CCSP 1

Which design principle of secure cloud computing ensures that users can utilize data and applications from around the globe?

Broad network access

Which technology allows an organization to control access to sensitive documents stored in the cloud?

Digital rights management (DRM)

Which open web application security project (OWASP) Top 9 Coding Flaws leads to security issues?

Direct object reference

Which design principle of secure cloud computing ensures that the business can resume essential operations in the event of an availability-affecting incident?

Disaster recovery

Which approach is considered a black-box security testing method?

Dynamic application security testing

Which jurisdictional data protection controls the ways that financial institutions deal with the private information of individuals?

Gramm-Leach-Bliley act (GLBA)

Which element is a cloud virtualization risk?

Guest isolation

Which international standard guide provides procedures for incident investigation principles and processes?

ISO/IEC 27043:2015

Which standard addresses practices related to acquisition of forensic artifacts and can be directly applied to a cloud environment?

ISO/IEC 27050-1

A security analyst is investigating an incident of access to a resource from an unauthorized location. Which data source should the security analyst use to investigate the incident?

Packet capture file

What is a component of device hardening?

Patching

Which item is required in a cloud contract?

Penalties for failure to meet SLA

Which penalty is imposed for privacy violations under the general data protection regulation (GDPR)?

Penalty up to 20 million Euros

Which security threat occurs when a developer leaves an unauthorized access interface within an application after release?

Persistent backdoor

Which risk is associated with malicious and accidental dangers to a cloud infrastructure?

Personnel threats

Which risk is controlled by implementing a private cloud?

Physical security

Which jurisdictional data protection includes dealing with the international transfer of data?

Privacy regulation

Which cloud deployment model is operated for a single organization?

Private

Which cloud model allows the consumer to have sole responsibility for management and governance?

Private

Which cloud model provides data location assurance?

Private

Which type of cloud deployment model is considered equivalent to a traditional IT architecture?

Private

Which description characterizes<b> </b>the application programming interface (API) format known as representational state transfer (REST)?

Provides a framework for developing scalable web applications

Which encryption technique connects the instance to the encryption instance that handles all crypto operations?

Proxy

Which process prevents the environment from being over-controlled by security measures to the point where application performance is impacted?

Quality of service (QoS)

Which requirement is included when exceptions, restrictions, and potential risks are highlighted in a cloud services contract?

Regulatory and compliance

Which action is required for breaches of data under the general data protection regulation (GDPR) within 72 hours of becoming aware of the event?

Reporting to the supervisory authority

Which design principle of secure cloud computing involves deploying cloud service provider resources to maximize availability in the event of a failure?

Resiliency

Which logical design decision can be attributed to required regulation?

Retention periods

Which option should an organization choose if there is a need to avoid software ownership?

Software as a service (SaaS)

Which service model influences the logical design by using additional measures in the application to enhance security?

Software as a service (SaaS)

Which security testing approach is used to review source code and binaries without executing the application?

Static application security testing

Which phase of the cloud data lifecycle allows both read and process functions to be performed?

Create

Which detection and analysis technique is performed to capture a point-in-time picture of the entire stack at the time of an incident?

Create a snapshot using API calls

Which method should the cloud consumer use to secure the management plane of the cloud service provider?

Credential management

Which issue occurs when a web browser is sent data without proper validation?

Cross-site scripting (XXS)

Who retains final ownership for granting data access and permissions in a shared responsibility model?

Customer

Which element is protected by an encryption system?

Data

Which problem is known as a common supply chain risk?

Data breaches

Which cloud computing tool may help detect data migrations to cloud services?

Data loss prevention

Which control helps mitigate the risk of sensitive information leaving the cloud environment?

Data loss prevention (DLP)

Which message type is generated from software systems to troubleshoot and identify problems with running application codes?

Debug

Which cloud security control eliminates the risk of a virtualization guest escape from another tenant?

Dedicated hosting

Which primary security control should be used by all cloud accounts, including individual users, in order to defend against the widest range of attacks?

Multi-factor authentication

Which countermeasure helps mitigate the risk of stolen credentials for cloud-based platforms?

Multifactor authentication

Which cloud data storage architecture allows sensitive data to be replaced with unique identification symbols that retain all the essential information about the data without compromising its security?

Tokenization

A cloud customer is setting up communication paths with the cloud service provider that will be used in the event of an incident. Which action facilitates this type of communication?

