/1/EC
C. 99/9/EC
D. 2013/27001/EC
A. 95/46/EC
Explanation:
A is correct. Directive 95/46/EC is titled “On the protection of individuals with regard to the processing of personal data and on the free movement of such data.”
When is a virtual machine susceptible to attacks but a physical server in the same state would not be?
A. When it is powered off
B. When it is not patched
C. When it is behind an IPS
D. When it is behind a WAF
A. When it is powered off
Explanation:
A is correct. A virtual machine is ultimately an image file residing in a file system. Because of this, even when a virtual machine is “powered off,” it is still susceptible to attacks and modification. A physical server that is powered off would not be susceptible to attacks.
Which ITIL component is focused on maintaining detailed information about all components and services within an organization?
A. Change management
B. Configuration management
C.. Deployment management
D. Release management
B. Configuration management
Explanation:
B is correct. Configuration management tracks and maintains detailed information about any IT components within the organization. It encompasses all physical and virtual systems, and it includes hosts, servers, appliances, and devices. It also includes all details about each of these components, such as settings, installed software, and version and patch levels.
What is a major challenge with forensic data collection within a cloud environment?
A. Size of data
B. Classification of data
C. Ownership of data
D. Format of data
C. Ownership of data
Explanation:
C is correct. Within a cloud environment, the ownership of data is a major concern when it comes to forensic collection. Depending on the cloud service model, the cloud customer will have varying degrees of ownership over data and access to it.
Which type of cloud model typically presents the most challenges to a cloud provider during the Destroy phase of the cloud data lifecycle?
A. IaaS
B. DaaS
C. PaaS
D. SaaS
D. SaaS
Explanation
D is correct. With many SaaS implementations, data is not isolated to a particular customer but rather is part of the overall application. When it comes to data destruction, a particular challenge is ensuring that all of a customer’s data is completely destroyed while not impacting the data of other customers.`
Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?
A. Security misconfiguration
B. Insecure direct object references
C. Sensitive data exposure
D. Unvalidated redirects and forwards
C. Sensitive data exposure
Explanation:
C is correct. Sensitive data exposure occurs when information is not properly secured through encryption and secure transport mechanisms; it can quickly become an easy and broad method for attackers to compromise information. Web applications must enforce strong encryption and security controls on the application side as well as require secure methods of communication with browsers or other clients used to access information.
What type of masking strategy involves replacing data on a system while it passes between the data and application layers?
A. Static
B. Replication
C. Duplication
D. Dynamic
D. Dynamic
Explanation:
D is correct. With dynamic masking, production environments are protected with the masking process being implemented between the application and data layers of the application. This allows for a masking translation to take place live in the system and during normal application processing of data.
Which type of common threat involves an organization not taking proper precautions or planning to mitigate threats to its system or applications?
A. Insufficient due diligence
B. System vulnerability
C. Insider threat
D. Account hijacking
A. Insufficient due diligence
Explanation:
A is correct. Insufficient due diligence occurs when an organization does not properly plan its systems or applications with an awareness of the threats that face them. Without proper and thorough evaluation of its systems, designs, and controls, an organization may unintentionally expose itself to more security risks and vulnerabilities by moving to a cloud environment.
What are the four approaches to responding to risk?
A. Accept, avoid, transfer, mitigate
B. Accept, dismiss, transfer, mitigate
C. Accept, deny, mitigate, revise
D. Accept, deny, transfer, mitigate
A. Accept, avoid, transfer, mitigate
Explanation:
A is correct. The four approaches to responding to risk are to accept the risk, avoid the risk through changes in policies or access, transfer the risk through insurance, and mitigate the risk through configuration changes or coding changes.
What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?
A. Honeypot
B. WAF
C. Proxy
D. Bastion
D. Bastion
Explanation:
D is correct. A bastion host is a server that is fully exposed to the public Internet, but is extremely hardened to prevent attacks and is usually dedicated for a specific application or usage; it is not something that will serve multiple purposes. This singular focus allows for much more stringent security hardening and monitoring.
What concept does the “T” represent in the STRIDE threat model?
A. TLS
B. Transport
C. Tampering with data
D. Testing
C. Tampering with data
Explanation:
C is correct. Any application that sends data to the user will face the potential that the user could manipulate or alter the data, whether it resides in cookies, GET or POST commands, or headers or manipulates client-side validations. If the user receives data from the application, it is crucial that the application validate and verify any data received back from the user.
Which ITIL component is focused on ensuring that changes made to a production environment are properly executed and validated?
A. Change management
B. Configuration management
C. Deployment management
D. Release management
C. Deployment management
Explanation:
C is correct. Deployment management involves the planning, coordinating, executing, and validating of changes and rollouts to the production environment. The main focus is on properly mapping out all steps required for a release and properly configuring and loading it. This typically involves coordination between the business owner, developers, implementation team, and those that will validate and test the release after implementation.
