Domain 3
A bare-metal hypervisor is Type ________. 1 2 3 4
1
What is the optimal number of entrances to the cloud data center campus? 1 2 3 4
1
A Type ________ hypervisor is probably more difficult to defend than other hypervisors. 1 2 3 4
2
A hypervisor that runs inside another operating system is a Type _________hypervisor. 1 2 3 4
2
In order to support all aspects of the CIA triad, all of the following aspects of a cloud data center need to be engineered with redundancies except ___________. Power supply HVAC Administrative offices ISP/connectivity lines
Administrative offices
When a customer preforms a penetration test in the cloud, why isn't the test an optimum simulation of attack conditions? Attackers don't use remote access for cloud activity Advanced notice removes the element of surprise When cloud customers use malware, it's not the same as when attackers use malware Regulator involvement changes the attack surface
Advanced notice removes the element of surprise
In addition to the security offered by the cloud provider, a cloud customer must consider the security offered by ___________. The respective regulator The end user Any vendor the cloud customer previously used in the on-premises environment Any third parties the provider depends on
Any third parties the provider depends on
Using a virtual machine baseline image could be very useful for which of the following options? Physical security Auditing Training Customization
Auditing
What is the process of granting access to resources? Identification Authentication Authorization Federation
Authorization
Which of the following controls would be useful to build into a VM baseline image for a cloud environment? GPS tracking/locator Automated vulnerability scan on system startup Access control list of authorized personnel Write protection
Automated vulnerability scan on system startup
Which of the following controls would be useful to build a VM baseline image for a cloud environment? Automatic registration with the configuration management system Enhanced user training and awareness media Mechanisms that prevent the file from being copied Keystroke loggers
Automatic registration with the configuration management system
Using one cloud provider for your operational environment and another for your BCDR backup will also give you the additional benefit ________. Allowing any custom VM builds you to use to be instantly ported to another environment Avoiding vendor lock-in/lock-out Increased performance Lower cost
Avoiding vendor lock-in/lock-out
It is best to use variables in _______. Baseline configurations Security control implementations Contract language BCDR test
BCDR test - mix up the scenarios that will be tested
Cloud administration almost necessarily violates the principles of the ____________ security model. Brewer-Nash (Chinese wall) Graham-Denning Bell-LaPadula Biba
Brewer-Nash (Chinese wall)
Which of these determines the critical assets, recovery time objective, and recover point objective for BCDR purposes? Business drivers User input Regular mandate Industry standards
Business drivers
What artifact - which should already exist within the organization - can be used to determine the critical assets necessary to protect in the BCDR activity? Quantitative risk analysis Qualitative risk analysis Business impact analysis Risk appetite
Business impact analysis
When discussing the cloud, we often segregate the data center into the terms compute, storage and networking. Compute is made up of _________ and _________. Routers; hosts APIs; Northbound Interface CPU; RAM Virtualized; actual hardware devices
CPU; RAM
Which of the following is probably the most important element to address if your organization is using two different cloud providers for the production and BCDR environments? Do they cost the same? Do they have similar facility protections in place? What level of end-user support do they offer? Can the backup provider meet the same SLA requirements of the primary?
Can the backup provider meet the same SLA requirements of the primary?
