MIS429 Ch 1-5
If an organization owns all of the hardware and infrastructure of a cloud data center that is used only by members of that organization, which cloud deployment model would this be? A. Private B. Public C. Hybrid D. Motive
A. Because ownership and usage are restricted to one organization, this is a private cloud
Which of the following is not a common data right controlled by an IRM system? A. Copyright B. Creating C. Editing D. Viewing
A. Copyrights are protected tangible expressions of creative works. IRM rights management focuses on abilities like creating, editing, copying, viewing, printing, forwarding, and similar capabilities.
Asha wants to document the path that data takes from creation to storage in her institution's database. As part of that effort, she creates a data flow diagram. Which of the following is not a common element of a data flow diagram? A. Credentials used for each service listed B. Hostnames and IP addresses or address blocks for each system involved C. Ports and protocols used for data transfer D. Security controls used at each point in the diagram
A. Credentials are not typically included in documentation and should be kept in a secured location. Hostnames, IP addresses, ports, protocols, and security controls are commonly documented in data flow diagrams.
If a cloud customer wants to build their own computing environment using storage, networking, and compute resources offered by a cloud provider, which cloud service category would probably be best? A. IaaS B. PaaS C. SaaS D. FaaS
A. Customers of infrastructure as a service (IaaS) vendors purchase basic computing resources from vendors and piece them together to create customized IT solutions. For example, infrastructure as a service vendors might provide compute capacity, data storage, and other basic infrastructure building blocks.
Megan wants to improve the controls provided by her organization's data loss prevention (DLP) tool. What additional tool can be combined with her DLP to most effectively enhance data controls? A. IRM B. SIEM C. Kerberos D. Hypervisors
A. DLP can be combined with IRM tools to protect intellectual property; both are designed to deal with data that falls into special categories. SIEMs are used for monitoring event logs, not live data movement. Kerberos is an authentication mechanism. Hypervisors are used for virtualization.
What phase of the cloud data lifecycle involves data labeling? A. Create B. Store C. Use D. Archive
A. Data labeling should be done when data is created to ensure that it receives the proper labels and can immediately be processed and handled according to security rules for data with that label. Labels may be modified during the Use, Store, and Archive phases to assist with lifecycle management.
Which of the following is a technique used to attenuate risks to the cloud environment, resulting in loss or theft of a device used for remote access? A. Remote kill switch B. Dual control C. Muddling D. Safe harbor
A. Dual control is not useful for remote access devices because we'd have to assign two people for every device, which would decrease efficiency and productivity. Muddling is a cocktail preparation technique that involves crushing ingredients. Safe harbor is a policy provision that allows for compliance through an alternate method rather than the primary instruction
Maria's organization wants to ensure that logins by most malicious actors would be prohibited if a system administrator's credentials were compromised. What technology is commonly used to check for potential malicious logins from international attacks? A. Geofencing B. IPOrigin C. Multifactor D. Biometric authentication
A. Geofencing is often used as part of a set of controls to prevent unauthorized logins. Auditing against logins that occur from new or unapproved locations and even preventing logins from unauthorized locations can be a useful preventative control. IPOrigin was made up for this question and both multifactor and biometric logins are used to prevent unauthorized access, not to check for potential malicious logins
Angela wants to provide users with access rights to files based on their roles. What capability of an IRM system most directly supports this requirement? A. Provisioning B. DRM C. CRM D. Data labeling
A. IRM provisioning capabilities are designed to provide users with rights based on their roles or other criteria. Data labeling is used to determine which data should be handled based on IRM rules but does not match roles to rights. DRM is digital rights management and is the technical implementation of controls—it does not match rights to files based on a role. Finally, CRM is the acronym for customer relationship management, an entirely different type of tool!
The cloud customer will have the most control of their data and systems and the cloud provider will have the least amount of responsibility in which cloud computing arrangement? A. IaaS B. PaaS C. SaaS D. Community cloud
A. IaaS entails the cloud customer installing and maintaining the OS, programs, and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data. In a community cloud, data and device owners are distributed
You are concerned that an attacker might be able to use a guest virtual machine to gain access to the underlying hypervisor. What term describes this threat? A. VM escape B. SQL injection C. Man-in-the-middle D. VM sprawl
A. In a physical server environment, security teams know that each server runs on its own dedicated processor and memory resources and that if an attacker manages to compromise the machine, they will not have access to the processor and memory used by other systems. In a virtualized environment, this may not be the case if the attacker is able to break out of the virtualized guest operating system. This type of attack is known as a VM escape attack
You recently worked with a third-party vendor to help you implement a SaaS offering provided by a different company. Which one of the following cloud service roles is not represented here? A. Regulator B. Customer C. Provider D. Partner
A. In this scenario, there is no regulatory agency mentioned. You are the cloud customer and you are working with a cloud service partner to implement a service offered by a cloud service provider.
