Domain 3

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A bare-metal hypervisor is Type ________. 1 2 3 4

1

What is the optimal number of entrances to the cloud data center campus? 1 2 3 4

1

A Type ________ hypervisor is probably more difficult to defend than other hypervisors. 1 2 3 4

2

A hypervisor that runs inside another operating system is a Type _________hypervisor. 1 2 3 4

2

In order to support all aspects of the CIA triad, all of the following aspects of a cloud data center need to be engineered with redundancies except ___________. Power supply HVAC Administrative offices ISP/connectivity lines

Administrative offices

When a customer preforms a penetration test in the cloud, why isn't the test an optimum simulation of attack conditions? Attackers don't use remote access for cloud activity Advanced notice removes the element of surprise When cloud customers use malware, it's not the same as when attackers use malware Regulator involvement changes the attack surface

Advanced notice removes the element of surprise

In addition to the security offered by the cloud provider, a cloud customer must consider the security offered by ___________. The respective regulator The end user Any vendor the cloud customer previously used in the on-premises environment Any third parties the provider depends on

Any third parties the provider depends on

Using a virtual machine baseline image could be very useful for which of the following options? Physical security Auditing Training Customization

Auditing

What is the process of granting access to resources? Identification Authentication Authorization Federation

Authorization

Which of the following controls would be useful to build into a VM baseline image for a cloud environment? GPS tracking/locator Automated vulnerability scan on system startup Access control list of authorized personnel Write protection

Automated vulnerability scan on system startup

Which of the following controls would be useful to build a VM baseline image for a cloud environment? Automatic registration with the configuration management system Enhanced user training and awareness media Mechanisms that prevent the file from being copied Keystroke loggers

Automatic registration with the configuration management system

Using one cloud provider for your operational environment and another for your BCDR backup will also give you the additional benefit ________. Allowing any custom VM builds you to use to be instantly ported to another environment Avoiding vendor lock-in/lock-out Increased performance Lower cost

Avoiding vendor lock-in/lock-out

It is best to use variables in _______. Baseline configurations Security control implementations Contract language BCDR test

BCDR test - mix up the scenarios that will be tested

Cloud administration almost necessarily violates the principles of the ____________ security model. Brewer-Nash (Chinese wall) Graham-Denning Bell-LaPadula Biba

Brewer-Nash (Chinese wall)

Which of these determines the critical assets, recovery time objective, and recover point objective for BCDR purposes? Business drivers User input Regular mandate Industry standards

Business drivers

What artifact - which should already exist within the organization - can be used to determine the critical assets necessary to protect in the BCDR activity? Quantitative risk analysis Qualitative risk analysis Business impact analysis Risk appetite

Business impact analysis

When discussing the cloud, we often segregate the data center into the terms compute, storage and networking. Compute is made up of _________ and _________. Routers; hosts APIs; Northbound Interface CPU; RAM Virtualized; actual hardware devices

CPU; RAM

Which of the following is probably the most important element to address if your organization is using two different cloud providers for the production and BCDR environments? Do they cost the same? Do they have similar facility protections in place? What level of end-user support do they offer? Can the backup provider meet the same SLA requirements of the primary?

Can the backup provider meet the same SLA requirements of the primary?

All of the following can be used to properly apportion cloud resources except __________. Reservations Shares Cancellations Limits

Cancellations

Which of the following can enhance application portability? Using the same cloud provider for the production environment and archiving Conducting service trails in an alternate cloud provider environment Providing cloud-usage training for all users Tuning web application firewalls to detect anomalous activity in inbound communications

Conducting service trails in an alternate cloud provider environment - which is testing and important to make sure applications will work in the new environment

The BCDR plan/policy should include all of the following except ________. Tasking for the office responsible for maintaining/enforcing the plan Contact information for essential entities, including BCDR personnel and emergency services agencies Copies of the laws/regulations/standards governing specific elements of the plan Checklists for BCDR personnel to follow

Copies of the laws/regulations/standards governing specific elements of the plan

Industry best practices dictate that cloud customers do not __________. Create their own IAM solutions Create contract language that favors them over the provider Retrain personnel for cloud operations Encrypt data before it reaches the cloud

Create their own IAM solutions

A process for __________ can aid in protecting against data disclosure due to lost devices. User punishment Credential revocation Law enforcement notification Device tracking