When can risk be fully mitigated?
A. With risk transference
B. Never
C. With risk avoidance
D. When using a private cloud
B. Never
Explanation:
B is correct. No matter what types of controls, configurations, or certifications are used, risk can never be fully mitigated.
When long-term storage is used to save costs, which of the following is the most iimportant consideration in the selection of an appropriate storage tier?
A. Redundancy
B. Access time
C. Backups
D. Volume size
B. Access time
Explanation:
B is correct. With long-term storage, to realize the most cost savings, the most important concept to consider is the time required to access data. Cloud providers offer storage tiers that are much cheaper than production storage and are largely based on how much time is mandatory for data access to be granted. The longer a customer can allow for data to be accessed, the greater the cost savings.
Which of the following technologies is used to monitor network traffic and notify if any potential threats or attacks are noticed?
A. IDS
B. IPS
C. Firewall
D. WAF
A. IDS
Explanation:
A is correct. An intrusion detection system (IDS) is designed to analyze network packets, compare their contents or characteristics against a set of configurations or signatures, and alert personnel if anything is detected that could constitute a threat or is otherwise designated for alerting.
Which of the following represents a control on the maximum amount of resources a single customer, virtual machine, or application can consume within a cloud environment?
A. Reservation
B. Limit
C. Share
D. Provision
B. Limit
Explanation
B is correct. Limits are put in place to enforce a maximum on the amount of memory or processing a cloud customer can use. This can be done either on a virtual machine or as a comprehensive whole for a customer; it is meant to ensure that enormous cloud resources cannot be allocated or consumed by a single host or customer to the detriment of other hosts and customers.
Which of the following is not a type of artificial intelligence as it pertains to cloud-computing?
A. Analytical
B. Human-inspired
C. Regression-adaptive
D. Humanized
C. Regression-adaptive
Explanation:
C is correct. The types of AI that are utilized within a cloud-computing environment are analytical, human-inspired, and humanized.
Which of the following storage types is most closely associated with a database-type storage implementation?
A. Structured
B. Unstructured
C. Object
D. Volume
A. Structured
Explanation:
A is correct. Structured storage involves organized and categorized data, which most closely resembles a database system and operates like it would.
Which concept BEST describes the capability for a cloud environment to automatically scale a system or application based on its current resource demands?
A. Rapid elasticity
B. Measured service
C. On-demand self-service
D. Resource pooling
A. Rapid elasticity
Explanation:
A is correct. Rapid elasticity allows a cloud environment to automatically add or remove resources to or from a system or application based on its current demands. Whereas a traditional data center model would require standby hardware and substantial effort to add resources in response to load increases, a cloud environment can easily and rapidly expand to meet resource demands, so long as the application is properly implemented for it.
When establishing a baseline, what should you do immediately after a fresh operating system install?
A. Apply patching.
B. Remove unnecessary software.
C. Apply configurations.
D. Create documentation.
B. Remove unnecessary software.
Explanation:
B is correct. After the initial install, all unnecessary software, utilities, and plug-ins should be removed, and all services that are nonessential should be stopped, disabled, or removed.
What is a serious complication an organization faces from the perspective of compliance with international operations?
A. Multiple jurisdictions
B. Different certifications
C. Different capabilities
D. Different operational procedures
A. Multiple jurisdictions
Explanation:
A is correct. When operating within a global framework, a security professional runs into a multitude of jurisdictions and requirements, and many times they might be in contention with one other or not clearly applicable. These requirements can include the location of the users and the type of data they enter into systems, the laws governing the organization that owns the application and any regulatory requirements they may have, as well as the appropriate laws and regulations for the jurisdiction housing the IT resources and where the data is actually stored, which might be multiple jurisdictions as well.
From a storage perspective, what is the partition allocated to a virtual machine for volume storage referred to as?
A. LAN
B. Partition
C. LUN
D. HDD
C. LUN
Explanation:
C is correct. A logical unit number (LUN) is a slice of storage that is allocated and assigned to a virtual machine as a volume and can then be used with volume storage as a typical drive.
Which United States law is focused on PII as it relates to the financial industry?
A. GLBA
B. HIPAA
C. Safe Harbor
D. SOX
A. GLBA
Explanation:
A is correct. The GLBA, as it is commonly called based on the lead sponsors and authors of the act, is officially known as “The Financial Modernization Act of 1999.” It is specifically focused on PII as it relates to financial institutions. There are three specific components of it, covering various areas and use, on top of a general requirement that all financial institutions must provide all users and customers with a written copy of their privacy policies and practices, including with whom and for what reasons their information may be shared with other entities.