Nina replaces all but the last four digits of credit card numbers stored in a database with asterisks. What data obfuscation technique has she used? A. Masking B. Randomization C. Tokenization D. Anonymization
A. Masking replaces digits with meaningless characters. Randomization replaces data with randomized information with similar characteristics, preserving the ability to test with the data while attempting to remove any sensitivity. Tokenization replaces data with tokens, allowing referential integrity while removing the actual sensitive data, and anonymization removes potentially identifying data
Benefits for addressing BC/DR offered by cloud operations include all of the following except___________________. A. One-time pads B. Distributed, remote processing and storage of data C. Fast replication D. Regular backups offered by cloud providers
A. One-time pads are a cryptographic tool/method; this has nothing to do with BC/DR. All the other options are benefits of using cloud computing for BC/DR.
Which one of the following emerging technologies, if fully implemented, would jeopardize the security of current encryption technology? A. Quantum computing B. Blockchain C. Internet of Things D. Confidential computing
A. Quantum computing technology has the potential to unleash massive computing power that could break current encryption algorithms.
Helen wants to apply rules to traffic in her cloud-hosted environment. What cloud tool allows rules permitting traffic to pass or be blocked to be set based on information like the destination or source host or IP address, port, and protocol? A. Security groups B. Stateless IDS C. VPC boundaries D. Stateful IPS
A. Security groups act like firewalls in cloud environments, allowing rules that control traffic by host, port, and protocol to be set to allow or disallow traffic. Stateless and stateful IDSs and IPSs were made up for this question, and VPC boundaries are not a technical solution or tool.
Cloud vendors are held to contractual obligations with specified metrics by ___________________. A. Service-level agreements (SLAs) B. Regulations C. Law D. Discipline
A. Service-level agreements (SLAs) specify objective measures that define what the cloud provider will deliver to the customer.
When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is___________________. A. Legal liability can't be transferred to the cloud provider. B. Many states have data breach notification laws. C. Breaches can cause the loss of proprietary data. D. Breaches can cause the loss of intellectual property
A. State notification laws and the loss of proprietary data/intellectual property preexisted the cloud; only the lack of ability to transfer liability is new
Susan's organization is a cloud service provider that runs its hypervisor directly on the underlying hardware for its systems. What type of hypervisor is Susan running? A. Type 1 B. Type 2 C. Type 3 D. Type 4
A. Type 1 hypervisors run directly on the underlying hardware or the "bare metal," and Type 2 hypervisors run inside of another operating system, like Windows or Linux. There are no Type 3 or 4 hypervisors
Which of the following hypervisor types is most likely to be seen in a cloud provider's data center? A. Type 1 B. Type 2 C. Type 3 D. Type 4
A. Type 1 hypervisors, or "bare metal" hypervisors, are the most efficient form of hypervisor and the technology that is used in data center environments. Type 2 hypervisors generally run on personal computers. Type 3 and 4 hypervisors do not exist
Jim's organization wants to ensure that it has the right information available in case of an attack against its web server. Which of the following data elements is not commonly used and thus shouldn't be expected to be logged? A. The version of the executable run B. The service name C. The source IP address of the traffic D. The destination IP address of the traffic
A. Versions of executables for a service are not typically logged. While it may be useful to track patch status, versions of applications and services are not tracked via event logs. IP addresses for both source and destination for events and queries and the service name itself are often logged to identify what happened and where traffic was going.
Felix is planning for his organization's third-party audit process after recently switching to a cloud SaaS provider. What information will Felix most likely be unable to provide? A. Access logs B. Operating system logs C. Activity logs D. User and account privilege information
B. A software as a service environment will not be able to provide operating system logs to third-party auditors since the service provider is unlikely to provide them to customers. Access and activity logs as well as user and account privilege information are all likely to be available
Which of the following is not a common method of data discovery? A. Content-based B. User-based C. Label-based D. Metadata-based
B. All the others are valid methods of data discovery; user-based is a red herring with no meaning
The CIO of Gurvinder's company wants him to have its audit company perform an audit of its cloud infrastructure provider. Why are cloud infrastructure vendors unlikely to allow audits of their systems and infrastructure by customer-sponsored third parties? A. They do not want to have problems with their service identified. B. Audits may disrupt their other customers or lead to risks of data exposure for those customers. C. It is required for compliance with industry standard best practices. D. It would have to be reported as a potential data breach.
B. Allowing access to their environments for auditors has the potential to lead to disruption of service for the wide range of customers they support. If they allowed audits for their multitude of customers, they'd also be in a perpetual audit process, which is costly and time consuming. Organizations typically do want to identify problems with their service. Not allowing auditors access is not required by best practices and would not be reported as a data breach.
What is the hypervisor malicious attackers would prefer to attack? A. Type 1 B. Type 2 C. Type 3 D. Type 4
B. Attackers prefer Type 2 hypervisors because the OS offers more attack surface and potential vulnerabilities. There are no Type 3 or 4 hypervisors.