All of the following can be used to properly apportion cloud resources except __________. Reservations Shares Cancellations Limits
Cancellations
Which of the following can enhance application portability? Using the same cloud provider for the production environment and archiving Conducting service trails in an alternate cloud provider environment Providing cloud-usage training for all users Tuning web application firewalls to detect anomalous activity in inbound communications
Conducting service trails in an alternate cloud provider environment - which is testing and important to make sure applications will work in the new environment
The BCDR plan/policy should include all of the following except ________. Tasking for the office responsible for maintaining/enforcing the plan Contact information for essential entities, including BCDR personnel and emergency services agencies Copies of the laws/regulations/standards governing specific elements of the plan Checklists for BCDR personnel to follow
Copies of the laws/regulations/standards governing specific elements of the plan
Industry best practices dictate that cloud customers do not __________. Create their own IAM solutions Create contract language that favors them over the provider Retrain personnel for cloud operations Encrypt data before it reaches the cloud
Create their own IAM solutions
A process for __________ can aid in protecting against data disclosure due to lost devices. User punishment Credential revocation Law enforcement notification Device tracking
Credential revocation
A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to review each other, for compliance with security governance and standards they all find acceptable, what is this federation model called? Cross-certification Proxy Single sign-on Regulated
Cross-certification - aka as the "web of trust"
Of the following control techniques/solutions, which can be combined to enhance the protections offered by each? Razor tape/background checks Least privilege/generators DLP/DRM Personnel badging/secure baselines
DLP/DRM
Of the following control techniques/solutions, which can be combined to enhance the protections offered by each? Fence/firewalls Asset inventories/personnel training Data dispersion/encryption Intrusion prevention solutions/intrusion detection solutions
Data dispersion/encryption
A fundamental aspect of security principles, ________ should be implemented in the cloud as well as in legacy environment. Continual uptime Defense in depth Multifactor authentication Separation of duties
Defense in depth
All security controls necessarily _____________. Are expensive Degrade performance Require senior management approval Will work in the cloud environment as well as they worked in the legacy environment
Degrade performance
Software-defined networking (SDN) allows network administrators/architects to perform all the following functions except ________. Reroute traffic based on current customer demand Create logical subnets without having to change any actual physical connections Filter access to resources based on specific rules or settings Deliver streaming media content in an efficient manner by placing it closer to the end user
Deliver streaming media content in an efficient manner by placing it closer to the end user
In a managed cloud services arrangement, who invokes a BCDR action? The cloud provider The cloud customer Depends on the contract Any user
Depends on the contract
A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to use the web of trust model for federation, who is/are the identity providers? Each organization A trusted third party The regulator overseeing their industry All of their patients
Each organization
A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to use the web of trust model for federation, who is/are the service providers? Each organization A trusted third party The regulator overseeing their industry All of their patients
Each organization
___________ is/are probably the main cause of virtualization sprawl. Malicious attackers Lack of provider controls Lack of customer controls Ease of use
Ease of use
Best practice for planning the physical resiliency for a cloud data center facility includes _________. Having one point of egress for personnel Ensuring that any cabling/connectivity enters the facility from different sides of the building/property Ensuring that all parking areas are jear generators so that personnel in high-traffic areas are always illuminated by emergency lighting, even when utility power is not available Ensuring that the foundation of the facility is rated to withstand earthquake tremors
Ensuring that any cabling/connectivity enters the facility from different sides of the building/property
Risk assessment is the responsibility of ____________. Companies offering managed cloud services Regulatory bodies Every organization Legislative entities
Every organization
Typically, SSDs are ____________. Harder to install than magnetic memory Faster than magnetic drives Harder to administer than tape libraries More likely to fail than spinning platters
Faster than magnetic drives
It is possible for the cloud customer to transfer ________ risk to the provider, but the cloud customer always retains ultimate legal risk. Market Perception Data Financial
Financial
Which entity can best aid the organization in avoiding vendor lock-in? Senior management The IT security office General counsel The cloud security representative
General counsel - they are the ones that are going to write the contract language
Of the following options, which is a reason cloud data center audits are often less trustworthy than legacy audits? Data in the cloud can't be audited Controls in the cloud can't be audited Getting physical access can be difficult There are no regulators for cloud operations
