Читать книгу (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests - Sean Murphy, Ben Malisow - Страница 16

In Domain 2, the exam outline focuses on the data owned by the cloud customer, hosted in the cloud. The domain discusses methods for securing the data, including specific tools and techniques.

1 In which of these options does the encryption engine reside within the application accessing the database?Transparent encryptionSymmetric-key encryptionApplication-level encryptionHomomorphic encryption

2 You are the security team leader for an organization that has an infrastructure as a service (IaaS) production environment hosted by a cloud provider. You want to implement an event monitoring (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) solution in your production environment in order to acquire better data for security defenses and decisions. Which of the following is probably your most significant concern about implementing this solution in the cloud?The solution should give you better analysis capability by automating a great deal of the associated tasks.Dashboards produced by the tool are a flawless management benefit.You will have to coordinate with the cloud provider to ensure that the tool is acceptable and functioning properly.Senior management will be required to approve the acquisition and implementation of the tool.

3 Which of the following is not a step in the crypto-shredding process?Encrypt data with a particular encryption engine.Encrypt first resulting keys with another encryption engine.Save backup of second resulting keys.Destroy original second resulting keys.

4 Which of the following sanitization methods is feasible for use in the cloud?Crypto-shreddingDegaussingPhysical destructionOverwriting

5 Which of the following is not a method for enhancing data portability?Crypto-shreddingUsing standard data formatsAvoiding proprietary servicesFavorable contract terms

6 When implementing a digital rights management (DRM) solution in a cloud environment, which of the following does not pose an additional challenge for the cloud customer?Users might be required to install a DRM agent on their local devices.DRM solutions might have difficulty interfacing with multiple different operating systems and services.DRM solutions might have difficulty interacting with virtualized instances.Ownership of intellectual property might be difficult to ascertain.

7 When implementing cryptography in a cloud environment, where is the worst place to store the keys?With the cloud providerOff the cloud, with the data ownerWith a third-party provider, in key escrowAnywhere but with the cloud provider

8 Which of the following is not a security concern related to archiving data for long-term storage?Long-term storage of the related cryptographic keysFormat of the dataMedia the data resides onUnderground depth of the storage facility

9 Data dispersion is a cloud data security technique that is most similar to which legacy implementation?Business continuity and disaster recovery (BC/DR)Redundant Array of Inexpensive Disks (RAID)Software-defined networking (SDN)Content delivery network (CDN)

10 Data dispersion uses _______________, where the traditional implementation is called “striping.”ChunkingVaultingLumpingGrouping

11 Data dispersion uses _______________, where the traditional implementation is called “parity bits.”SmurfingSnarfingErasure codingReal-time bitlinking

12 Data dispersion provides protection for all the following security aspects except _______________.Protecting confidentiality against external attack on the storage areaLoss of availability due to single-storage-device failureLoss due to seizure by law enforcement in a multitenant environmentProtecting against loss due to user error

13 Your organization is migrating the production environment to an infrastructure as a service (IaaS) cloud implementation. Your users will need to be able to get access to their data, install programs, and partition memory space for their own purposes. You should configure the cloud memory as _______________.ObjectVolumeSyntheticDatabase

14 Your organization is migrating the production environment to an infrastructure as a service (IaaS) cloud implementation. Your users will need to be able to get access to their data and share data with other users in a defined way, according to a hierarchy. You should configure the cloud memory as _______________.Object storageVolume storageSynthetic storageDatabases

15 What is one of the benefits of implementing an egress monitoring solution?Preventing distributed denial of service (DDoS) attacksInventorying data assetsInterviewing data ownersProtecting against natural disasters

16 Egress monitoring solutions usually include a function that _______________.Arbitrates contract breachesPerforms personnel evaluation reviewsDiscovers data assets according to classification/categorizationApplies another level of access control

17 Egress monitoring solutions usually include a function that _______________.Uses biometrics to scan usersInspects incoming packetsResides on client machinesUses stateful inspection

18 Digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM) can be used to protect all sorts of sensitive data but are usually particularly designed to secure ____________.Personally identifiable information (PII)Intellectual propertyPlans and policiesMarketing material

19 Digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM) often protect unauthorized distribution of what type of intellectual property?PatentsTrademarksPersonally identifiable information (PII)Copyright

20 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?PersistenceInfluenceResistanceTrepidation

21 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?Automatic expirationMultilevel aggregationEnhanced detailBroad spectrum