Credential revocation

A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to review each other, for compliance with security governance and standards they all find acceptable, what is this federation model called? Cross-certification Proxy Single sign-on Regulated

Cross-certification - aka as the "web of trust"

Of the following control techniques/solutions, which can be combined to enhance the protections offered by each? Razor tape/background checks Least privilege/generators DLP/DRM Personnel badging/secure baselines

DLP/DRM

Of the following control techniques/solutions, which can be combined to enhance the protections offered by each? Fence/firewalls Asset inventories/personnel training Data dispersion/encryption Intrusion prevention solutions/intrusion detection solutions

Data dispersion/encryption

A fundamental aspect of security principles, ________ should be implemented in the cloud as well as in legacy environment. Continual uptime Defense in depth Multifactor authentication Separation of duties

Defense in depth

All security controls necessarily _____________. Are expensive Degrade performance Require senior management approval Will work in the cloud environment as well as they worked in the legacy environment

Degrade performance

Software-defined networking (SDN) allows network administrators/architects to perform all the following functions except ________. Reroute traffic based on current customer demand Create logical subnets without having to change any actual physical connections Filter access to resources based on specific rules or settings Deliver streaming media content in an efficient manner by placing it closer to the end user

Deliver streaming media content in an efficient manner by placing it closer to the end user

In a managed cloud services arrangement, who invokes a BCDR action? The cloud provider The cloud customer Depends on the contract Any user

Depends on the contract

A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to use the web of trust model for federation, who is/are the identity providers? Each organization A trusted third party The regulator overseeing their industry All of their patients

Each organization

A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to use the web of trust model for federation, who is/are the service providers? Each organization A trusted third party The regulator overseeing their industry All of their patients

Each organization

___________ is/are probably the main cause of virtualization sprawl. Malicious attackers Lack of provider controls Lack of customer controls Ease of use

Ease of use

Best practice for planning the physical resiliency for a cloud data center facility includes _________. Having one point of egress for personnel Ensuring that any cabling/connectivity enters the facility from different sides of the building/property Ensuring that all parking areas are jear generators so that personnel in high-traffic areas are always illuminated by emergency lighting, even when utility power is not available Ensuring that the foundation of the facility is rated to withstand earthquake tremors

Ensuring that any cabling/connectivity enters the facility from different sides of the building/property

Risk assessment is the responsibility of ____________. Companies offering managed cloud services Regulatory bodies Every organization Legislative entities

Every organization

Typically, SSDs are ____________. Harder to install than magnetic memory Faster than magnetic drives Harder to administer than tape libraries More likely to fail than spinning platters

Faster than magnetic drives

It is possible for the cloud customer to transfer ________ risk to the provider, but the cloud customer always retains ultimate legal risk. Market Perception Data Financial

Financial

Which entity can best aid the organization in avoiding vendor lock-in? Senior management The IT security office General counsel The cloud security representative

General counsel - they are the ones that are going to write the contract language

Of the following options, which is a reason cloud data center audits are often less trustworthy than legacy audits? Data in the cloud can't be audited Controls in the cloud can't be audited Getting physical access can be difficult There are no regulators for cloud operations

Getting physical access can be difficult

You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. Your organization has its production environment hosted by a cloud provider, and you have appropriate protections in place. Which of the following is a significant consideration for your BCDR backup? Enough personnel at the BCDR recovery site to ensure proper operations Good cryptographic key management Access to the servers where the BCDR backup is stored Forensic analysis capabilities

Good cryptographic key management

What is the term that describes the situation when a malicious user/attacker can exit the restrictions of a VM and access another VM residing on the same host? Host escape Guest escape Provider exit Escalation of privileges

Guest escape

A group of clinics decides to create an identification federation for their users (medical providers and clinicians). In this federation, all of the participating organizations would need to be in compliance with what US federal regulations? GLBA FMLA PCI DSS HIPAA

HIPAA

Which organizational entity usually performs the verification part of the provisioning element of the identification process? IT Security HR Sales

HR

Which of the following is a device specially purposed to handle the issuance, distribution, and storage of cryptographic keys? Key management box Hardware security module Ticket-granting ticket Trusted computing base