Getting physical access can be difficult
You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. Your organization has its production environment hosted by a cloud provider, and you have appropriate protections in place. Which of the following is a significant consideration for your BCDR backup? Enough personnel at the BCDR recovery site to ensure proper operations Good cryptographic key management Access to the servers where the BCDR backup is stored Forensic analysis capabilities
Good cryptographic key management
What is the term that describes the situation when a malicious user/attacker can exit the restrictions of a VM and access another VM residing on the same host? Host escape Guest escape Provider exit Escalation of privileges
Guest escape
A group of clinics decides to create an identification federation for their users (medical providers and clinicians). In this federation, all of the participating organizations would need to be in compliance with what US federal regulations? GLBA FMLA PCI DSS HIPAA
HIPAA
Which organizational entity usually performs the verification part of the provisioning element of the identification process? IT Security HR Sales
HR
Which of the following is a device specially purposed to handle the issuance, distribution, and storage of cryptographic keys? Key management box Hardware security module Ticket-granting ticket Trusted computing base
Hardware security module
You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. Which of the following strategies is an optimum technique to avoid major issues? Have another full backup of the production environment prior to the test Assign all personnel roles to perform during the test Have the cloud provider implement a simulated disaster at a random moment in order to maximize realistic testing Have your regulators present at the test so they can monitor performance
Have another full backup of the production environment prior to the test
What is the term that describes the situation when a malicious user/attacker can exit the restrictions of a single host and access other nodes on the network? Host escape Guest escape Provider exit Escalation of privileges
Host escape
Orchestrating resource calls is the job of the _________. Administrator Router VM Hypervisor
Hypervisor
Resolving resource contentions in the cloud will most likely be the job of the _____________. Router Emulator Regulator Hypervisor
Hypervisor - Hypervisor is the orchestrator of resources
If the cloud is used for BCDR purposes, the loss of ______ could gravely affect your organization's RTO (recovery time objective). The cloud server A specific VM Your policy and contract documentation ISP connectivity
ISP connectivity
A user signs on to a cloud-based social media platform. In another browser tab, the user finds an article worth posting to the social media platform. The user clicks on the platform's icon listed on the article's website, and the article is automatically posted to the user's account on the social media platform. This is an example of what? Single sign-on Insecure direct identifiers Identity federation Cross-site scripting
Identity federation
In addition to BCDR, what other benefit can your data archive/backup provide? Physical security enforcement Access control methodology Security control against data breach Identity management testing
Identity management testing - "Reach back" capability to add users in recovering accidently deleted data
Where should multiple egress points be included? At the power distribution substation Within the data center In every building on the campus In the security operations center
In every building on the campus - health and human safety
What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another user's virtual machine? Unauthorized data disclosure Inference attacks Social engineering Physical intrusion
Inference attacks
DDoS attacks do not affect __________ for cloud customers. Productivity Availability Connectivity Integrity
Integrity
Which of the following can enhance data portability? Interoperable export formats Egress monitoring solutions Strong physical protections Agile business intelligence
Interoperable export formats
Which of the following is a risk in the cloud environment that is not existing or as prevalent in the legacy environment? DDoS Isolation failure External failure Internal attack
Isolation failure - legacy ops isolation failure only will expose to data to other members in organization / In cloud ops isolation may expose you to other tenants in the cloud
Why does the physical location of your data backup and/or BCDR failover environment matter? It may affect regulatory compliance Lack of physical security Environmental factors such as humidity It doesn't matter. Data can be saved anywhere without consequence
It may affect regulatory compliance
Which of the following is a risk in the cloud environment that is not existing or is as prevalent in the legacy environment? Legal liability in multiple jurisdictions Loss of productivity due to DDoS Ability of users to gain access to their physical workplace Fire
Legal liability in multiple jurisdictions
Which of the following poses a new risk in the cloud, not affecting the legacy, on-premises environment? Fire Legal seizure of another firm's assets Mandatory privacy data breach notification Flooding
Legal seizure of another firm's assets
The cloud customer will usually not have a physical access to the cloud data center. This enhances security by _________. Reducing the need for qualified personnel Limiting access to sensitive information Reducing jurisdictional exposure Ensuring statutory compliance
Limiting access to sensitive information