Which value refers to the percentage of production-level restoration needed to meet BCDR objectives?
A. RPO
B. RSL
C. RTO
D. SRE
B. RSL
Explanation:
B is correct. The recovery service level (RSL) is a percentage measure of the total typical production service level that needs to be restored to meet BCDR objectives in the case of a failure.
Which of the following roles involves the provisioning and delivery of cloud services?
A. Cloud service manager
B. Cloud service business manager
C. Cloud service operations manager
D. Cloud service deployment manager
A. Cloud service manager
Explanation:
A is correct. The cloud service manager is responsible for the delivery of cloud services, the provisioning of cloud services, and the overall management of cloud services.
Which ITIL component is focused on proactively putting processes in place to prevent disruptions from ever happening?
A. Incident management
B. Problem management
C. Information security management
D. Availability management
B. Problem management
Explanation:
B is correct. The focus of problem management is to analyze and identify potential issues and to put processes and mitigations in place to prevent predictable problems from ever occurring in the first place.
Which emerging type of encryption aims to allow the manipulation of data without the need to unencrypt it first?
A. Elliptic curve
B. Homomorphic
C. Dynamic
D. Transparent
B. Homomorphic
Explanation:
B is correct. Although still in the early stages of development, homomorphic encryption aims to allow the manipulation of data without the need to decrypt it first.
What is the best source for information about securing a physical asset’s BIOS?
A. Regulations
B. Manual pages
C. Vendor documentation
D. Security policies
C. Vendor documentation
Explanation:
C is correct. Vendor documentation from the manufacturer of the physical hardware is the best source of best practices for securing the BIOS.
Which of the following is not a component covered by the GDPR?
A. Requested removal of data
B. Disclosure
C. Location of data
D. Notification for data breaches
C. Location of data
Explanation:
C is correct. The GDPR pertains to the countries and jurisdictions that are included under the European Union and the European Economic Areas. It covers all data that is created, processed, or stored that pertains to its covered entities. However, the location of the data is not relevant, and the rules are binding regardless of it.
Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?
A. RPO
B. RSL
C. RTO
D. SRE
A. RPO
Explanation:
A is correct. The recovery point objective (RPO) is defined as the amount of data a company would need to maintain and recover in order to function at a level acceptable to management. This may or may not be a restoration to full operating capacity, depending on what management deems as crucial and essential.
Which European Union directive pertains to personal data privacy and an individual’s control over their personal data?
A. 95/46/EC
B. 2000/1/EC
C. 99/9/EC
D. 2013/27001/EC
A. 95/46/EC
Explanation:
A is correct. Directive 95/46/EC is titled “On the protection of individuals with regard to the processing of personal data and on the free movement of such data.”
Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?
A. Read
B. Delete
C. Print
D. Modify
C. Print
Explanation:
C is correct. IRM allows an organization to control who can print a set of information. This is not possible under traditional file system controls, where if a user can read a file, they are able to print it as well.
What is the concept of segregating information or processes, within the same system or application, for security reasons?
A. Cellblocking
B. Sandboxing
C. Pooling
D. Fencing
B. Sandboxing
Explanation:
B is correct. Sandboxing involves segregating and isolating information or processes from others within the same system or application, typically for security concerns. Sandboxing is generally used for data isolation (for example, keeping data from different communities and populations of users isolated from other similar data).
Which of the following is not a function performed by the record protocol of TLS?
A. Compression
B. Authentication
C. Encryption
D. Acceleration
D. Acceleration
Explanation:
D is correct. The record protocol of TLS performs the authentication and encryption of data packets, and in some cases compression as well. It does not perform any acceleration functions.
Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?
A. Platform
B. Desktop
C. Infrastructure
D. Software
D. Software
Explanation:
D is correct. The software service capability gives the cloud customer a fully established application, where only minimal user configuration options are allowed.
Which of the following roles involves testing, monitoring, and securing cloud services for an organization?
A. Cloud service administrator
B. Cloud service user
C. Cloud service integrator
D. Cloud service business manager
A. Cloud service administrator
Explanation:
A is correct. The cloud service administrator is responsible for testing and monitoring cloud services, administering security for services, providing usage reports on cloud services, and addressing problem reports.
Which of the following would not be a reason to activate a BCDR strategy?
A. Staffing loss
B. Natural disaster
C. Terrorism attack
D. Utility disruptions
A. Staffing loss
Explanation:
A is correct. The loss of staffing would not be a reason to declare a BCDR situation because it does not impact production operations or equipment. Also, the same staff would be needed for a BCDR situation.
Which of the following is not a domain of the Cloud Controls Matrix (CCM)?
A. Data center security
B. Budgetary and cost control
C. Mobile security
D. Human resources
B. Budgetary and cost control
Explanation:
B is correct. Budgetary and cost controls is not one of the domains outlined in the CCM.
