Ch. 4: Compliance and the Cloud

Ace your homework & exams now with Quizwiz!

Which statements regarding a CSP's legal and regulatory compliance are correct? (Choose two) A. All security responsibilities fall upon the CSP B. A CSP's service level agreements list independent third-party auditors. C. A CSP provides documentation about its security standards compliance. D. Cloud customers also bear some responsibility in securing their use of cloud computing.

A CSP provides documentation about its security standards compliance. Cloud customers also bear some responsibility in securing their use of cloud computing.

Compared to vulnerability assessments, which word is most closely associated with penetration testing? A. Documentation B. Authentication C. Active D. Passive

Active

What kind of standard is SSAE No. 16? A. Auditing B. Encryption C. Risk Management D. Authentication

Auditing

Which term refers to the applicable laws based on the location of where data is collected, stored, and used? A. Special Publication B. Security control C. Data sovereignty D. PKI

Data sovereignty

You are reviewing a CSP's media destruction procedures. Your organization requires that hard disk data is removed magnetically. Which technique does this? A. Drilling B. Shredding C. Hammering D. Degaussing

Degaussing

To prevent future sensitive data retrieval of cloud-replicated data, you have repartitioned a hard disk within a laptop computer. The computer was running a Windows client operating system at the time of the repartitioning. Which statement regarding this scenario is correct? A. A Windows server operating system should have been used B. Deleted partitions are easily recovered C. A Linux server operating system should have been used D. The operating system cannot be running when disk partitions are removed.

Deleted partitions are easily recovered

Which U.S. federal government security standard is most closely related to cloud security? A. HIPAA B. ISO/IEC 27017:2015 C. FedRAMP D. Sarbanes-Oxley Act

FedRAMP

Why is a CSP's security standards compliance important? (Choose two) A. It provides a level of assurance to cloud customers that the CSP has taken effective steps to mitigate risk. B. A CSP's security standards compliance means its cloud customers are also compliant. C. It proves that the CSP cannot be hacked D. The CSP security posture is accredited by third parties

It provides a level of assurance to cloud customers that the CSP has taken effective steps to mitigate risk. The CSP security posture is accredited by third parties

You want to know the specific physical addresses of a CSP's data centers. What should you do? A. Run a DNS domain name lookup for the CSP domain suffix B. Send an information request to the CSP C. Review the CSP service level agreement D. Nothing. CSPs do not voluntarily disclose data center physical addresses.

Nothing. CSPs do not voluntarily disclose data center physical addresses.

Which of the following statements regarding laws and regulations is accurate? A. Regulations provide implementation and enforcement details. B. Laws provide implementation and enforcement details. C. Breaking laws can result in fines; this is not true for a lack of regulatory compliance. D. A lack of regulatory compliance can result in fines, but not imprisonment.

Regulations provide implementation and enforcement details.

Which U.S. regulation is designed to mitigate financial document reporting fraud? A. HIPAA B. ISO/IEC 27017:2015 C. FedRAMP D. Sarbanes-Oxley Act

Sarbanes-Oxley Act

Which risk is the most prevalent when adopting cloud computing? A. The use of deprecated encryption algorithms B. Cloud tenant centralized data storage C. Lack of cloud tenant isolation D. Trust placed in outsourcing

Trust placed in outsourcing

Which factor has the most influence on which regulations apply to your organization? A. Operating system used for cloud virtual machines B. Type of industry C. Cloud storage encryption strength D. Type of cloud media sanitization in use

Type of industry

You are evaluating CSPs because your organization has decided to adopt cloud computing for some of its IT service needs. What is the quickest way to determine which security standards the CSP is compliant with? A. Send an e-mail message to the CSP inquiring about compliance B. Call the CSP to inquire about compliance C. View government legislative bill details D. View the CSP's compliance web page

View the CSP's compliance web page

Which type of security testing identifies weaknesses but does not attempt to exploit them? A. Penetration test B. Regression test C. Load test D. Vulnerability test

Vulnerability test


Related study sets

BUS251: Chapter 15 Reading & Assessment Questions

View Set

Management of Organizations Sample Questions Study Guide for Exam 1 (Ch. 1-5)

View Set

CH 24- Asepsis and Infection Control

View Set

Match the term to the definition

View Set

MGMT 2103 Exam #3 Practice Questions

View Set

Chapter 16 Anatomy of the Female Reproductive System

View Set

Fluid, Electrolyte, and Acid-Base Regulation

View Set

LI.FE.P.A.C high school health (spiritual, mental, and emotional health)

View Set

Unit 6 MC (not sure this is on it)

View Set