Section 5: Understanding Cloud Service Model Security Responsibilities
Which three of the following are public cloud providers? (Choose three.) A. Amazon (Amazon Web Services) B. Facebook C. Google Cloud D. Walmart E. Rackspace F. Cisco
A. Amazon (Amazon Web Services) C. Google Cloud E. Rackspace
Which three options are benefits to adopting cloud computing? (Choose three.) A. decrease in capital costs but increase in operating costs B. scalability and elasticity C. better hardware available to purchase D. reliability E. more IT professionals on staff F. increase in capital costs but decrease in operating costs
A. decrease in capital costs but increase in operating costs B. scalability and elasticity D. reliability
What are the two general categories of Cloud Access Security Broker (CASB) architecture? A. inline and out-of-band B. Inline and proxy C. log-based and proxy D. API-based and log-based
A. inline and out-of-band
Which of the following is true regarding security responsibilities in a private cloud deployment? A. A cloud consumer does not have any security responsibilities when using private cloud services. B. A cloud consumer can still shift security responsibilities when using private cloud, by hiring a company that will deploy and manage their private cloud. C. All security responsibilities for private cloud must stay with the company in question. D. Private cloud deployments do not have security considerations since they are within a company's firewall.
B. A cloud consumer can still shift security responsibilities when using private cloud, by hiring a company that will deploy and manage their private cloud.
What is a disadvantage of an API-based CASB approach? A. If the application developer has not written an API, the CASB solution cannot integrate with the application. B. If the application developer has not written an API, it is up to each customer to write their own APIs for the application. C. API-based CASB solutions must be in the data path between the client and application. D. API-based CASB solutions must be deployed by the application developer to integrate with the customer's API-based CASB solution
B. If the application developer has not written an API, it is up to each customer to write their own APIs for the application.
Which two organizations published cloud reference architectures? (Choose two.) A. International Organization for Standardization (ISO) B. National Institute of Standards & Technology (NIST) C. Federal Risk and Authorization Management Program (FedRAMP) D. International Electrotechnical Commission (IEC) E. Cloud Security Alliance (CSA)
B. National Institute of Standards & Technology (NIST) E. Cloud Security Alliance (CSA)
Which three statements are true regarding an SaaS solution? (Choose three.) A. The customer is responsible for the physical hardware. B. The provider is responsible for the physical hardware. C. The customer is responsible for application level security. D. The provider is responsible for application level security. E. The customer has all the network security responsibilities. F. The provider has all the network security responsibilities.
B. The provider is responsible for the physical hardware. D. The provider is responsible for application level security. F. The provider has all the network security responsibilities.
What are two reasons that a company might choose a public cloud deployment? (Choose two.) A. Strict data security requirements mean that all data must stay within the company. B. There are no data security requirements. C. A company does not have the resources available for a large, dedicated IT staff. D. A company employs, and wants to keep employed, a large IT staff. E. A company already owns a lot of hardware and wants to utilize it.
B. There are no data security requirements. C. A company does not have the resources available for a large, dedicated IT staff.
Which option best defines user and entity behavior analytics (UEBA)? a way to view detailed user activity on an endpoint, primarily used for A. auditing and compliance B. identifying behavior on the network, adding context to that behavior, and determining a best guess at the intention of the behavior C. monitoring data traffic between IP-enabled IoT devices like printers, robotic arms, and cameras D. user tracking to determine the geolocation of individuals at the point-in-time of compromise on an endpoint E. matching an IP address to the user identity
B. identifying behavior on the network, adding context to that behavior, and determining a best guess at the intention of the behavior
Which statement is true regarding security requirements and the use of hybrid cloud computing? A. In hybrid cloud computing, the customer always assumes full security responsibility for the cloud services they use. B. In hybrid cloud computing, the cloud provider takes all security responsibilities for the customer. C. Hybrid cloud security requirements are the same for all cloud services used. D. The security requirements in a hybrid cloud deployment vary greatly, so the customer must keep up with what they are responsible for and what security responsibilities they are outsourcing.
D. The security requirements in a hybrid cloud deployment vary greatly, so the customer must keep up with what they are responsible for and what security responsibilities they are outsourcing.
In a software as a service (SaaS) use model, the customer is responsible for which component? A. hardware B. physical networking and storage C. operating system D. application data E. application software F. The customer is not responsible for any of the components.
F. The customer is not responsible for any of the components.
Which two of the following best define scalability and elasticity? (Choose two.) A. provisioning cloud resources rapidly B. better reliability C. decommissioning cloud resources quickly after they are no longer needed D. better visibility into cloud usage E.more computing power
A. provisioning cloud resources rapidly C. decommissioning cloud resources quickly after they are no longer needed
Which three statements are true regarding a PaaS solution? (Choose three.) A. The customer is responsible for the physical hardware. B. The provider is responsible for the physical hardware. C. The customer is responsible for the application and its data, and the application being used securely. D. The provider is responsible for the application and its data, and the application being used securely. E. The provider has network infrastructure security responsibilities.
B. The provider is responsible for the physical hardware. C. The customer is responsible for the application and its data, and the application being used securely. E. The provider has network infrastructure security responsibilities
Which four statements are true regarding an IaaS solution? (Choose four.) A. The customer is responsible for the physical hardware. B. The provider is responsible for the physical hardware. C. The customer is responsible for the operating system and application level security. D. The provider is responsible for the operating system and application level security. E. The customer has virtual networking components security responsibilities. F. The provider has network infrastructure security responsibilities.
B. The provider is responsible for the physical hardware. C. The customer is responsible for the operating system and application level security. E. The customer has virtual networking components security responsibilities. F. The provider has network infrastructure security responsibilities.
In which scenario would a company most likely choose a hybrid cloud deployment? A. A company has strict data security requirements and cannot allow any of their data to leave their network. B. A company wants to minimize their IT staff and does not have any security requirements that prevent them from fully utilizing cloud services outside of their company. c. A company has strict security requirements on a portion of their operating data; however, there is data and communication that can leave their network. D. A company wants to host all the cloud services they use in-house.
C. A company has strict security requirements on a portion of their operating data; however, there is data and communication that can leave their network.
In the Infrastructure as a Service (IaaS) model, the customer is responsible for which three components? (Choose three.) A. hardware B. physical networking and storage C. operating system D. application data E. application software
C. operating system D. application data E. application software
Which option best describes the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR)? A. regulations that protect customer data B. a document providing general information about secure use of cloud computing C. detailed information about security standards and regulations D. an assessment of cloud security best practices and whether cloud providers abide by them
D. an assessment of cloud security best practices and whether cloud providers abide by them