Which type of hypervisor runs directly on the underlying hardware and is coupled tightly with it?
A. Type 2 hypervisor
B. Bare-metal hypervisor
C. Hardware hypervisor
D. Type 1 hypervisor
D. Type 1 hypervisor
Explanation:
D is correct. Being tied to the underlying hardware and hosting virtual machines on top of it, a Type 1 hypervisor operates as the sole layer between the hardware (bare metal) and host (virtual servers) layer.
Which of the following would be a reason to undertake a BCDR test?
A. Change in regulations
B. Change in staff
C. Functional change of the application
D. User interface overhaul of the application
C. Functional change of the application
Explanation:
C is correct. Any time a major functional change of an application occurs, a new BCDR test should be done to ensure the overall strategy and process are still applicable and appropriate.
Which of the following roles involves the connection and integration of existing systems and services to a cloud environment?
A. Cloud service administrator
B. Cloud service user
C. Cloud service integrator
D. Cloud service business manager
C. Cloud service integrator
Explanation:
C is correct. The cloud service integrator is the official role that involves connecting and integrating existing systems and services with a cloud environment. This may involve either moving services into a cloud environment or connecting to external cloud services and capabilities from traditional data center–hosted services.
Which of the following concepts is a primary determinant in regard to the storage costs incurred by a cloud customer?
A. Data replication
B. Data preservation
C. Data distribution
D. Data dispersion
D. Data dispersion
Explanation:
D is correct. Data dispersion pertains to how data is located and stored within a cloud environment, including how many copies are maintained, how geographically diverse they are in their location, and how redundant and available they are. The greater the degree of data dispersion, the higher the storage costs will be.
When an organization uses a cloud provider for BCDR, where services are only enabled if needed in the event of an incident, which would be the most important consideration while bringing up services?
A. Broad network access
B. Resource pooling
C. Measured service
D. Rapid elasticity
D. Rapid elasticity
Explanation:
D is correct. In the event of a BCDR situation, rapid elasticity is crucial so that the cloud customer can expand and bring on services in a quick and efficient manner.
Which of the following is not one of five principles of SOC Type 2 audits?
A. Security
B. Processing integrity
C. Privacy
D. Financial
D. Financial
Explanation:
D is correct. The SOC Type 2 audits include five principles: security, privacy, processing integrity, availability, and confidentiality.
Which of the following is not a function performed by an SIEM solution?
A. Searching
B. Alerting
C. Tracking
D. Reporting
C. Tracking
Explanation:
C is correct. An SIEM solution performs the searching, alerting, and reporting of events from the data it has indexed, but not the tracking.
What is a standard configuration and policy set that is applied to systems and virtual machines called?
A. Baseline
B. Redline
C. Hardening
D. Standardization
A. Baseline
Explanation:
A is correct. The most common and efficient manner of securing operating systems is through the use of baselines. A baseline is a standardized and understood set of base configurations and settings. When a new system is built or a new virtual machine is established, baselines will be applied to a new image to ensure the base configuration meets organizational policy and regulatory requirements.
The WS-Security standards are built around all of the following standards except which one?
A. WDSL
B. SAML
C. XML
D. SOAP
B. SAML
Explanation:
B is correct. The WS-Security specifications, as well as the WS-Federation system, are built on XML, WDSL, and SOAP, but not SAML.
What are the two protocols TLS uses?
A. Handshake and record
B. Handshake and transport
C. Transport and initiate
D. Record and transmit
A. Handshake and record
Explanation:
A is correct. Transport Layer Security (TLS) uses the handshake protocol to establish and negotiate the TLS connection, and it uses the record protocol for the secure transmission of data.
Which format is the most commonly used standard for exchanging information within a federated identity system?
A. SAML
B. XML
C. JSON
D. HTML
A. SAML
Explanation:
A is correct. Security Assertion Markup Language (SAML) is the most common data format for information exchange within a federated identity system.
Which of the following roles is responsible for gathering metrics on cloud services and managing cloud deployments and the deployment processes?
A. Cloud service manager
B. Cloud service business manager
C. Cloud service operations manager
D. Cloud service deployment manager
D. Cloud service deployment manager
Explanation:
D is correct. The cloud service deployment manager is responsible for gathering metrics on cloud services, managing cloud deployments and the deployment process, and defining the environments and processes.
Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?
A. One month
B. One year
C. Six months
D. One week
C. Six months
Explanation:
C is correct. SOC Type 2 reports are focused on the same policies and procedures, as well as their effectiveness, as SOC Type 1 reports, but they are evaluated over a period of at least six consecutive months rather than a finite point in time.
Which concept refers to the ability to confirm the origin or authenticity of data?
