TST Attempt 1 Flashcards
What does the acronym “SOC” refer to with audit reports?
A. Service Organization Control
B. System Organization Control
C.Service Origin Confidentiality
D.. System Organization Confidentiality
A. Service Organization Control
Explanation:
A is correct. SOC is an acronym for Service Organization Control.
Your company runs a media distribution site that offers users rich video content and audio files. It is used by a large international audience, and you want the delivery of your content to have the lowest possible latency for the customers. Which technology would you look to employ to solve this problem?
A. Broad network access
B. Edge computing
C. Resource pooling
D. Ephemeral computing
B. Edge computing
Explanation:
Edge computing is a computing paradigm that is based on putting the processing of data and computing resources as close to the source of that data as possible. The main purpose of edge computing is to reduce latency by removing the need for data and computing resources to be accessed over remote networks.
Which step in the cloud secure data lifecycle comes immediately after Create?
A. Use
B. Share
C.. Store
D. Secure
C.. Store
Explanation:
C is correct. With the Store step, data is placed into a storage system. This includes but is not limited to databases, files, and spreadsheets. This is typically done as part of creation or immediately thereafter. (The steps are as follows: Create, Store, Use, Share, Archive, and Destroy.)
What is the official term for the process of determining audit results that deviate from intended configurations and policies?
A. Findings
B. Gap analysis
C. Audit deficiency
D. Noncompliance
B. Gap analysis
Explanation:
B is correct. A gap analysis is performed to determine if the results found from information discovery and testing match with the configuration standards and policies. Any resulting deviation from them will be considered a finding and a gap between the desired state of a system or operations and the actual verified current state.
Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment and only for the duration in which they consume them?
A.. Metered service
B. Billable service
C. Consumable service
D. Measured service
D. Measured service
Explanation:
D is correct. With measured service, cloud services are delivered and billed in a metered way. The cloud customer only pays for those services they use and the duration of time in which they use them.
What feature of a SIEM solution can simplify an organization’s strategy for log retention compliance?
A. Alerting
B. Aggregation
C. Reporting
D. Dashboards
B. Aggregation
Explanation:
B is correct. Because a SIEM solution aggregates logs together from across the enterprise, an organization could implement log retention at the point of the SIEM solution and have a single source to retain and back up, versus each device or system having its own log retention strategies.
What does a cloud system use from a technical perspective to make decisions on the allocation of resources with shares?
A.Size of the customer
B. Cost of the resources
C. Prioritization weighting
D. Owner of the cloud provider
C. Prioritization weighting
Explanation:
C is correct. The cloud system will use a prioritization weighting defined by the cloud provider to determine the allocation of resources. The weighting can be determined by many different values and will often be reflected in the contract or SLA with the cloud customer, based on the needs and resources of the particular system.
What does the REST API use to protect data transmissions?
A. TLS
B.. NetBIOS
C.. Encapsulation
D. VPN
A. TLS
Explanation:
A is correct. REST uses Transport Layer Security (TLS) for communication over secured channels. Although REST also supports Secure Sockets Layer (SSL), at this point SSL has been phased out due to vulnerabilities and has been replaced by TLS.
Which European Union directive pertains to personal data privacy and an individual’s control over their personal data?
A. 95/46/EC
B. 2000/1/EC
C. 99/9/EC
D. 2013/27001/EC
A. 95/46/EC
Explanation:
A is correct. Directive 95/46/EC is titled “On the protection of individuals with regard to the processing of personal data and on the free movement of such data.”
When is a virtual machine susceptible to attacks but a physical server in the same state would not be?
A. When it is powered off
B. When it is not patched
C. When it is behind an IPS
D. When it is behind a WAF
A. When it is powered off
Explanation:
A is correct. A virtual machine is ultimately an image file residing in a file system. Because of this, even when a virtual machine is “powered off,” it is still susceptible to attacks and modification. A physical server that is powered off would not be susceptible to attacks.
Which ITIL component is focused on maintaining detailed information about all components and services within an organization?
A. Change management
B. Configuration management
C.. Deployment management
D. Release management
B. Configuration management
Explanation:
B is correct. Configuration management tracks and maintains detailed information about any IT components within the organization. It encompasses all physical and virtual systems, and it includes hosts, servers, appliances, and devices. It also includes all details about each of these components, such as settings, installed software, and version and patch levels.
What is a major challenge with forensic data collection within a cloud environment?
A. Size of data
B. Classification of data
C. Ownership of data
D. Format of data
C. Ownership of data
Explanation:
C is correct. Within a cloud environment, the ownership of data is a major concern when it comes to forensic collection. Depending on the cloud service model, the cloud customer will have varying degrees of ownership over data and access to it.
Which type of cloud model typically presents the most challenges to a cloud provider during the Destroy phase of the cloud data lifecycle?