22 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?Transparent encryption modificationBilateral enhancementContinuous audit trailEncompassing flow

23 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?Mapping to existing access control lists (ACLs)Delineating biometric catalogsPreventing multifactor authenticationProhibiting unauthorized transposition

24 According to the (ISC)2 Cloud Secure Data Lifecycle, which phase comes soon after (or at the same time as) the Create phase?StoreUseDeployArchive

25 According to the (ISC)2 Cloud Secure Data Lifecycle, which phase comes immediately before the Share phase?CreateDestroyUseEncrypt

26 Why is the term (ISC)2 Cloud Secure Data Lifecycle actually somewhat inaccurate?The term is not used only by (ISC)2.Not all phases are secure.Not all phases take place in the cloud.It’s not actually a cycle.

27 According to the (ISC)2 Cloud Secure Data Lifecycle, in which phase should the process of categorization/classification of data occur?CreateStoreDefineUse

28 Which of the following should occur during the final phase of the Cloud Secure Data Lifecycle?Data dispersionCrypto-shreddingCryptoparsingCryptosporidium

29 At what phase of the Cloud Secure Data Lifecycle does data enter long-term storage?The firstThe secondThe fourthThe fifth

30 What is a form of cloud storage where data is stored as objects, arranged in a hierarchal structure, like a file tree?Volume storageDatabasesContent delivery network (CDN)Object storage

31 What is a form of cloud storage where data is stored in a logical storage area assigned to the user but not necessarily physically attached or even geographically proximate to the compute node the user is utilizing?Volume storageDatabasesContent delivery network (CDN)Object storage

32 What is a form of cloud storage often used for streaming multimedia data to users?Volume storageDatabasesContent delivery network (CDN)Neutral storage

33 What type of data storage is often used in platform as a service (PaaS) arrangements?EphemeralDatabaseLong-termNefarious

34 What is a form of cloud data protection where data is spread across multiple storage devices/locations, similar to RAID in the legacy environment?InfringingData dispersionVoidingCrypto-shredding

35 Erasure coding, in the cloud, is similar to what element of RAID implementations in a traditional IT environment?DeltasInversionParity bitsTransposition

36 DLP (data loss prevention or data leak protection) solutions are implemented in the hopes of securing _______________.Sensitive data that may leave the organization’s controlAll data within the organization’s controlData being processed by the organization’s usersData that could be intercepted while out of the organization’s control

37 Which of the following will DLP (data loss prevention or data leak protection) solutions most likely not inspect?Email contentFTP trafficMaterial saved to portable mediaVoice over Internet Protocol (VoIP) conversations

38 DLP (data loss prevention or data leak protection) solutions may use all of the following techniques to identify sensitive data except _______________.Pattern matchingInferenceKeyword identificationMetadata tags

39 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In which of the following cases would you not have to get permission from the cloud provider to install and implement the tool?If it’s hardware-based and your production environment is in an infrastructure as a service (IaaS) modelIf you purchased it from a vendor other than the cloud providerIf it’s software-based and your production environment is in a platform as a service (PaaS) modelIf it affects all guest instances on any given host device

40 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. Before implementing the solution, what should you explain to senior management?The additional risks of external attack associated with using the toolThe production impact it will have on the environmentWhat the price of the tool wasHow the solution works

41 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. Which of these activities should you perform before deploying the tool?Survey your company’s departments about the data under their control.Reconstruct your firewalls.Harden all your routers.Adjust the hypervisors.

42 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. What should you expect immediately following the implementation of the tool?Immediate decrease in lost dataA series of false-positive indicationsIncrease in morale across the organizationIncrease in gross revenue

43 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. What should you not expect the tool to address?Sensitive data sent inadvertently in user emailsSensitive data captured by screenshotsSensitive data moved to external devicesSensitive data in the contents of files sent via File Transfer Protocol (FTP)

44 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In order to get truly holistic coverage of your environment, you should be sure to include ____________ as a step in the deployment process.Getting signed user agreements from all usersInstallation of the solution on all assets in the cloud data centerAdoption of the tool in all routers between your users and the cloud providerEnsuring that all your customers install the tool

45 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In order to increase the security value of the tool, you should consider combining it with _______________.Digital rights management (DRM) and security event and incident management (SIEM) toolsAn investment in upgraded project management softwareDigital insurance policiesThe Uptime Institute’s Tier certification