Hardware security module

You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. Which of the following strategies is an optimum technique to avoid major issues? Have another full backup of the production environment prior to the test Assign all personnel roles to perform during the test Have the cloud provider implement a simulated disaster at a random moment in order to maximize realistic testing Have your regulators present at the test so they can monitor performance

Have another full backup of the production environment prior to the test

What is the term that describes the situation when a malicious user/attacker can exit the restrictions of a single host and access other nodes on the network? Host escape Guest escape Provider exit Escalation of privileges

Host escape

Orchestrating resource calls is the job of the _________. Administrator Router VM Hypervisor

Hypervisor

Resolving resource contentions in the cloud will most likely be the job of the _____________. Router Emulator Regulator Hypervisor

Hypervisor - Hypervisor is the orchestrator of resources

If the cloud is used for BCDR purposes, the loss of ______ could gravely affect your organization's RTO (recovery time objective). The cloud server A specific VM Your policy and contract documentation ISP connectivity

ISP connectivity

A user signs on to a cloud-based social media platform. In another browser tab, the user finds an article worth posting to the social media platform. The user clicks on the platform's icon listed on the article's website, and the article is automatically posted to the user's account on the social media platform. This is an example of what? Single sign-on Insecure direct identifiers Identity federation Cross-site scripting

Identity federation

In addition to BCDR, what other benefit can your data archive/backup provide? Physical security enforcement Access control methodology Security control against data breach Identity management testing

Identity management testing - "Reach back" capability to add users in recovering accidently deleted data

Where should multiple egress points be included? At the power distribution substation Within the data center In every building on the campus In the security operations center

In every building on the campus - health and human safety

What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another user's virtual machine? Unauthorized data disclosure Inference attacks Social engineering Physical intrusion

Inference attacks

DDoS attacks do not affect __________ for cloud customers. Productivity Availability Connectivity Integrity

Integrity

Which of the following can enhance data portability? Interoperable export formats Egress monitoring solutions Strong physical protections Agile business intelligence

Interoperable export formats

Which of the following is a risk in the cloud environment that is not existing or as prevalent in the legacy environment? DDoS Isolation failure External failure Internal attack

Isolation failure - legacy ops isolation failure only will expose to data to other members in organization / In cloud ops isolation may expose you to other tenants in the cloud

Why does the physical location of your data backup and/or BCDR failover environment matter? It may affect regulatory compliance Lack of physical security Environmental factors such as humidity It doesn't matter. Data can be saved anywhere without consequence

It may affect regulatory compliance

Which of the following is a risk in the cloud environment that is not existing or is as prevalent in the legacy environment? Legal liability in multiple jurisdictions Loss of productivity due to DDoS Ability of users to gain access to their physical workplace Fire

Legal liability in multiple jurisdictions

Which of the following poses a new risk in the cloud, not affecting the legacy, on-premises environment? Fire Legal seizure of another firm's assets Mandatory privacy data breach notification Flooding

Legal seizure of another firm's assets

The cloud customer will usually not have a physical access to the cloud data center. This enhances security by _________. Reducing the need for qualified personnel Limiting access to sensitive information Reducing jurisdictional exposure Ensuring statutory compliance

Limiting access to sensitive information

Which of the following is a method for apportioning resources that involves setting maximum usage amounts for all tenant/customers within the environment? Reservations Shares Cancellations Limits

Limits

A cloud provider will probably require all of the following except _______ before a customer conducts a penetration test. Notice Description of scope of the test Location of the launch point Knowledge of time frame/duration

Location of the launch point

VM configuration management tools should probably include __________. Biometric recognition Anti-tampering mechanisms Log file generation Hackback capabilities

Log file generation

Which of the following is a risk in the cloud environment that is not existing or is as prevalent in the legacy environment? Loss of availability due to DDoS Loss of value due to DDoS Loss of confidentiality due to DDoS Loss of liability due to DDoS

Loss of availability due to DDoS - users wont be able to access any data since the connection is severed to the cloud data

Which of the following risks exists in the legacy environment but is dramatically increased by moving into the cloud? Physical security breaches Loss of utility power Financial upheaval Man-in-the-middle attacks

Man-in-the-middle attacks

Sprawl is mainly a(n) _________ problem. Technical External Management Logical

Management

Of the following, which is probably the most significant risk in a managed cloud environment? DDoS Management plane breach Guest escape Physical attack on the utility service lines