Countermeasures for protecting cloud operations against external attackers include all of the following except___________________. A. Continual monitoring for anomalous activity B. Detailed and extensive background checks C. Hardened devices and systems, including servers, hosts, hypervisors, and virtual machines D. Regular and detailed configuration/change management activities
B. Background checks are controls for attenuating potential threats from internal actors; external threats aren't likely to submit to background checks.
The generally accepted definition of cloud computing includes all of the following characteristics except ___________________. A. On-demand self-service B. Negating the need for backups C. Resource pooling D. Measured or metered service
B. Backups are still just as important as ever, regardless of where your primary data and backups are stored.
Ting sets a system up in her Amazon VPC that exists in a low-security, public internet-facing zone and also has an interface connected to a high-security subnet that is used to house application servers so that she can administer those systems. What type of security solution has she configured? A. A firewall hopper B. A bastion host C. A bridge D. A bailey system
B. Bastion hosts are used to connect from a lower-security zone to a higher-security zone. Ting has configured one to allow inbound access and will need to pay particular attention to the security and monitoring of the system. The remainder of the answers were made up for this question, although network bridges do exist.
All of these are characteristics of cloud computing except ___________________. A. Broad network access B. Diminished elasticity C. Rapid scaling D. On-demand self-service
B. Cloud services provide on-demand self-service, broad network access, rapid scalability, and increased (not decreased!) elasticity.
Naomi is working on a list that will include data obfuscation options for her organization. Which of the following is not a type of data obfuscation technique? A. Tokenization B. Data hiding C. Anonymization D. Masking
B. Data hiding is not a data obfuscation technique. It is used in programming to restrict data class access. Tokenization, masking, and anonymization are all obfuscation techniques.
Countermeasures for protecting cloud operations against internal threats include all of the following except___________________. A. Aggressive background checks B. Hardened perimeter devices C. Skills and knowledge testing D. Extensive and comprehensive training programs, including initial, recurring, and refresher sessions
B. Hardened perimeter devices are more useful at attenuating the risk of external attack.
Jaime wants to set up a tool that will allow him to capture and analyze attacker behavior, including command-line activity and uploaded toolkits targeted at systems in his environment. What type of tool should he deploy? A. A dark web B. A honeypot C. A network IPS D. A network IDS
B. Honeypots are intentionally vulnerable systems set up to capture attacker behavior and include tools to allow analysis. The phrase the dark web is used to describe TOR accessible, nonpublic internet sites. Network intrusion detection and prevention (IDS and IPS) systems can be used to detect attacks, and while they may capture information like uploaded toolkits, they won't capture command-line activities in most scenarios, since attackers encrypt the traffic containing the commands.
All of the following are techniques to enhance the portability of cloud data in order to minimize the potential of vendor lock-in except___________________. A. Avoiding proprietary data formats B. Using IRM and DLP solutions widely throughout the cloud operation C. Ensuring there are no physical limitations to moving D. Ensuring favorable contract terms to support portability
B. IRM and DLP are used for increased authentication/access control and egress monitoring, respectively, and would actually decrease portability instead of enhancing it.
Isaac wants to describe common information rights management (IRM) functions to his team. Which of the following is not a common IRM function? A. Persistency B. Crypto-shredding C. Automatic expiration D. Dynamic policy control
B. IRM tools should include all the functions listed except for crypto-shredding, which is typically associated with lifecycle management rather than rights management.
The cloud deployment model that features ownership by a cloud provider, with services offered to anyone who wants to subscribe, is known as ___________________. A. Private B. Public C. Hybrid D. Latent
B. In a public cloud model, the cloud service provider owns the resources and makes services available to any person or organization who wishes to use them.
Ben wants to implement tokenization for his organization's data. What will he need to be able to implement it? A. Authentication factors B. Databases C. Encryption keys D. Personnel
B. In order to implement tokenization, there will need to be two databases: the database containing the raw, original data and the token database containing tokens that map to original data. Having two-factor authentication is nice but certainly not required. Encryption keys are not necessary for tokenization. Two-person integrity does not have anything to do with tokenization.
Meena is conducting data discovery with data encoded in JSON. What type of data is she working with? A. Structured B. Semi-structured C. Super-structured D. Unstructured
B. JSON is an example of semi-structured data. Traditional databases are examples of structured data, unstructured data does not have labels or other categorization information built in, and super-structured data is not a term used for the CCSP exam
A poorly negotiated cloud service contract could result in all the following detrimental effects except___________________. A. Vendor lock-in B. Malware C. Unfavorable terms D. Lack of necessary services
B. Malware risks and threats are not affected by the terms of the cloud contract.
Mei wants to conduct data discovery activities in her organization. Which of the following types of data discovery is best suited for identifying all photos that were taken using a specific model of camera based on the original files generated by the camera? A. Label-based B. Metadata-based C. Extension-based D. Content-based
B. Most cameras generate metadata about the images they create. Mei can rely on the metadata embedded in the original image files to conduct the discovery that she needs through her organization's files.