A. Repudiation
B. Nonrepudiation
C. Authentication
D. Validation
B. Nonrepudiation
Explanation:
B is correct. Nonrepudiation is the ability to confirm the origin or authenticity of data to a high degree of certainty. This typically is done through digital signatures and hashing to ensure that data has not been modified from its original form.
Which of the following roles is responsible for preparing systems for the cloud, administering and monitoring services, and managing inventory and assets?
A. Cloud service manager
B. Cloud service business manager
C. Cloud service operations manager
D. Cloud service deployment manager
C. Cloud service operations manager
Explanation:
C is correct. The cloud service operations manager is responsible for preparing systems for the cloud, administering and monitoring services, providing audit data as requested or required, and managing inventory and assets.
Which aspect of security is DNSSEC designed to ensure?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
B. Integrity
Explanation:
B is correct. DNSSEC is a security extension to the regular DNS protocol and services that allows for the validation of the integrity of DNS lookups. It does not address confidentiality or availability at all. It allows for a DNS client to perform DNS lookups and validate both their origin and authority via the cryptographic signature that accompanies the DNS response.
What is an often-overlooked concept that is essential to protecting the confidentiality of data?
A. Security controls
B. Policies
C. Strong passwords
D. Training
D. Training
Explanation:
D is correct. While the main focus of confidentiality revolves around technological requirements or particular security methods, an important and often overlooked aspect of safeguarding data confidentiality is appropriate and comprehensive training for those with access to it. Training should be focused on the safe handling of sensitive information overall, including best practices for network activities as well as physical security of the devices or workstations used to access the application.
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?
A. Infrastructure B. Application
C. Governance
D. Platform
Hashing can be applied to virtually any type of data or object. Which of the following is an essential facet of hashing?
A. Fixed size
B. Multivalued
C. Encrypted
D. Reversibility
A. Fixed size
Explanation:
A is correct. Hashing involves taking data of arbitrary type, length, or size and using a function to map a value that is of a fixed size. Hashing can be applied to virtually any type of data object—text strings, documents, images, binary data, and even virtual machine images.
Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?
A. A Type 2 hypervisor is always exposed to the public Internet for federated identity access.
B. A Type 2 hypervisor allows users to directly perform some functions with their own access.
C. A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.
D. A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.
C. A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.
Explanation:
C is correct. A Type 2 hypervisor differs from a Type 1 hypervisor in that it runs on top of another operating system rather than being directly tied into the underlying hardware of the virtual host servers. With this type of implementation, additional security and architecture concerns come into play because the interaction between the operating system and the hypervisor becomes a critical link. The hypervisor no longer has direct interaction and control over the underlying hardware, which means that some performance will be lost due to the operating system in the middle needing its own resources, patching requirements, and operational oversight.
Which of the following is not a key area for performance monitoring as far as an SLA is concerned?
A. Users
B. Memory
C. CPU
D. Network
A. Users
Explanation:
A is correct. An SLA requires performance monitoring of CPU, memory, storage, and networking. The number of users active on a system would not be part of an SLA specifically, other than in regard to the impact on the other four variables.
What is the biggest negative to leasing space in a data center versus building or maintaining your own?
A. Control
B. Costs
C. Certification
D. Regulation
A. Control
Explanation:
A is correct. When leasing space in a data center, an organization will give up a large degree of control as to how it is built and maintained and instead must conform to the policies and procedures of the owners and operators of the data center.
Which of the following is not one of the five key principles of the ISO/IEC 27018 standards on privacy with cloud computing?
A. Consent
B. Internal audit
C. Control
D. Transparency
B. Internal audit
Explanation:
B is correct. As with almost all certifications and standards, ISO/IEC 27018 requires audits to be performed by external and independent auditors.
Which approach is typically the most efficient method to use for data discovery?
A. Labels
B. Metadata
C. Content analysis
D. ACLs
B. Metadata
Explanation:
B is correct. Metadata is data about data. It contains information about the type of data, how it is stored and organized, or information about its creation and use.
Which ITIL component is focused on ensuring that changes made to a production environment are properly executed and validated?
A. Change management
B. Configuration management
C. Deployment management
D. Release management
C. Deployment management
Explanation:
C is correct. Deployment management involves the planning, coordinating, executing, and validating of changes and rollouts to the production environment. The main focus is on properly mapping out all steps required for a release and properly configuring and loading it. This typically involves coordination between the business owner, developers, implementation team, and those that will validate and test the release after implementation.
With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?
A. Filtering
B. Routing
C. Firewalling
D. Session
A. Filtering
Explanation:
A is correct. With software-defined networking (SDN), the filtering of network traffic is separated from the forwarding of network traffic so that it can be independently administered.
What type of network model combines the storage and IP-based traffic into a single virtualized design?