Using existing open standards

Under which method would cloud clients find it impossible to recover or access their own data if their cloud provider goes bankrupt?

Vendor lock-out

Which technology typically provides security isolation in infrastructure as a service (IaaS) cloud computing?

Virtual machines & Operating systems

Which methodology could cloud data storage utilize to encrypt all data associated in an infrastructure as a service (IaaS) deployment model?

Whole-instance encryption

Which process involves the use of electronic data as evidence in a civil or criminal legal case?

eDiscovery investigations

Which data retention solution should be applied to a file in order to reduce the data footprint by deleting fixed content and duplicate data?

Archiving

Which identity management process targets access to enterprise resources by ensuring that the identity of an entity is verified?

Authentication

Which term describes the action of confirming identity access to an information system?

Authentication

Which data retention method is stored with a minimal amount of metadata storage with the content?

Block-based

Which phase of the software development life cycle includes determining the business and security requirements for the application to occur?

Defining

Which phase of the cloud data life cycle is associated with crypto-shredding?

Destroy

Which technology improves the ability of the transport layer security (TLS) to ensure privacy when communicating between applications?

Advanced application-specific integrated circuits (ASICs)

Which data retention policy controls how long health insurance portability and accountability act (HIPAA) data can be archived?

Applicable regulation

Which security control does the software as a service (SaaS) model require as a shared responsibility of all parties involved?

Application

Which type of control should be used to implement custom controls that safeguard data?

Application level

Which cloud computing technology unlocks business value through digital and physical access to maps?

Application programming interface

Which action enhances cloud security application deployment through standards such as ISO/IEC 27034 for the development, acquisition, and configuration of software systems?

Applying the steps of a cloud software development lifecycle

Which phase of the software development life cycle includes writing application code?

Developing

Which legislation must a trusted cloud service adhere to when utilizing the data of EU citizens?

GDPR

Which standard addresses the privacy aspects of cloud computing for consumers?

ISO 27018:2014

Which cloud infrastructure is shared by several organizations and supports a specific population that has shared concerns (e.g., mission, security requirements, policy, compliance considerations)?

Community cloud

What is a key capability of security information and event management?

Centralized collection of log data

Which artifact may be required as a data source for a compliance audit in a cloud environment?

Change management details

Which cloud computing tool is used to discover internal use of cloud services using various mechanisms such as network monitoring?

Cloud access security broker (CASB)

Where should the location be for the final data backup repository in the event that the disaster recovery plan is enacted for the CSP of disaster recovery (DR) service?

Cloud platform

Which cloud infrastructure is shared by several organizations and supports a specific population that has shared concerns (e.g., mission, security requirements, policy, compliance considerations)?

Community

A CSP provides services in European Union (EU) countries that are subject to the network information security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the essential services being provided. Who is the CSP required to notify under the NIS directive?

Competent authorities

Which attack vector is associated with cloud infrastructure?

Compromised API credentials

Which aspect of business continuity planning considers the alternatives to be used when there is a complete loss of the provider?

Considering portability options

What is a key method associated with a risk-based approach to business continuity planning?

Considering the degree of continuity required for assets

Which security strategy is associated with data rights management solutions?

Continuous auditing

What is a key capability of infrastructure as a service (IaaS)?

Converged network and IT capacity pool

A company has recently defined classification levels for its data. During which phase of the cloud data life cycle should this definition occur?

Create

Which disaster recovery plan metric indicates how long critical functions can be unavailable before the organization is irretrievably affected?

Maximum allowable downtime (MAD)

Which regulation requires a CSP to comply with copyright law for hosted content?

DMCA

Which cloud security control is a countermeasure for man-in-the-middle attacks?

Encrypting data in transit

Which testing method must be performed to demonstrate the effectiveness of a business continuity plan and procedures?

Failover

Which technology is used to manage identity access management by building trust relationships between organizations?

Federation

Which technique scrambles the content of data using a mathematical algorithm while keeping the structural arrangement of the data?

Format-preserving encryption

An architect needs to constrain problems to a level that can be controlled when the problem exceeds the capabilities of disaster recovery (DR) controls. Which aspect of the plan will provide this guarantee?

Handling provider outages

Which multi-factor authentication (MFA) option uses a physical universal serial bus (USB) device to generate one-time passwords?