Asha is configuring a virtualized environment and wants to back up a virtualized server, including its memory state. What type of backup should she perform? A. A full backup B. A snapshot C. An incremental backup D. A differential backup
B. Snapshots in virtual environments not only capture the current state of the machine, they also allow point-in-time restoration. Full, incremental, and differential backups back up the drive of a system but not the memory state.
Countermeasures for protecting cloud operations against internal threats at the provider's data center include all of the following except___________________. A. Separation of duties B. Least privilege C. Conflict of interest D. Mandatory vacation
C. Conflict of interest is a threat, not a control
Melissa knows that many data destruction options are not available for data kept in the cloud due to how the services are architected using shared hardware and services. Which of the following is the best option for her organization to select for cloud-hosted data that must be disposed of in a secure manner? A. Melting B. Crypto-shredding C. Zeroization D. Overwriting
B. Most cloud services don't provide physical ownership, control, or even access to the hardware devices holding the data, so physical destruction, including melting, is not an option. Overwriting and zeroization rely on access to a physical disk and only work when you can ensure that the entire disk or space containing the data will be overwritten, which cannot be guaranteed in a cloud-hosted, shared, and virtualized environment. Cryptoshredding is the only alternative in most cases when operating in the cloud.
Felix wants to monitor data transfers between two systems inside of his IaaS cloud-hosted data center. Which of the following audit mechanisms is unlikely to be available to him that is commonly available in on-premises environments? A. Log review B. Packet capture C. Data flow diagrams D. Log correlation
B. Packet capture is often impossible in cloud-hosted environments due to architectural and security reasons. Felix may want to identify another way to validate traffic flows for the data transfer.
Naomi has implemented a data archiving process as part of her organization's cloud design. What important part of her archiving plan should she prioritize to ensure its long-term success? A. Data classification B. Periodic testing C. Data mapping D. Hashing
B. Periodically testing data archiving, backup, and recovery capabilities is a key part of ensuring that they are successful in the long term. Classification and data mapping are useful to determine what should be archived and when it should be destroyed or discarded but are not critical to the success of the archiving process itself. Hashing is not critical to the archiving process, but it can be used to validate that data has not changed.
Which of the following is not a common cloud service model? A. Software as a service (SaaS) B. Programming as a service (PaaS) C. Infrastructure as a service (IaaS) D. Platform as a service (PaaS)
B. Programming as a service is not a common offering
Valerie's organization uses a security baseline as part of its systems configuration process. Which of the following is not a typical part of a baselining process? A. Limiting administrator access B. Removing anti-malware agents C. Closing unused ports D. Removing unnecessary services and libraries
B. Removing anti-malware agents is not a typical part of a baselining process. Installing one might be! Limiting administrator access, closing unused ports, and disabling unneeded services are all common baselining activities.
All of these are reasons an organization may want to consider cloud migration except ___________________. A. Reduced personnel costs B. Elimination of risks C. Reduced operational expenses D. Increased efficiency
B. Risks, in general, can be reduced but never eliminated; cloud service, specifically, does not eliminate risk to the cloud customer because the customer retains a great deal of risk after migration
We use which of the following to determine the critical paths, processes, and assets of an organization? A. Business requirements B. Business impact analysis (BIA) C. Risk Management Framework (RMF) D. Confidentiality, integrity, availability (CIA) triad
B. The business impact analysis is designed to ascertain the value of the organization's assets and learn the critical paths and processes.
What is the correct order of the phases of the data lifecycle? A. Create, Store, Use, Archive, Share, Destroy B. Create, Store, Use, Share, Archive, Destroy C. Create, Use, Store, Share, Archive, Destroy D. Create, Archive, Store, Share, Use, Destroy
B. The cloud data lifecycle is Create, Store, Use, Share, Archive, Destroy
Samuel wants to check what country a file was accessed from. What information can he use to make a guess as accurate as possible, given information typically available in log entries? A. The username B. The source IP address of the request C. The destination IP address of the request D. The hostname
B. The source IP address of a request combined with a geolocation or geoIP service will provide the best guess at where in the world the request came from. This can be inaccurate due to VPNs and other technologies, but having information contained in logs will provide Samuel with the best chance of identifying the location. Hostnames and usernames do not provide location data reliably.
Valerie wants to be able to refer to data contained in a database without having the actual values in use. What obfuscation technique should she select? A. Masking B. Tokenization C. Anonymization D. Randomization
B. Tokenization replaces data with tokens, allowing referential integrity while removing the actual sensitive data. Masking replaces digits with meaningless characters. Randomization replaces data with randomized information with similar characteristics, preserving the ability to test with the data while attempting to remove any sensitivity, and anonymization removes potentially identifying data.
Yarif's organization wants to process sensitive information in a cloud environment. The organization is concerned about data throughout its lifecycle. What protection should it select for its compute elements if security is a priority and cost is less important? A. Memory encryption B. Dedicated hardware instances C. Shared hardware instances D. Avoiding installing virtualization tools
B. Using dedicated hardware instances, while expensive, is the most secure option for protecting compute from potential side channel attacks or attacks against the underlying hypervisor layer for cloud-hosted systems. Memory encryption may exist at the hypervisor level, but cloud providers do not typically make this an accessible option, and virtualization tools are not a major security benefit or detractor in this scenario.