A. IaaS
B. DaaS
C. PaaS
D. SaaS
D. SaaS
Explanation
D is correct. With many SaaS implementations, data is not isolated to a particular customer but rather is part of the overall application. When it comes to data destruction, a particular challenge is ensuring that all of a customer’s data is completely destroyed while not impacting the data of other customers.`
Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?
A. Security misconfiguration
B. Insecure direct object references
C. Sensitive data exposure
D. Unvalidated redirects and forwards
C. Sensitive data exposure
Explanation:
C is correct. Sensitive data exposure occurs when information is not properly secured through encryption and secure transport mechanisms; it can quickly become an easy and broad method for attackers to compromise information. Web applications must enforce strong encryption and security controls on the application side as well as require secure methods of communication with browsers or other clients used to access information.
What type of masking strategy involves replacing data on a system while it passes between the data and application layers?
A. Static
B. Replication
C. Duplication
D. Dynamic
D. Dynamic
Explanation:
D is correct. With dynamic masking, production environments are protected with the masking process being implemented between the application and data layers of the application. This allows for a masking translation to take place live in the system and during normal application processing of data.
Which type of common threat involves an organization not taking proper precautions or planning to mitigate threats to its system or applications?
A. Insufficient due diligence
B. System vulnerability
C. Insider threat
D. Account hijacking
A. Insufficient due diligence
Explanation:
A is correct. Insufficient due diligence occurs when an organization does not properly plan its systems or applications with an awareness of the threats that face them. Without proper and thorough evaluation of its systems, designs, and controls, an organization may unintentionally expose itself to more security risks and vulnerabilities by moving to a cloud environment.
What are the four approaches to responding to risk?
A. Accept, avoid, transfer, mitigate
B. Accept, dismiss, transfer, mitigate
C. Accept, deny, mitigate, revise
D. Accept, deny, transfer, mitigate
A. Accept, avoid, transfer, mitigate
Explanation:
A is correct. The four approaches to responding to risk are to accept the risk, avoid the risk through changes in policies or access, transfer the risk through insurance, and mitigate the risk through configuration changes or coding changes.
What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?
A. Honeypot
B. WAF
C. Proxy
D. Bastion
D. Bastion
Explanation:
D is correct. A bastion host is a server that is fully exposed to the public Internet, but is extremely hardened to prevent attacks and is usually dedicated for a specific application or usage; it is not something that will serve multiple purposes. This singular focus allows for much more stringent security hardening and monitoring.
What concept does the “T” represent in the STRIDE threat model?
A. TLS
B. Transport
C. Tampering with data
D. Testing
C. Tampering with data
Explanation:
C is correct. Any application that sends data to the user will face the potential that the user could manipulate or alter the data, whether it resides in cookies, GET or POST commands, or headers or manipulates client-side validations. If the user receives data from the application, it is crucial that the application validate and verify any data received back from the user.
Which ITIL component is focused on ensuring that changes made to a production environment are properly executed and validated?
A. Change management
B. Configuration management
C. Deployment management
D. Release management
C. Deployment management
Explanation:
C is correct. Deployment management involves the planning, coordinating, executing, and validating of changes and rollouts to the production environment. The main focus is on properly mapping out all steps required for a release and properly configuring and loading it. This typically involves coordination between the business owner, developers, implementation team, and those that will validate and test the release after implementation.
When can risk be fully mitigated?
A. With risk transference
B. Never
C. With risk avoidance
D. When using a private cloud
B. Never
Explanation:
B is correct. No matter what types of controls, configurations, or certifications are used, risk can never be fully mitigated.
When long-term storage is used to save costs, which of the following is the most iimportant consideration in the selection of an appropriate storage tier?
A. Redundancy
B. Access time
C. Backups
D. Volume size
B. Access time
Explanation:
B is correct. With long-term storage, to realize the most cost savings, the most important concept to consider is the time required to access data. Cloud providers offer storage tiers that are much cheaper than production storage and are largely based on how much time is mandatory for data access to be granted. The longer a customer can allow for data to be accessed, the greater the cost savings.
Which of the following technologies is used to monitor network traffic and notify if any potential threats or attacks are noticed?
A. IDS
B. IPS
C. Firewall
D. WAF
A. IDS
Explanation:
A is correct. An intrusion detection system (IDS) is designed to analyze network packets, compare their contents or characteristics against a set of configurations or signatures, and alert personnel if anything is detected that could constitute a threat or is otherwise designated for alerting.
Which of the following represents a control on the maximum amount of resources a single customer, virtual machine, or application can consume within a cloud environment?
A. Reservation
B. Limit
C. Share
D. Provision
B. Limit
Explanation
B is correct. Limits are put in place to enforce a maximum on the amount of memory or processing a cloud customer can use. This can be done either on a virtual machine or as a comprehensive whole for a customer; it is meant to ensure that enormous cloud resources cannot be allocated or consumed by a single host or customer to the detriment of other hosts and customers.