Which of the following is a method for apportioning resources that involves setting maximum usage amounts for all tenant/customers within the environment? Reservations Shares Cancellations Limits
Limits
A cloud provider will probably require all of the following except _______ before a customer conducts a penetration test. Notice Description of scope of the test Location of the launch point Knowledge of time frame/duration
Location of the launch point
VM configuration management tools should probably include __________. Biometric recognition Anti-tampering mechanisms Log file generation Hackback capabilities
Log file generation
Which of the following is a risk in the cloud environment that is not existing or is as prevalent in the legacy environment? Loss of availability due to DDoS Loss of value due to DDoS Loss of confidentiality due to DDoS Loss of liability due to DDoS
Loss of availability due to DDoS - users wont be able to access any data since the connection is severed to the cloud data
Which of the following risks exists in the legacy environment but is dramatically increased by moving into the cloud? Physical security breaches Loss of utility power Financial upheaval Man-in-the-middle attacks
Man-in-the-middle attacks
Sprawl is mainly a(n) _________ problem. Technical External Management Logical
Management
Of the following, which is probably the most significant risk in a managed cloud environment? DDoS Management plane breach Guest escape Physical attack on the utility service lines
Management plane breach - someone gets entire control of the environment
The cloud data center campus physical access point should include all of the following except _______. Reception area Video surveillance Badging procedure Mantrap structures
Mantrap structures - usually reserved for sensitive areas within a building
Typically, SSDs are __________. More expensive than spinning platters Larger than tape backup Heavier than tape libraries More subject to malware than legacy drives
More expensive than spinning platters
Critical components should be protected with _______. Strong passwords Chain-link fences Homomorphic encryption Multifactor authentication
Multifactor authentication
Which of the following poses a new risk in the cloud, not affecting the legacy, on-premises environment? Internal threats Multitenancy Natural disasters DDoS attacks
Multitenancy
If you use the cloud for BCDR purposes, even if you don't operate your production in the cloud, you can cut costs by eliminating your __________. Security personnel BCDR policy Old access credentials Need for a physical hot site/warm site
Need for a physical hot site/warm site
Key generation is a cloud environment might have less entropy than the legacy environment for all the following reasons except _________. Lack of direct input devices No social factors Uniform build Virtualization
No social factors
Typically, SSDs are ______________. Impossible to destroy physically Not vulnerable to degaussing Subject to a longer warranty Protected by international trade laws
Not vulnerable to degaussing
The tasks performed by the hypervisor in the virtual environment can most be likened to the tasks of the ________ in the legacy environment. CPU Security team OS PGP
OS
What is the type of cloud storage arrangement that involves the use of associating metadata with the saved data? Volume Block Object Redundant
Object
Which of the following terms describes a cloud storage area that uses a file system/hierarchy? Volume storage Object storage Logical unit number (LUN) Block storage
Object storage
Typically, which form of cloud storage is used in the near term for snapshotted VM images? Volume storage Object storage Logical unit number (LUN) Block storage
Object storage - stored as an object
Risk should always be considered from a business perspective. Risk is often balanced by corresponding _________. Profit Performance Cost Opportunity
Opportunity
What do you need to do in order to fully ensure that a BCDR action will function during a contingency? Audit all performance functions Audit all security functions Perform a full-scale test Mandate this capability in the contract
Perform a full-scale test
Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ________. Risk Security controls Personnel Data
Personnel
What is the most important asset to protect in cloud BCDR activities? Intellectual property Hardware at the cloud data center Personnel Data on portable media
Personnel
The physical layout of a cloud data center campus should include redundancies of all the following except _______. Generators HVAC units Generator fuel storage Points of personnel ingress
Points of personnel ingress
It's important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ________. Prevent unknown, unpatched assets from being used as back doors to the environment Ensure that any lost devices are automatically entered into the acquisition systems for repurchasing and replacement Maintain user morale by having their devices properly catalogued and annotated Ensure that billing for all devices is handled by the appropriate departments
Prevent unknown, unpatched assets from being used as back doors to the environment
Where is isolation failure probably least likely to pose a significant risk? Public cloud Private cloud PaaS environment SaaS environment
Private cloud
Who operates the management plane? Regulators End consumers Privileged users Privacy data subjects
Privileged users
The ENISA's definition of cloud computing differs slightly from the definition offered by ISC2 and NIST. What is one of the characteristics listed by ENISA but not included in the ISC2 definition? Metered service Shared resources Scalability Programmatic management
Programmatic management