Management plane breach - someone gets entire control of the environment

The cloud data center campus physical access point should include all of the following except _______. Reception area Video surveillance Badging procedure Mantrap structures

Mantrap structures - usually reserved for sensitive areas within a building

Typically, SSDs are __________. More expensive than spinning platters Larger than tape backup Heavier than tape libraries More subject to malware than legacy drives

More expensive than spinning platters

Critical components should be protected with _______. Strong passwords Chain-link fences Homomorphic encryption Multifactor authentication

Multifactor authentication

Which of the following poses a new risk in the cloud, not affecting the legacy, on-premises environment? Internal threats Multitenancy Natural disasters DDoS attacks

Multitenancy

If you use the cloud for BCDR purposes, even if you don't operate your production in the cloud, you can cut costs by eliminating your __________. Security personnel BCDR policy Old access credentials Need for a physical hot site/warm site

Need for a physical hot site/warm site

Key generation is a cloud environment might have less entropy than the legacy environment for all the following reasons except _________. Lack of direct input devices No social factors Uniform build Virtualization

No social factors

Typically, SSDs are ______________. Impossible to destroy physically Not vulnerable to degaussing Subject to a longer warranty Protected by international trade laws

Not vulnerable to degaussing

The tasks performed by the hypervisor in the virtual environment can most be likened to the tasks of the ________ in the legacy environment. CPU Security team OS PGP

OS

What is the type of cloud storage arrangement that involves the use of associating metadata with the saved data? Volume Block Object Redundant

Object

Which of the following terms describes a cloud storage area that uses a file system/hierarchy? Volume storage Object storage Logical unit number (LUN) Block storage

Object storage

Typically, which form of cloud storage is used in the near term for snapshotted VM images? Volume storage Object storage Logical unit number (LUN) Block storage

Object storage - stored as an object

Risk should always be considered from a business perspective. Risk is often balanced by corresponding _________. Profit Performance Cost Opportunity

Opportunity

What do you need to do in order to fully ensure that a BCDR action will function during a contingency? Audit all performance functions Audit all security functions Perform a full-scale test Mandate this capability in the contract

Perform a full-scale test

Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ________. Risk Security controls Personnel Data

Personnel

What is the most important asset to protect in cloud BCDR activities? Intellectual property Hardware at the cloud data center Personnel Data on portable media

Personnel

The physical layout of a cloud data center campus should include redundancies of all the following except _______. Generators HVAC units Generator fuel storage Points of personnel ingress

Points of personnel ingress

It's important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ________. Prevent unknown, unpatched assets from being used as back doors to the environment Ensure that any lost devices are automatically entered into the acquisition systems for repurchasing and replacement Maintain user morale by having their devices properly catalogued and annotated Ensure that billing for all devices is handled by the appropriate departments

Prevent unknown, unpatched assets from being used as back doors to the environment

Where is isolation failure probably least likely to pose a significant risk? Public cloud Private cloud PaaS environment SaaS environment

Private cloud

Who operates the management plane? Regulators End consumers Privileged users Privacy data subjects

Privileged users

The ENISA's definition of cloud computing differs slightly from the definition offered by ISC2 and NIST. What is one of the characteristics listed by ENISA but not included in the ISC2 definition? Metered service Shared resources Scalability Programmatic management

Programmatic management

What can hamper the ability of a cloud customer to protect their own assets in a managed services arrangement? Prohibitions on port scanning and penetration testing Geographical dispersion Rules against training users Laws that prevent them from doing so

Prohibitions on port scanning and penetration testing

Which of the following risks is probably most significant when choosing to use one cloud provider for your operational environment and another for BCDR backup/archive? Physical intrusion Proprietary formats/lack of interoperability Vendor lock-in/lockout Natural disasters

Proprietary formats/lack of interoperability

A cloud customer performing a penetration test without the provider's permission is risking ________. Malware contamination Excessive fees for SLA violations Loss of market share Prosecution

Prosecution

A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to hire a third party to review each organization, for compliance with security governance and standards they all find acceptable, what is this federation model called? Cross-certification Proxy Single sign-on Regulated