What is the term used to describe loss of access to data because the cloud provider has ceased operation? A. Closing B. Vendor lock-out C. Vendor lock-in D. Masking
B. Vendor lock-in is the result of a lack of portability, for any number of reasons. Masking is a means to hide raw datasets from users who do not have a need to know. Closing is a nonsense term in this context.
Sarah is continuing her data labeling efforts and has received suggestions for appropriate data labels for data that will be used in multiple countries in which her company operates as part of ongoing security and data lifecycle efforts. Which of the following is not a label that would help with that usage? A. Source B. Language C. Handling restrictions D. Jurisdiction
B. While language may be useful for internal practices, it is not useful for lifecycle management or security functions. The source of the data, any handling restrictions, and the jurisdiction in which the data was collected or used are all useful when dealing with data that may move between different countries.
All of the following methods can be used to attenuate the harm caused by escalation of privilege except___________________. A. Extensive access control and authentication tools and techniques B. Analysis and review of all log data by trained, skilled personnel on a frequent basis C. Periodic and effective use of cryptographic sanitization tools D. The use of automated analysis tools such as SIM, SIEM, and SEM solutions
C. Cryptographic sanitization is a means of reducing the risks from data remanence, not a way to minimize escalation of privilege.
Michelle wants to securely store her organization's secrets using a cloud service. What tool should she select? A. TPM as a service B. GPG as a service C. HSM as a service D. SSD as a service
C. A hardware security module (HSM) service will provide the functionality Michelle is looking for. A TPM, or trusted platform module, is associated with local system security rather than for organization-wide secrets storage and management. GPG is an encryption package and won't do what she needs, and SSDs are storage devices, not encryption management tools.
Yasine's organization wants to enable systems to use data controlled by an IRM. What method is most commonly used to identify systems while allowing them to have their trust revoked if needed? A. LEAP authentication B. Multifactor authentication C. Certificate-based authentication and authorization D. TACACS
C. Certificates are commonly used to allow systems to authenticate and receive authorization to access data through an IRM system. Multifactor authentication typically requires an event and human interaction, making it less useful for system-based accesses. Neither TACACS nor LEAP is used for this purpose.
Selah wants to securely store her organization's encryption keys. What solution should she ask her cloud service provider about? A. A PKI B. A DLP C. A cloud HSM D. A CRL
C. Cloud hardware security modules, or HSMs, are used to create, store, and manage encryption keys and other secrets. Selah should ask her cloud service provider if they have an HSM service or capability that suits her organization's needs. A PKI is a public key infrastructure and is used to create and manage certificates, a DLP is a data loss prevention tool, and a CRL is a certificate revocation list.
Sensitivity, jurisdiction, and criticality might all be considered for what cloud data security activity? A. Crypto-shredding B. Data flow diagramming C. Classification D. Tokenization
C. Data classification activities often use sensitivity, jurisdiction, and criticality as inputs to determine the classification level of data for an organization. Crypto-shredding is a process used to destroy data, which may be required by classification at the end of its lifecycle. Data flow diagramming might note the classification level, but it's unlikely to show this level of detail, and tokenization is used to substitute nonsensitive data elements for sensitive data elements to allow processing without the potential for data leakage
Yasmine's organization has identified data masking as a key security control. Which of the following functions will it provide? A. Secure remote access B. Enforcing least privilege C. Testing data in sandboxed environments D. Authentication of privileged users
C. Data masking is very useful when testing. It doesn't provide features that help with remote access, least privilege, or authentication
All of the following are cloud computing risks in a multitenant environment except___________________. A. Risk of loss/disclosure due to legal seizures B. Information bleed C. DDoS D. Escalation of privilege
C. DoS/DDoS threats and risks are not unique to the multitenant architecture.
Countermeasures for protecting cloud operations against internal threats include all of the following except___________________. A. Active physical surveillance and monitoring B. Active electronic surveillance and monitoring C. Redundant ISPs D. Masking and obfuscation of data for all personnel without need to know for raw data
C. ISP redundancy is a means to control the risk of externalities, not internal threats
Megan is documenting roles as part of the implementation of her organization's data classification policy. Her organization uses a software as a service tool to accept applications from customers. What term best describes the SaaS vendor? A. A data custodian B. A data owner C. A data processor D. A data steward
C. In legal terms, when data processor is defined, it refers to anyone who stores, handles, moves, or manipulates data on behalf of the data owner or controller. In the cloud computing realm, particularly with software as a service tools, this is the cloud service provider
You are considering purchasing an e-commerce system where the cloud provider runs a hosted application on their own servers. What cloud service category is the provider offering? A. IaaS B. PaaS C. SaaS D. FaaS
C. In software as a service (SaaS) offerings, the public cloud provider delivers an entire application to its customers. Customers don't need to worry about processing, storage, networking, or any of the infrastructure details of the cloud service. The vendor writes the application, configures the servers, and basically gets everything running for customers who then simply use the service
Charles is working with internal auditors to review his organization's cloud infrastructure. Which of the following is not a common goal of internal audits? A. Testing operational integrity B. Improving practices C. Providing attestation of compliance to a standard to a third party D. Validating practices against an industry standard
C. Internal audits typically attempt to test operational integrity and to identify areas for improvement. They may also validate practices against an industry standard. They are not typically done to provide attestations to third parties.