What can hamper the ability of a cloud customer to protect their own assets in a managed services arrangement? Prohibitions on port scanning and penetration testing Geographical dispersion Rules against training users Laws that prevent them from doing so
Prohibitions on port scanning and penetration testing
Which of the following risks is probably most significant when choosing to use one cloud provider for your operational environment and another for BCDR backup/archive? Physical intrusion Proprietary formats/lack of interoperability Vendor lock-in/lockout Natural disasters
Proprietary formats/lack of interoperability
A cloud customer performing a penetration test without the provider's permission is risking ________. Malware contamination Excessive fees for SLA violations Loss of market share Prosecution
Prosecution
A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to hire a third party to review each organization, for compliance with security governance and standards they all find acceptable, what is this federation model called? Cross-certification Proxy Single sign-on Regulated
Proxy
Having your BCDR backup stored with the same cloud provider as your production environment can help you _________. Maintain regulatory compliance Spend less of your budget on traveling Train your users about security awareness Recover quickly from minor incidents
Recover quickly from minor incidents
When considering cloud data replication strategies (i.e., whether you are making backups at the block, file or database level) which element of your organization's BCDR plan will be most affected by your choice? Recovery time objective Recovery point objective Maximum allowable downtime Mean time to failure
Recovery point objective - RPO is a measure of data that can be lost in an outage without irreparably damaging the organization
The process of identity management includes all the following elements except _________. Provisioning Maintenance Deprovisioning Redaction
Redaction
According to the European Union Agency for Network and Information Security (ENISA), a cloud risk assessment should provide a means for customers to accomplish all these assurance tasks except ___________. Assess risks associated with cloud migration Compare offerings from different cloud providers Reduce the risk of regulatory noncompliance Reduce the assurance burden on cloud providers
Reduce the risk of regulatory noncompliance
From a security perspective, automation of configuration aids in ___________. Enhancing performance Reducing potential attack vectors Increasing ease of use of the systems Reducing need for administrative personnel
Reducing potential attack vectors
Which of the following is probably the most important activity, of those listed? Regularly update the BCDR plan/process Have contact information for all personnel in the organization Have contact information for essential BCDR personnel Have contact information for local law enforcement
Regularly update the BCDR plan/process
The minimum essential characteristics of a cloud data center are often referred to as "ping, power, pipe." What does this mean? Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an ISP/the Internet Application suitability; availability; connectivity IaaS; SaaS; PaaS Anti-malware tools; controls against DDoS attacks; physical/environmental security controls, including fire suppression
Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an ISP/the Internet
Which of the following is a method for apportioning resources that involves setting guaranteed minimums for all tenants/customers within the environment? Reservations Shares Cancellations Limits
Reservations
Which of the following poses a new risk in the cloud, not affecting the legacy, on-premises environment? User carelessness Inadvertent breach Device failure Resource exhaustion
Resource exhaustion - in extreme cases such as something that hits an entire region where cloud providers will be unable to handle an increased load
Which of the following probably poses the most significant risk to the organization? Lack of data confidentiality during a contingency Lack of regulatory compliance during a contingency Returning to normal operations too late Lack of encrypted communications during a contingency
Returning to normal operations too late
Which of the following probably poses the most significant risk to the organization? Not having essential BCDR personnel available during a contingency Not including all BCDR elements in the cloud contract Returning to normal operations too soon Telecommunications outages
Returning to normal operations too soon
__________ is the most prevalent protocol used in identity federation. HTTP SAML FTP WS-Federation
SAML
In software-defined networking (SDN), the northbound interface (NBI) usually handles traffic between the ______ and ________. Cloud customer; ISP SDN controllers; SDN applications Cloud provider; ISP Router; host
SDN controllers; SDN applications
Which of the following would probably best aid an organization in deciding whether to migrate from a legacy environment to a particular cloud provider? Rate sheets comparing a cloud provider to other cloud providers Cloud provider offers to provide engineering assistance during the migration The cost/benefit measure of closing the organization's relocation site and using the cloud for disaster recovery instead SLA satisfaction surveys from other (current and old) cloud customers
SLA satisfaction surveys from other (current and old) cloud customers
In which cloud service model does the customer lose the most control over governance? IaaS PaaS SaaS Private Cloud
SaaS
What should the cloud customer do to ensure that disaster recovery activities don't exceed the maximum allowable downtime (MAD)? Make sure any alternate provider can support the application needs of the organization Ensure that contact information for all first responder agencies are correct and up to date at all times Select an appropriate recovery time objective (RTO) Regularly review all regulatory directives for disaster response