Proxy

Having your BCDR backup stored with the same cloud provider as your production environment can help you _________. Maintain regulatory compliance Spend less of your budget on traveling Train your users about security awareness Recover quickly from minor incidents

Recover quickly from minor incidents

When considering cloud data replication strategies (i.e., whether you are making backups at the block, file or database level) which element of your organization's BCDR plan will be most affected by your choice? Recovery time objective Recovery point objective Maximum allowable downtime Mean time to failure

Recovery point objective - RPO is a measure of data that can be lost in an outage without irreparably damaging the organization

The process of identity management includes all the following elements except _________. Provisioning Maintenance Deprovisioning Redaction

Redaction

According to the European Union Agency for Network and Information Security (ENISA), a cloud risk assessment should provide a means for customers to accomplish all these assurance tasks except ___________. Assess risks associated with cloud migration Compare offerings from different cloud providers Reduce the risk of regulatory noncompliance Reduce the assurance burden on cloud providers

Reduce the risk of regulatory noncompliance

From a security perspective, automation of configuration aids in ___________. Enhancing performance Reducing potential attack vectors Increasing ease of use of the systems Reducing need for administrative personnel

Reducing potential attack vectors

Which of the following is probably the most important activity, of those listed? Regularly update the BCDR plan/process Have contact information for all personnel in the organization Have contact information for essential BCDR personnel Have contact information for local law enforcement

Regularly update the BCDR plan/process

The minimum essential characteristics of a cloud data center are often referred to as "ping, power, pipe." What does this mean? Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an ISP/the Internet Application suitability; availability; connectivity IaaS; SaaS; PaaS Anti-malware tools; controls against DDoS attacks; physical/environmental security controls, including fire suppression

Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an ISP/the Internet

Which of the following is a method for apportioning resources that involves setting guaranteed minimums for all tenants/customers within the environment? Reservations Shares Cancellations Limits

Reservations

Which of the following poses a new risk in the cloud, not affecting the legacy, on-premises environment? User carelessness Inadvertent breach Device failure Resource exhaustion

Resource exhaustion - in extreme cases such as something that hits an entire region where cloud providers will be unable to handle an increased load

Which of the following probably poses the most significant risk to the organization? Lack of data confidentiality during a contingency Lack of regulatory compliance during a contingency Returning to normal operations too late Lack of encrypted communications during a contingency

Returning to normal operations too late

Which of the following probably poses the most significant risk to the organization? Not having essential BCDR personnel available during a contingency Not including all BCDR elements in the cloud contract Returning to normal operations too soon Telecommunications outages

Returning to normal operations too soon

__________ is the most prevalent protocol used in identity federation. HTTP SAML FTP WS-Federation

SAML

In software-defined networking (SDN), the northbound interface (NBI) usually handles traffic between the ______ and ________. Cloud customer; ISP SDN controllers; SDN applications Cloud provider; ISP Router; host

SDN controllers; SDN applications

Which of the following would probably best aid an organization in deciding whether to migrate from a legacy environment to a particular cloud provider? Rate sheets comparing a cloud provider to other cloud providers Cloud provider offers to provide engineering assistance during the migration The cost/benefit measure of closing the organization's relocation site and using the cloud for disaster recovery instead SLA satisfaction surveys from other (current and old) cloud customers

SLA satisfaction surveys from other (current and old) cloud customers

In which cloud service model does the customer lose the most control over governance? IaaS PaaS SaaS Private Cloud

SaaS

What should the cloud customer do to ensure that disaster recovery activities don't exceed the maximum allowable downtime (MAD)? Make sure any alternate provider can support the application needs of the organization Ensure that contact information for all first responder agencies are correct and up to date at all times Select an appropriate recovery time objective (RTO) Regularly review all regulatory directives for disaster response

Select an appropriate recovery time objective (RTO)

When considering the option to migrate from an on-premises environment to a hosted cloud service, an organization should weigh the risks of allowing external entities to access the cloud data for collaborative purposes against ___________. Not securing the data in the legacy environment Disclosing the data publicly Inviting external personnel into the legacy workspace in order to enhance collaboration Sending the data outside the legacy environment for collaborative purposes

Sending the data outside the legacy environment for collaborative purposes

Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations? Reservations Shares Cancellations Limits

Shares

A cloud provider will probably not allow _________ as part of a customer's penetration test. Network mapping Vulnerability scanning Reconnaissance Social engineering