Tej wants to conduct data discovery across his organization's databases; however, he knows that data is stored in multiple countries. What concern should he raise before the discovery process is conducted? A. Structured data is harder to conduct discovery on. B. The discovery process may create a denial of service condition on the database servers. C. Jurisdiction and local laws may impact the ability to perform discovery. D. Unstructured data is harder to conduct discovery on
C. Jurisdiction and local law may create concerns for data discovery. Some data may require specific handling and needs to be accounted for before discovery and related actions are taken. Structured data is typically easier to conduct discovery against due to its well understood nature. While it is possible that the discovery process could overload database servers, Tej should be able to configure his discovery tools to not create issues and should monitor them when they are run.
Susan wants to ensure that files containing credit card numbers are not stored in her organization's cloud-based file storage. If she deploys a DLP system, what method should she use to identify files with credit card numbers to have the best chance of finding them, even if she may encounter some false positives? A. Manually tag files with credit card numbers at creation. B. Require users to save files containing credit card numbers with specific file-naming conventions. C. Scan for credit card numbers based on a pattern match or algorithm. D. Tag files with credit card numbers at destruction.
C. Scanning for credit card numbers using the DLP tool and a pattern match or algorithm is most likely to find all occurrences of credit card numbers, despite some false positives. Tagging files that have credit card numbers manually is likely to be error prone, finding them at destruction or deletion won't help during the rest of the lifecycle, and of course requiring users to use specific filenames is likely to lead to mistakes as well.
Nina's company has stored unstructured data in an S3 bucket in AWS. She wants to perform data discovery on the data, but the discovery tool that she has requires the data to be local. What concern should Nina express about retrieving large volumes of data from a cloud service? A. Performance may be low. B. Data ingress costs may be high. C. Data egress costs may be high. D. The data will need to be structured before discovery can run.
C. Moving large volumes of data from a cloud service can result in high egress fees. Nina may want to analyze the data using a tool in the same cloud as the data. There are no indications of issues that may cause low performance for retrieving the data, ingress costs are typically lower with cloud vendors because they have a desire for customers to bring their data and use storage services, and the data is unstructured and there is nothing in the question to indicate a need to structure it before analysis.
After a cloud migration, the BIA should be updated to include a review of the new risks and impacts associated with cloud operations; this review should include an analysis of the possibility of vendor lock-in/lock-out. Analysis of this risk may not have to be performed as a new effort because a lot of the material that would be included is already available from which of the following? A. NIST B. The cloud provider C. The cost-benefit analysis the organization conducted when deciding on cloud migration D. Open-source providers
C. NIST offers many informative guides and standards but nothing specific to any one organization. The cloud provider will not have prepared an analysis of lock-out/lock-in potential. Open-source providers can offer many useful materials but, again, nothing specific to the organization
Mark has set up a series of tasks that make up a workflow to ensure that his cloud-hosted web application environment scales, updates, and maintains itself. What cloud management plane feature is he leveraging? A. Maintenance B. Scheduling C. Orchestration D. Virtualization
C. Orchestration describes the broad set of capabilities that allow automated task-based control of services, processes, or workflows. It can handle maintenance and uses scheduling, but its uses are broader than both. Virtualization is a key component of the cloud, but does not describe this specific use appropriately.
Liam wants to store the private keys used to generate certificates for his organization. What security level should he apply to those keys? A. The highest level of security possible. B. The same or lower than the data the certificates protect. C. The same or greater than the data that the certificates protect. D. Private keys can be shared without issues
C. Private keys used for certificates should be stored at the same or greater level of protection than that of the data that they're used to protect. Private keys should not be shared; public keys are intended to be shared. The highest level of security possible may be greater than the needed level of security depending on the organization's practices and needs.
________ drive security decisions. A. Customer service responses B. Surveys C. Business requirements D. Public opinion
C. Security is usually not a profit center and is therefore beholden to business drivers; the purpose of security is to support the business
Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind? A. Malware B. Loss/theft of portable devices C. Backdoors D. DoS/DDoS
C. Software developers often install backdoors as a means to avoid performing entire work flows when adjusting the programs they're working on; they often leave backdoors behind in production software, inadvertently or intentionally.
Wei's organization uses Lambda functions as part of a serverless application inside of its Amazon-hosted environment. What storage type should Wei consider the storage associated with the instances to be? A. Long-term B. Medium term C. Ephemeral D. Instantaneous
C. The CCSP Exam Outline (Candidate Information Bulletin) describes three types of storage: long term, ephemeral, and raw. Lambda functions use storage that will be destroyed when they are re-instantiated, making this storage ephemeral storage.