Select an appropriate recovery time objective (RTO)
When considering the option to migrate from an on-premises environment to a hosted cloud service, an organization should weigh the risks of allowing external entities to access the cloud data for collaborative purposes against ___________. Not securing the data in the legacy environment Disclosing the data publicly Inviting external personnel into the legacy workspace in order to enhance collaboration Sending the data outside the legacy environment for collaborative purposes
Sending the data outside the legacy environment for collaborative purposes
Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations? Reservations Shares Cancellations Limits
Shares
A cloud provider will probably not allow _________ as part of a customer's penetration test. Network mapping Vulnerability scanning Reconnaissance Social engineering
Social engineering
Sprawl in the cloud can lead to significant additional costs to the organization because of _________. Larger necessary physical footprint Much larger utility consumption Software licensing Requisite additional training
Software licensing - more vms = more $$
Which of the following terms describe a means to centralize logical control of all networked nodes in the environment, abstracted from the physical connections to each? VPN SDN ACLs RBAC
Software-defined networking (SDN)
Mass storage in the cloud will most likely currently involve __________. Spinning platters Tape drives Magnetic disks Solid-state drives
Solid-state drives
There are many ways to handle risk. However, the usual methods for addressing risk are not all possible in the cloud because ___________. Cloud data risks cannot be mitigated Migrating into a cloud environment necessarily means you are accepting all risks Some risks cannot be transferred to a cloud provider Cloud providers cannot avoid risk
Some risks cannot be transferred to a cloud provider
The BCDR plan/process should be written and documented in such a way that it can be used by ___________. Users Essential BCDR team members Regulators Someone with the requisite skills
Someone with the requisite skills - 'Requisite' made necessary by a certain event or circumstance
_______________ can often be the result of inadvertent activity. DDos Phishing Sprawl Disasters
Sprawl
Which of these does the cloud customer need to ensure protection of intellectual property created in the cloud? DRM IAM Strong contractual clauses Crypto-shredding
Strong contractual clauses
Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. From the customer perspective, most of the cost differential created between the legacy environment and the cloud through virtualization is achieved by removing ________. External risks Internal risks Regulatory compliance Sunk capital investment
Sunk capital investment - in the cloud you are only paying for what your using - therefore, saving dat money
You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. You decide to have a tabletop test of the BCDR activity. Which of the following will offer value during the test? Have all participants conduct their individual activities via remote meeting technology Task a moderator well-versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events Provide copies of the BCDR policy to all participants Allow all users in your organization to participate
Task a moderator well-versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events
Return to normal operations is a phase in BCDR activity when the contingency event is over and regular production can resume. Which of the following can sometimes be the result when the organization uses two different cloud providers for the production and BCDR environments? Both providers are affected by the contingency, extending the time before return to normal can occur The BCDR provider becomes the new normal production environment Regulators will find the organization in violation of compliance guidance All data is lost irretrievably
The BCDR provider becomes the new normal production environment
Who is the cloud carrier? The cloud customer The cloud provider The regulator overseeing the cloud customer's industry The ISP between the cloud customer and provider
The ISP between the cloud customer and provider
Security controls installed on a guest virtual machine operating system (VM OS) will not function when _______________. The user is accessing the VM remotely The OS is not scanned for vulnerabilities The OS is not subject to version control The VM is not active while in storage
The VM is not active while in storage
The physical layout of a cloud data center campus should include redundancies of all the following except _______. Physical perimeter security controls The administration/support staff building Electrical utility lines Communications connectivity lines
The administration/support staff building
In an IaaS arrangement, who accepts responsibility for securing cloud-based applications? The cloud provider The cloud customer The regulator The end user/client
The cloud customer
In a managed cloud services arrangement, who creates governance that will determine which controls are selected for the environment and how they are deployed? The cloud provider The cloud customer The regulators The end user
The cloud provider
Which of the following is a risk posed by the use of virtualization? Internal threats interrupting service through physical accidents (spilling drinks, tripping on lines) The ease of transporting stolen virtual machine images Increased susceptibility of virtual systems to malware Electromagnetic pulse