Social engineering

Sprawl in the cloud can lead to significant additional costs to the organization because of _________. Larger necessary physical footprint Much larger utility consumption Software licensing Requisite additional training

Software licensing - more vms = more $$

Which of the following terms describe a means to centralize logical control of all networked nodes in the environment, abstracted from the physical connections to each? VPN SDN ACLs RBAC

Software-defined networking (SDN)

Mass storage in the cloud will most likely currently involve __________. Spinning platters Tape drives Magnetic disks Solid-state drives

Solid-state drives

There are many ways to handle risk. However, the usual methods for addressing risk are not all possible in the cloud because ___________. Cloud data risks cannot be mitigated Migrating into a cloud environment necessarily means you are accepting all risks Some risks cannot be transferred to a cloud provider Cloud providers cannot avoid risk

Some risks cannot be transferred to a cloud provider

The BCDR plan/process should be written and documented in such a way that it can be used by ___________. Users Essential BCDR team members Regulators Someone with the requisite skills

Someone with the requisite skills - 'Requisite' made necessary by a certain event or circumstance

_______________ can often be the result of inadvertent activity. DDos Phishing Sprawl Disasters

Sprawl

Which of these does the cloud customer need to ensure protection of intellectual property created in the cloud? DRM IAM Strong contractual clauses Crypto-shredding

Strong contractual clauses

Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. From the customer perspective, most of the cost differential created between the legacy environment and the cloud through virtualization is achieved by removing ________. External risks Internal risks Regulatory compliance Sunk capital investment

Sunk capital investment - in the cloud you are only paying for what your using - therefore, saving dat money

You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. You decide to have a tabletop test of the BCDR activity. Which of the following will offer value during the test? Have all participants conduct their individual activities via remote meeting technology Task a moderator well-versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events Provide copies of the BCDR policy to all participants Allow all users in your organization to participate

Task a moderator well-versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events

Return to normal operations is a phase in BCDR activity when the contingency event is over and regular production can resume. Which of the following can sometimes be the result when the organization uses two different cloud providers for the production and BCDR environments? Both providers are affected by the contingency, extending the time before return to normal can occur The BCDR provider becomes the new normal production environment Regulators will find the organization in violation of compliance guidance All data is lost irretrievably

The BCDR provider becomes the new normal production environment

Who is the cloud carrier? The cloud customer The cloud provider The regulator overseeing the cloud customer's industry The ISP between the cloud customer and provider

The ISP between the cloud customer and provider

Security controls installed on a guest virtual machine operating system (VM OS) will not function when _______________. The user is accessing the VM remotely The OS is not scanned for vulnerabilities The OS is not subject to version control The VM is not active while in storage

The VM is not active while in storage

The physical layout of a cloud data center campus should include redundancies of all the following except _______. Physical perimeter security controls The administration/support staff building Electrical utility lines Communications connectivity lines

The administration/support staff building

In an IaaS arrangement, who accepts responsibility for securing cloud-based applications? The cloud provider The cloud customer The regulator The end user/client

The cloud customer

In a managed cloud services arrangement, who creates governance that will determine which controls are selected for the environment and how they are deployed? The cloud provider The cloud customer The regulators The end user

The cloud provider

Which of the following is a risk posed by the use of virtualization? Internal threats interrupting service through physical accidents (spilling drinks, tripping on lines) The ease of transporting stolen virtual machine images Increased susceptibility of virtual systems to malware Electromagnetic pulse

The ease of transporting stolen virtual machine images

Who will determine whether your organization's cloud migration is satisfactory from a compliance perspective? The cloud provider The cloud customer The regulators The ISP

The regulators

There are two reasons to conduct a test of the organization's recovery from backup in an environment other than the primary production environment. Which of the following is one of them? It costs more to conduct a test at the same location as the primary workplace You don't want to waste travel budget on what is only a test The risk of negative impact to both production and backup is too high There won't be enough room for everyone to sit in the primary facility

The risk of negative impact to both production and backup is too high

Of the following options, which is a reason cloud data center audits are often less trustworthy than legacy audits? They frequently rely on third parties The standards are too difficult to follow The paperwork is cumbersome There aren't enough auditors