A. Converged
B. Concurrent
C. Combined
D. Cooperative
A. Converged
Explanation
A is correct. The converged networking model combines the storage and data/IP networks into one virtualized design and is intended for use with cloud environments.
What does the management plane typically utilize to perform administrative functions on the hypervisors to which it has access?
A. APIs
B. Scripts
C. XML
D. RDP
A. APIs
Explanation:
A is correct. The functions of the management plane are typically exposed as a series of remote calls and function executions and as a set of APIs. These APIs are typically leveraged through either a client or a web portal, with the latter being the most common.
From a security perspective, what must be defined for an audit before any testing or collection is performed?
A. Classification
B. Reports
C. Audience for reports
D. Debriefing schedule
A. Classification
Explanation:
A is correct. For any system, especially one that contains personal and sensitive information, the classification of the audit must be stated and understood before any testing or data collection is performed.
Which of the following does not fall under the “IT” aspect of quality of service (QoS)?
A. Key performance indicators (KPIs)
B. Services
C. Security
D. Applications
A. Key performance indicators (KPIs)
Explanation:
A is correct. KPIs fall under the “business” aspect of QoS, along with monitoring and measuring of events and business processes.
Which type of common threat involves leveraging access to an environment to snoop on other systems within it?
A. Insufficient due diligence
B. System vulnerability
C. Insider threat
D. Account hijacking
D. Account hijacking
Explanation:
Which crucial aspect of cloud computing can be most threatened by insecure APIs?
A. Automation
B. Resource pooling
C. Elasticity
D. Redundancy
A. Automation
Explanation:
A is correct. Cloud environments depend heavily on API calls for management and automation. Any vulnerability with the APIs can cause significant risk and exposure to all tenants of the cloud environment.
Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?
A. Interoperability
B. P ortability
C.Reversibility
D. Availability
C.Reversibility
Explanation:
C is correct. Reversibility is the ability for a cloud customer to easily remove their applications or data from a cloud environment as well as to ensure that all traces of their applications or data have been securely removed per a predefined agreement with the cloud provider.
Which of the following technologies is used to monitor network traffic and block any potential threats or attacks that match defined signatures and policies?
A. IDS
B. IPS
C. Firewall
D. WAF
B. IPS
Explanation:
B is correct. An intrusion prevention system (IPS) works in much the same way as an IDS, with the major difference being the reactive nature of an IPS. It can immediately and automatically stop and prevent attacks as they occur, rather than sitting passively and just alerting personnel of possible issues.
Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hypervisor?
A. A Type 1 hypervisor only hosts virtual machines with the same operating systems as the hypervisor.
B. A Type 1 hypervisor is tied directly to the bare metal and only runs with code necessary to perform its specific mission.
C. A Type 1 hypervisor also controls patching of its hosted virtual machines to ensure they are always secure.
D. A Type 1 hypervisor performs hardware-level encryption for tighter security and efficiency.
B. A Type 1 hypervisor is tied directly to the bare metal and only runs with code necessary to perform its specific mission.
Explanation:
B is correct. Type 1 hypervisors run directly on top of the bare metal and only contain the code and functions required to perform their purpose. They do not rely on any other systems or contain extra features to secure.
Which of the following is not part of a retention policy?
A. Format
B. Duration
C. Accessibility
D. Costs
D. Costs
Explanation:
D is correct. The data retention policy covers the duration, format, technologies, protection, and accessibility of archives but does not address the specific costs of its implementation and maintenance.
What changes are necessary to application code in order to implement DNSSEC?
A. Adding encryption modules.
B. Implementing certificate validations.
C. Additional DNS lookups.
D. No changes are needed.
D. No changes are needed.
Explanation:
D is correct. To implement DNSSEC, no additional changes are needed to applications or their code because the integrity checks are all performed at the system level.
What provides the information to an application to make decisions about the authorization level appropriate when granting access?
A. User
B. Identity provider
C. Relying party
D. Federation
B. Identity provider
Explanation:
B is correct. Upon successful user authentication, the identity provider gives information about the user to the relying party that it needs to make authorization decisions for granting access as well as the level of access needed.
What type of security threat is DNSSEC designed to prevent?
A. Spoofing
B. Sn ooping
C.Injection
D. Account hijacking
A. Spoofing
Explanation:
A is correct. DNSSEC is designed to prevent the spoofing and redirection of DNS resolutions to rogue sites.
How is an object stored within an object storage system?
A. Key value
B. Tree structure
C. Database
D. LDAP
A. Key value
Explanation:
A is correct. Object storage uses a flat structure with key values to store and access objects.
What feature of a SIEM solution can simplify an organization’s strategy for log retention compliance?