Naomi's organization has adopted the CIS security controls for Windows. What type of solution have they adopted? A. A SOC template B. An ISO standard C. A security baseline D. A NIST standard
C. The CIS security controls are a security baseline adopted by many organizations. Naomi's organization should still review and modify the controls to match its needs. SOC is an auditing report type, and both ISO and NIST provide standards, but the CIS security controls aren't ISO or NIST standards.
Sara is planning to implement data labeling for her organization. Which of the following is not a data label field that she should consider? A. Date data was created B. Data owner C. Data value D. Date of scheduled destruction
C. The data creation date, the data owner, and the date of scheduled destruction might be included in data labels, but we don't usually include data value because it is prone to change frequently and it might not be information we want to disclose to anyone who does not have a need to know.
Greg has implemented logging for his company's worldwide web services implementation running in Azure. What concern should Greg address when he enables logging of all web requests? A. Data lifecycle planning B. Secrets management C. Log volume D. Geolocation of log events
C. The first concern Greg will need to address with a large-scale web application environment with logging of all web requests is the sheer volume of the data captured. Once he has addressed how his organization will store, analyze, and act on those log entries, he can think more fully about the lifecycle and life span of the data. Geolocation can be performed with IP addresses in the logs, and secrets management may be required for services, but isn't a primary concern in this scenario.
Amanda downloads VeraCrypt, a free, open-source disk encryption software package. When she downloads the software, she sees the following information on the downloads page: What will she need to validate the signature and ensure that the software is legitimate? A. VeraCrypt's private key B. Her private key C. VeraCrypt's public key D. Her public key
C. To validate the software, she'll need VeraCrypt's public key. Fortunately, VeraCrypt provides the key and the signatures on the same page for easy access.
Jason wants to properly describe the type of data his organization is using. He knows that the data is stored in a MySQL database. What type of data is Jason's organization storing? A. Unstructured data B. Tabular data C. Structured data D. Warehoused data
C. Traditional databases like MySQL are used to contain structured data. Unstructured data isn't stored in a defined format. Tabular data and warehoused data are not terms used for the CCSP exam.
When a cloud customer uploads personally identifiable information (PII) to a cloud provider, who is ultimately responsible for the security of that PII? A. Cloud provider B. Regulators C. Cloud customer D. The individuals who are the subjects of the PII
C. Under current laws in most jurisdictions, the data owner is responsible for any breaches that result in unauthorized disclosure of PII; this includes breaches caused by contracted parties and outsourced services. The data owner is the cloud customer
Stanislaw wants to use log information to create accountability for data events. Which of the following data elements would be most useful for his purpose? A. Time stamps B. Host IP addresses C. UserIDs D. Certificate IDs
C. UserIDs are the most useful of these data elements when determining accountability for actions. If a UserID is paired with log entries, the individual (or at least their account) undertook the action in the log. Time stamps and host IP addresses are both useful, but without a UserID, they don't contain enough information to identify who performed the action. Certificate IDs may or may not be relevant depending on system and infrastructure design
The risk that a customer might not be able to switch cloud providers at a later date is known as ___________________. A. Vendor closure B. Vendor lock-out C. Vendor lock-in D. Vendor synchronization
C. Vendor lock-in occurs when technical or business constraints prevent an organization from switching from one cloud vendor to another.
Chris is using a third-party vulnerability scanning application in his cloud-hosted environment. Which of the following issues is he unlikely to be able to detect with a vulnerability scanner? A. Malware B. Defined vulnerabilities C. Zero-day exploits D. Programming flaws
C. Vulnerability scanners can't detect zero-day exploits because they won't have detection rules or definitions for them. Zero-day exploits haven't been announced or detected and thus won't be part of their library. Malware, known vulnerabilities, and programming flaws may all be detected by vulnerability scanners.
Rhonda is outlining the threats to her cloud storage environment. Which of the following is not a common threat to cloud storage? A. Credential theft or compromise B. Infection with malware or ransomware C. Privilege reuse D. Human error
C. While privilege escalation is a concern, privilege reuse is not a typical threat. Privileged users will use their credentials as appropriate or necessary. Credential theft or compromise, infection with malware, and human error are all common threats to both cloud and onpremises storage
Alaina wants to ensure that her system instances for a web application hosted in her cloud data center have proper security for data at rest. What solution should she select to help ensure this? A. Disk or volume hashing B. Use only ephemeral disks or volumes C. Use read-only disks or volumes D. Disk or volume encryption
D. Alaina's best option to secure data at rest in the cloud for virtualized systems is to use disk or volume encryption. Hashing is one way, but it doesn't make sense for data storage. Ephemeral disks or volumes may be associated with instances that have a short life span, but they should still be encrypted, and read-only disks could still be exposed.