They frequently rely on third parties

Of the following options, which is a reason cloud data center audits are often less trustworthy than legacy audits? Cryptography is present Auditor's don't like the cloud Cloud equipment is resistant to an audit They often rely on data the provider chooses to disclose

They often rely on data the provider chooses to disclose

All of the following can be used in the process of anomaly detection except ____________. The ratio of failed to successful logins Transactions completed successfully Event time of day Multiple concurrent logins

Transactions completed successfully

You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. Your organization has its production environment hosted in a cloud environment. You are considering using cloud backup services for your BCDR purposes as well. What would probably be the best strategy for this approach, in terms of redundancy and resiliency? Have your cloud provider also provide BCDR backup Keep a BCDR backup on the premises of your corporate headquarters Use another cloud provider for the BCDR backup Move your production environment back into your corporate premises, and use your cloud provider to host your BCDR backup

Use another cloud provider for the BCDR backup

What is probably the best way to avoid problems associated with vendor lockout? Use strong contract language Use nonproprietary data and media formats Use strong cryptography Use another provider for backup purposes

Use another provider for backup purposes

What is probably the optimum way to avoid vendor lock-in? Use non-proprietary data formats Use industry-standard media Use strong cryptography Use favorable contract language

Use favorable contract language

Perhaps the best method for avoiding vendor lock-out is also a means for enhancing BCDR capabilities. This is ___________. Having a warm site within 250 miles of the primary production environment Using one cloud provider for primary production and another for backup purposes Building a data center above the flood plain Cross-training all personnel

Using one cloud provider for primary production and another for backup purposes

Lack of industry-wide standards for cloud computing creates a potential for ________. Privacy data breach Privacy data disclosure Vendor lock-in Vendor lock-out

Vendor lock-in - without standards customer would have trouble moving from one vendor to the other

According to the NIST Cloud Computing Reference Architecture, which of the following is most likely a cloud carrier? Amazon web services Netflix Verizon Nessus

Verizon

One of the security challenges of operating in the cloud is that additional controls must be placed on file storage systems because ________. File stores are always kept in plain text in the cloud There is no way to sanitize file storage space in the cloud Virtualization necessarily prevents the use of application-based security controls Virtual machines are stored as snapshotted files when not in use

Virtual machines are stored as snapshotted files when not in use

Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. What is the technology that creates most of the cost savings in the cloud environment? Emulation Secure remote access Crypto-shredding Virtualization

Virtualization

What can be revealed by an audit of a baseline virtual image, used in a cloud environment? Possible intrusions after they have happened Potential criminal activity before it occurs Whether necessary security controls are in place and functioning properly Lack of user training and awareness

Whether necessary security controls are in place and functioning properly

What is the main reason virtualization is used in the cloud? VMs are easier to administer If a VM is infected with malware, it can easily be replaced With VMs, the cloud provider does not have to deploy an entire hardware device for every new user VMs are easier to operate than actual devices

With VMs, the cloud provider does not have to deploy an entire hardware device for every new user

A SAML identity assertion token uses the _________ protocol. XML HTTP HTML ASCII

XML

There are two reasons to conduct a test of the organization's recovery from backup in an environment other than the primary production environment. Which of the following is one of them? It is good to invest in more than one community You want to approximate contingency conditions, which includes not operating in the primary location It is good for your personnel to see other places occasionally Your regulator's wont follow you offsite, so you'll be unobserved during your test

You want to approximate contingency conditions, which includes not operating in the primary location


Ensembles d'études connexes

Descubre 1: Chapter 5 (direct object pronouns)

View Set

Heterogeneity and cancer stem cells

View Set

APUSH Chapter 19 Vocabulary and People

View Set

Chapter 28 (EGW) Child, Older Adult, and Intimate Partner Abuse

View Set

D8-Business Continuity and Disaster Recovery Planning

View Set

MGT 2013 Chapter 7 - Individual & Group Decision Making

View Set

DAVIES: Anatomy, Physiology, & Hemodynamics

View Set

Speech Chapters 6-9 SG Questions

View Set

Karch's Focus on Pharmacology 8th Ed. | Chapter 10

View Set

Anatomy Chapter 6 The Skeletal System: Axial Division

View Set

GCP: ACE Exam Prep Week 3 Diagnostic Questions

View Set