The ease of transporting stolen virtual machine images
Who will determine whether your organization's cloud migration is satisfactory from a compliance perspective? The cloud provider The cloud customer The regulators The ISP
The regulators
There are two reasons to conduct a test of the organization's recovery from backup in an environment other than the primary production environment. Which of the following is one of them? It costs more to conduct a test at the same location as the primary workplace You don't want to waste travel budget on what is only a test The risk of negative impact to both production and backup is too high There won't be enough room for everyone to sit in the primary facility
The risk of negative impact to both production and backup is too high
Of the following options, which is a reason cloud data center audits are often less trustworthy than legacy audits? They frequently rely on third parties The standards are too difficult to follow The paperwork is cumbersome There aren't enough auditors
They frequently rely on third parties
Of the following options, which is a reason cloud data center audits are often less trustworthy than legacy audits? Cryptography is present Auditor's don't like the cloud Cloud equipment is resistant to an audit They often rely on data the provider chooses to disclose
They often rely on data the provider chooses to disclose
All of the following can be used in the process of anomaly detection except ____________. The ratio of failed to successful logins Transactions completed successfully Event time of day Multiple concurrent logins
Transactions completed successfully
You are in charge of creating the business continuity and disaster recovery plan and procedure for your organization. Your organization has its production environment hosted in a cloud environment. You are considering using cloud backup services for your BCDR purposes as well. What would probably be the best strategy for this approach, in terms of redundancy and resiliency? Have your cloud provider also provide BCDR backup Keep a BCDR backup on the premises of your corporate headquarters Use another cloud provider for the BCDR backup Move your production environment back into your corporate premises, and use your cloud provider to host your BCDR backup
Use another cloud provider for the BCDR backup
What is probably the best way to avoid problems associated with vendor lockout? Use strong contract language Use nonproprietary data and media formats Use strong cryptography Use another provider for backup purposes
Use another provider for backup purposes
What is probably the optimum way to avoid vendor lock-in? Use non-proprietary data formats Use industry-standard media Use strong cryptography Use favorable contract language
Use favorable contract language
Perhaps the best method for avoiding vendor lock-out is also a means for enhancing BCDR capabilities. This is ___________. Having a warm site within 250 miles of the primary production environment Using one cloud provider for primary production and another for backup purposes Building a data center above the flood plain Cross-training all personnel
Using one cloud provider for primary production and another for backup purposes
Lack of industry-wide standards for cloud computing creates a potential for ________. Privacy data breach Privacy data disclosure Vendor lock-in Vendor lock-out
Vendor lock-in - without standards customer would have trouble moving from one vendor to the other
According to the NIST Cloud Computing Reference Architecture, which of the following is most likely a cloud carrier? Amazon web services Netflix Verizon Nessus
Verizon
One of the security challenges of operating in the cloud is that additional controls must be placed on file storage systems because ________. File stores are always kept in plain text in the cloud There is no way to sanitize file storage space in the cloud Virtualization necessarily prevents the use of application-based security controls Virtual machines are stored as snapshotted files when not in use
Virtual machines are stored as snapshotted files when not in use
Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. What is the technology that creates most of the cost savings in the cloud environment? Emulation Secure remote access Crypto-shredding Virtualization
Virtualization
What can be revealed by an audit of a baseline virtual image, used in a cloud environment? Possible intrusions after they have happened Potential criminal activity before it occurs Whether necessary security controls are in place and functioning properly Lack of user training and awareness
Whether necessary security controls are in place and functioning properly
What is the main reason virtualization is used in the cloud? VMs are easier to administer If a VM is infected with malware, it can easily be replaced With VMs, the cloud provider does not have to deploy an entire hardware device for every new user VMs are easier to operate than actual devices
With VMs, the cloud provider does not have to deploy an entire hardware device for every new user
A SAML identity assertion token uses the _________ protocol. XML HTTP HTML ASCII
XML
There are two reasons to conduct a test of the organization's recovery from backup in an environment other than the primary production environment. Which of the following is one of them? It is good to invest in more than one community You want to approximate contingency conditions, which includes not operating in the primary location It is good for your personnel to see other places occasionally Your regulator's wont follow you offsite, so you'll be unobserved during your test
You want to approximate contingency conditions, which includes not operating in the primary location