A. Alerting
B. Aggregation
C. Reporting
D. Dashboards
B. Aggregation
Explanation:
B is correct. Because a SIEM solution aggregates logs together from across the enterprise, an organization could implement log retention at the point of the SIEM solution and have a single source to retain and back up, versus each device or system having its own log retention strategies.
Which of the following roles is responsible for peering with other cloud services and providers?
A.Cloud service developer
B. Inter-cloud provider
C. Cloud auditor
D. Cloud service broker
B. Inter-cloud provider
Explanation:
B is correct. The inter-cloud provider is responsible for peering with other cloud services and providers as well as for overseeing and managing federations and federated services.
Which international standard is specifically for privacy involving cloud computing?
A. ISO/IEC 27001
B. ISO/IEC 18779
C. ISO/IEC 27018
D. ISO/IEC 31000
C. ISO/IEC 27018
Explanation:
C is correct. ISO/IEC 27018 is an international standard for privacy involving cloud computing. It was first published in 2014 and is part of the ISO/IEC 27001 standards, and it is a certification that cloud providers can adhere to.
Which of the following pertains to fire safety standards within data centers and their enormous electrical consumption?
A. IDCA
B. BICSI
C. NFPA
D. Uptime Institute
C. NFPA
Explanation:
C is correct. The standards put out by the National Fire Protection Association (NFPA) cover general fire protection best practices for any type of facility. The NFPA also puts out specific publications pertaining to IT equipment and data centers.
Which of the following would not be a potential impact of changing the location of services during a BCDR incident?
A. Network latency
B. Regulations
C. Authentication methods
D. Administrative access
C. Authentication methods
Explanation;
C is correct. A change in location due to a BCDR situation should not have any impact on authentication systems and how they operate.
One of the requirements from management for an application you are developing in-house is that any feature changes and bug fixes need to be developed and deployed quickly. Which model of software development would you pick to meet this requirement?
A. Waterfall
B. Iterative
C. Agile
D. Regressive
C. Agile
Explanation:
C is correct. Agile software development works in a continual series of “sprints” that enable new features and bug fixes to be more quickly integrated into production versus the traditional waterfall method of development.
What is the minimum regularity for testing a BCDR plan to meet best practices?
A. Once a month
B. Every six months
C. Once a year
D. When the budget allows it
C. Once a year
Explanation:
C is correct. Best practices and industry standards dictate that a BCDR solution should be tested at least once a year, though specific regulatory requirements may dictate more regular testing. The BCDR plan should also be tested whenever a major modification to a system occurs.
Which of the cloud cross-cutting aspects relates to the oversight of processes and systems as well as to ensuring their compliance with specific policies and regulations?
A. Auditability
B. Governance
C. Regulatory requirements
D. Service level agreements
A. Auditability
Explanation:
A is correct. Auditing involves reports and evidence that show user activity, compliance with controls and regulations, the systems and processes that run and what they do, as well as information and data access and modification records. A cloud environment adds additional complexity to traditional audits because the cloud customer will not have the same level of access to systems and data as they would in a traditional data center.
Which serverless technology allows users to upload code and data sets and have operations and processing automatically performed in a fully managed environment?
A. Data flows
B. Data dispersion
C. Data warehousing
D. Data pipelines
A. Data flows
Explanation:
A is correct. Data flows are serverless data processing services managed through cloud providers. They typically can support a variety of different frameworks for data pipelines and are designed to allow a customer to upload their pipeline code, along with data sets, and have the operations performed.
Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it?
A. Private
B. Public
C. Hybrid
D. Community
D. Community
Explanation:
D is correct. A community cloud model is where customers that share a certain common bond or group membership come together to offer cloud services to their members, focused on common goals and interests.
Which of the following is the optimal temperature for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?
A. 51.8–66.2°F (11–19°C)
B. 44.6–60.8°F (7–16°C)
C. 64.4–80.6°F (18–27°C)
D. 69.8–86.0°F (21–30°C)
C. 64.4–80.6°F (18–27°C)
Explanation
C is correct. The guidelines from ASHRAE establish 64.4–80.6°F (18–27°C) as the optimal temperature for a data center.
Which protocol does the REST API depend on?
A. XML
B. SAML
C. SAML
D. HTTP
D. HTTP
Explanation:
D is correct. REST is a software architectural scheme that applies the components, connectors, and data conduits for many web applications used on the Internet. It uses and relies on the Hypertext Transfer Protocol (HTTP) and supports a variety of data formats.
How many additional DNS queries are needed when DNSSEC integrity checks are added?
A. One
B. Zero
C. Two
D. Three
B. Zero
Explanation:
B is correct. DNSSEC does not require any additional DNS queries to be performed. The DNSSEC integrity checks and validations are all performed as part of the single DNS lookup resolution.
Which technology is not commonly used for security with data in transit?