Best practices for key management include all of the following except___________________. A. Having key recovery processes B. Maintaining key security C. Passing keys out of band D. Ensuring multifactor authentication
D. All of these are key management best practices except for requiring multifactor authentication. Multifactor authentication might be an element of access control for keys, but it is not specifically an element of key management.
All policies within the organization should include a section that includes all of the following except ___________________. A. Policy maintenance B. Policy monitoring C. Policy enforcement D. Policy transference
D. All the elements except transference need to be addressed in each policy. Transference is not an element of data retention policy.
If a cloud customer cannot get access to the cloud provider, this affects what portion of the CIA triad? A. Integrity B. Authentication C. Confidentiality D. Availability
D. Availability concerns arise when legitimate users are unable to gain authorized access to systems and information. The scenario described here is depriving a legitimate user access and is, therefore, an availability concern
Lisa's organization installs virtualization tools on each virtual machine it sets up. Which of the following is not a common function of virtualization tools? A. Access to sound and video cards B. Mapping storage C. Improved networking D. Control of the underlying host operating system
D. Common functionality of guest OS tools include mapping storage; supporting improved networking; and video output, sound, or input capabilities. They don't usually allow control of the underlying host operating system
What is the term we use to describe the general ease and efficiency of moving data from one cloud provider to another cloud provider or down from the cloud? A. Mobility B. Elasticity C. Obfuscation D. Portability
D. Elasticity is the name for the benefit of cloud computing where resources can be apportioned as necessary to meet customer demand. Obfuscation is a technique to hide full raw datasets, either from personnel who do not have a need to know or for use in testing. Mobility is not a term pertinent to the CBK
Charles wants to ensure that files in his cloud file system have not been changed. What technique can he use to compare files to determine if changes have been made? A. Obfuscation B. Masking C. Tokenization D. Hashing
D. Hashes can be created for both original copies and current copies and can be compared. If the hashes are different, the file has changed. Obfuscation, masking, and tokenization all describe methods of concealing data to prevent misuse.
The cloud deployment model that features joint ownership of assets among an affinity group is known as ___________________. A. Private B. Public C. Hybrid D. Community
D. In a community cloud model, customers all share a common characteristic or affinity and join together to create a cloud computing environment
You are working on a governance project designed to make sure the different cloud services used in your organization work well together. What goal are you attempting to achieve? A. Performance B. Resiliency C. Reversibility D. Interoperability
D. Interoperability is the ability of cloud services to function well together. Resiliency is the ability of the cloud infrastructure to withstand disruptive events. Performance is the ability of the cloud service to stand up to demand. Reversibility is the ability of a customer to undo a move to the cloud.
Jaime has been informed of legal action against his company and must now ensure that data relevant to the case is kept. What term describes this? A. Legal retention B. Legal archiving C. Court hold D. Legal hold
D. Legal holds require organizations and individuals to retain data relevant to a court case. Organizations cannot follow their normal data destruction and lifecycle practices when data is impacted by a legal hold.
Jason wants to validate that the open-source software package he has downloaded matches the official release. What technique is commonly used to validate packages? A. Encryption B. Rainbow tables C. Decryption D. Hashing
D. MD5 or SHA1 hashing is often used to check the hash of downloaded software against a published official hash for the package or software. Encryption and decryption are not used for validation, and rainbow tables are used for password cracking
The goals of SIEM solution implementations include all of the following except___________________. A. Centralization of log streams B. Trend analysis C. Dashboarding D. Performance enhancement
D. SIEM is not intended to provide any enhancement of performance; in fact, a SIEM solution may decrease performance because of additional overhead. All the rest are goals of SIEM implementations.
Countermeasures for protecting cloud operations against internal threats at the provider's data center include all of the following except___________________. A. Broad contractual protections to make sure the provider is ensuring an extreme level of trust in its own personnel B. Financial penalties for the cloud provider in the event of negligence or malice on the part of its own personnel C. DLP solutions D. Scalability
D. Scalability is a feature of cloud computing, allowing users to dictate an increase or decrease in service as needed, not a means to counter internal threats.
Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except___________________. A. The cloud provider's suppliers B. The cloud provider's vendors C. The cloud provider's utilities D. The cloud provider's resellers
D. The cloud provider's resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer.
The various models generally available for cloud BC/DR activities include all of the following except___________________. A. Private architecture, cloud backup B. Cloud provider, backup from same provider C. Cloud provider, backup from another cloud provider D. Cloud provider, backup from private provider
D. This is not a normal configuration and would not likely provide genuine benefit
Hrant wants to ensure that traffic inside of his organization's Azure Virtual Network (VNet), Azure's basic building block for customer IaaS instances. What should he do to protect it? A. VNet traffic is already secure; he does not need to do anything. B. Set up VPN tunnels between each system. C. Set up and use a bastion host for all secure traffic. D. Use end-to-end encryption for all communications
D. While virtual networks in cloud environments are typically well isolated, Hrant's best choice is to use end-to-end encryption for all communications. A VPN for each system is impractical, and bastion hosts are used to provide access from less secure to more secure zones or networks.