Hard tokens

Which result is achieved by removing all nonessential services and software of devices for secure configuration of hardware?

Hardening

Which item should be part of the legal framework analysis if a company wishes to store prescription drug records in a SaaS solution?

Health Insurance Portability and Accountability Act

Which jurisdictional data protection safeguards protected health information (PHI)?

Health Insurance Portability and Accountability Act (HIPAA)

Which environmental consideration should be addressed when planning the design of a data center?

Heating and ventilation

What is a key component of the infrastructure as a service (IaaS) cloud service model?

High reliability and resilience

Which disaster recovery (DR) site results in the quickest recovery in the event of a disaster?

Hot

A CSP operating in Australia experiences a security breach that results in disclosure of personal information that is likely to result in serious harm. Who is the CSP legally required to notify?

Information commissioner

Which cloud model offers access to a pool of fundamental IT resources such as computing, networking, or storage?

Infrastructure

The security administrator for a global cloud services provider (CSP) is required to globally standardize the approaches for using forensics methodologies in the organization. Which standard should be applied?

International organization for standardization (ISO) 27050-1

Which security technology can provide secure network communications from on-site enterprise systems to a cloud platform?

Internet protocol security (IPSec) virtual private network (VPN)

Which cloud-specific risk must be considered when moving infrastructure operations to the cloud?

Lack of physical access

Which assumption about a CSP should be avoided when considering risks in a disaster recovery (DR) plan?

Level of resiliency

Which countermeasure mitigates the risk of a rogue cloud administrator?

Logging and monitoring

Which risk is related to interception of data in transit?

Man-in-the-middle

What part of the logical infrastructure design is used to configure cloud resources, such as launching virtual machines or configuring virtual networks?

Management plane

Which technology allows an administrator to remotely manage a fleet of servers?

Management plane

Which countermeasure enhances redundancy for physical facilities hosting cloud equipment during the threat of a power outage?

Multiple and independent power circuits to all racks

Which risk during the eDiscovery process would limit the usefulness of the requested data from the cloud by third parties?

Native production

Which platform as a service (PaaS) storage architecture should be used if an organization wants to store presentations, documents, and audio files?

Object

Which technology should be included in the disaster recovery plan to prevent data loss?

Offsite backups

Which group is legally bound by the general data protection regulation (GDPR)?

Only corporations that processes the data of EU citizens

A business is concerned about the usage of its third-party provided, leased cloud resources. Which audit process should be used to investigate this concern?

Review traffic logs for the leased cloud resources.

Which method is being used when a company evaluates the acceptable loss exposure associated with a cloud solution for a given set of objectives and resources?

Risk appetite

Which regulation in the United States defines the requirements for a CSP to implement and report on internal accounting controls?

SOX

Which type of control is important in order to achieve compliance for risk management?

Security

Which document addresses CSP issues such as guaranteed uptime, liability, penalties, and dispute mediation process?

Service level agreement (SLA)

Which type of agreement aims to negotiate policies with various parties in accordance with the agreed-upon targets?

Service-level (SLA)

Which phase of the cloud data life cycle uses content delivery networks?

Share

Which phase of the cloud data security lifecycle typically occurs simultaneously with creation?

Store

There is a threat to a banking cloud platform service. The developer needs to provide inclusion in a relational database that is seamless and readily searchable by search engine algorithms. Which platform as a service (PaaS) data type should be used?

Structured

Which item would be a risk for an enterprise considering contracting with a cloud service provider?

Suspension of service if payment is delinquent

Which security method should be included in a defense-in-depth, when examined from the perspective of a content security policy (CSP)?

Technological controls

A cloud administrator recommends using tokenization as an alternative to protecting data without encryption. The administrator needs to make an authorized application request to access the data. Which step should occur immediately before this action is taken?

The application stores the token.

Why is eDiscovery difficult in the cloud?

The client may lack the credentials to access the required data.

Which factor exemplifies adequate cloud contract governance?

The frequency with which contracts are renewed

Which consideration should be taken into account when reviewing a cloud service provider's risk of potential outage time?

The unique history of the provider

How do immutable workloads effect security overhead?

They reduce the management of the hosts.

How is the compliance of the cloud service provider's legal and regulatory requirements verified when securing personally identifiable information (PII) data in the cloud?

Third-party audits and attestations

Which issue can be detected with static application security testing (SAST)?

Threading