A. IPSec
B. HTTPS
C. VPN
D. DNSSEC
D. DNSSEC
Explanation:
D is correct. DNSSEC relates to the integrity of DNS resolutions and the prevention of spoofing or redirection; it does not pertain to the actual security of transmissions or the protection of data.
Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?
A. 40–60 percent relative humidity
B. 30–50 percent relative humidity
C. 50–75 percent relative humidity
D. 20–40 percent relative humidity
A. 40–60 percent relative humidity
Explanation:
A is correct. The guidelines from ASHRAE establish 40–60 percent relative humidity as optimal for a data center.
Which certification and standard is published by the United States federal government and pertains to information security requirements for federal agencies and government contractors?
A. ISO/IEC 27001
B. NIST SP 800-53
C. PCI DSS
D. FIPS 140-2
B. NIST SP 800-53
Explanation:
B is correct. The National Institute of Standards and Technology (NIST), as part of the United States government, puts out security standards for systems that are used by the federal government and its contractors, specifically for systems that are not classified under national security. Although the public SP 800-53 is targeted exclusively at those doing business with U.S. federal government agencies, it provides a strong security baseline or certification that has value for private corporations as well.
Which United States law is focused on PII as it relates to the financial industry?
A. GLBA
B. HIPAA
C. Safe Harbor
D. SOX
A. GLBA
Explanation:
A is correct. The GLBA, as it is commonly called based on the lead sponsors and authors of the act, is officially known as “The Financial Modernization Act of 1999.” It is specifically focused on PII as it relates to financial institutions. There are three specific components of it, covering various areas and use, on top of a general requirement that all financial institutions must provide all users and customers with a written copy of their privacy policies and practices, including with whom and for what reasons their information may be shared with other entities.
Which of the following free tools from VMware can be used for patch management on both hosts and virtual machines?
A. vSphere Patch Manager
B. vSphere Patch Update utility
C. vSphere Update Service
D. vSphere Update Manager
D. vSphere Update Manager
Explanation:
D is correct. The vSphere Update Manager (VUM) is provided by VMware to handle patching for both vSphere hosts and the virtual machines running under them.
Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?
A. Private
B. Public
C. Hybrid
D. Community
B. Public
Explanation:
B is correct. Because the public cloud model is available to everyone, in most instances all a customer will need to do to gain access is set up an account and provide a credit card number through the service’s web portal. No additional contract negotiations, agreements, or specific group memberships are typically needed to get started.
Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?
A. Security misconfiguration
B. Insecure direct object references
C. Sensitive data exposure
D. Unvalidated redirects and forwards
D. Unvalidated redirects and forwards
Explanation:
D is correct. Many web applications offer redirect or forward pages that send users to different, external sites. If these pages are not properly secured and validated, attackers can use the application to forward users to sites for phishing or malware attempts. These attempts can often be more successful than direct phishing attempts because users trust the site or application that sent them there and assume it has been properly validated and approved by the trusted application’s owners or operators.
Which of the following is not one of the three methods of data discovery?
A. Metadata
B. Labels
C. Content analysis
D. Heuristics
D. Heuristics
Explanation:
D is correct. The three methods of data discovery are metadata, labels, and content analysis.
What is the best approach for dealing with services or utilities that are installed on a system but not needed to perform their desired function?
A. Monitor
B. Disable
C. Stop
D. Remove
D. Remove
Explanation:
D is correct. The best practice is to totally remove any unneeded services and utilities on a system to prevent any chance of compromise or use. If they are just disabled, it is possible for them to be inadvertently started again at any point, or another exploit could be used to start them again. Removing also negates the need to patch and maintain them going forward.
Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?
A. Auditability
B. Governance
C. Regulatory requirements
D. Service level agreements
B. Governance
Explanation:
B is correct. Governance, at its core, is the idea of assigning jobs, tasks, roles, and responsibilities and ensuring they are satisfactory performed.
From a security perspective, what advantage does a network-based IDS have over a host-based IDS?
A. System load
B. Dedicated appliance
C. Separately maintained from the host
D. Removed from patching cycles
C. Separately maintained from the host
Explanation:
C is correct. A network-based IDS is separately maintained and secured away from the host. With this configuration, if the host is compromised, the IDS cannot be disabled via the compromised access, and monitoring will still function.
Which of the following will have the biggest impact on the availability of logs within a cloud environment?
A. Cloud deployment model
B.Cloud service model
C. Cloud service category
D. Cloud cross-cutting aspect
B.Cloud service model
Explanation:
B is correct. Whether the cloud service model is IaaS, PaaS, or SaaS will have a big impact on the amount and types of logs generally available to the cloud customer. Anything beyond those available will need to be part of the contract between the cloud provider and cloud customer.