46 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. You are interested in fielding the solution as an awareness tool to optimize security for your organization through conditioning user behavior. You decide to set the solution to _______________.Suspend user accounts and notify the security office when it detects possible sensitive data egress attempted by a userHalt the transaction and notify the user’s supervisor when the user attempts to transfer sensitive dataQuery the user as to whether they intend to send sensitive data upon detection of an attempted transferSever remote connections upon detection of a possible sensitive data transfer

47 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. You understand that all of the following aspects of cloud computing may make proper deployment of the tool difficult or costly except _______________.Data will not remain in one place or form in the cloudThe cloud environment will include redundant and resilient architectureThere will be a deleterious impact on production upon installing the toolYou might not have sufficient proper administrative rights in the cloud infrastructure

48 Egress monitoring solutions can aid all of the following security-related efforts except _______________.Access controlData exfiltrationE-discovery/forensicsData categorization/classification

49 The cloud security professional should be aware that encryption would most likely be necessary in all the following aspects of a cloud deployment except _______________.Data at restData in motionData in useData of relief

50 As with the traditional IT environment, cloud data encryption includes all the following elements except _______________.The userThe data itselfThe encryption engineThe encryption keys

51 Volume storage encryption in an infrastructure as a service (IaaS) arrangement will protect against data loss due to all of the following activities except _______________.Physical loss or theft of a deviceDisgruntled usersMalicious cloud administrators accessing the dataVirtual machine snapshots stolen from storage

52 In an infrastructure as a service (IaaS) arrangement, all of the following are examples of object storage encryption except _______________.File-level encryptionDigital rights management (DRM)Application-level encryptionTransport Layer Security (TLS)

53 All of the following are database encryption options that could be used in a platform as a service (PaaS) implementation except _______________.File-level encryptionSecure Sockets Layer (SSL)Transparent encryptionApplication-level encryption

54 In application-level encryption, where does the encryption engine reside?In the application accessing the databaseIn the operating system on which the application is runWithin the database accessed by the applicationIn the volume where the database resides

55 Which of the following database encryption techniques can be used to encrypt specific tables within the database?File-level encryptionTransparent encryptionApplication-level encryptionObject-level encryption

56 Which of the following database encryption techniques makes it difficult to perform database functions (searches, indexing, etc.)?File-level encryptionTransparent encryptionApplication-level encryptionVolume encryption

57 According to (ISC)2, where should the cloud customer’s encryption keys be stored?With the cloud customerWith a third-party providerAt the cloud provider data centerAnywhere but with the cloud provider

58 Which of the following is not used to determine data retention requirements?LegislationBusiness needsAverage media longevityContracts

59 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?External hacking detectionPrediction of physical device theftData classification/categorization issuesSocial engineering attacks

60 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting untrained personnelPredicting system outagesSending alerts for conflicts of interestEnforcing mandatory vacation

61 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Reducing workload for production personnelDecreasing size of log filesOptimizing performanceEnsuring adequate lighting of workspaces

62 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting ambient heating, ventilation, and air-conditioning (HVAC) problemsEnsuring proper cloud migrationDeciding risk parametersProtecting all physical entry points against the threat of fire

63 In addition to predictive capabilities, event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) are instrumental in what other security function?Personnel safetyVehicle trackingIncident evidenceAcoustic dampening

64 Which of the following is one of the benefits of event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM])?Greater physical securityPsychological deterrenceCost savingsMore logs can be reviewed, at faster speeds

65 As in a traditional IT environment, proper key management is crucial in the cloud. Which of the following principles is not true regarding key management?It is good practice to introduce pseudorandom numbers when generating keys.Public keys should never be shared with anyone.Losing the keys is equivalent to losing the data.Symmetric keys should be passed out of band.

66 Which of the following is a good business case for the use of data masking?The shipping department should get only a masked version of the customer’s address.The customer service department should get only a masked version of the customer’s Social Security (SS) number.The billing department should get only a masked version of the customer’s credit card number.The Human Resources (HR) department should get only a masked version of the employee’s driver’s license number.

67 All of the following are methods of data masking suggested by (ISC)2 except _______________.Random substitutionAlgorithmic substitutionDeletionConflation

68 If data masking is being performed for software testing purposes, which of the following is not a good masking technique to use?Random substitutionShufflingDeletionAlgorithmic substitution

69 For which use case would it probably be best to use static masking?Creating a test environment for a new applicationAllowing a customer service representative limited access to account dataProviding detailed reports to regulatorsNotifying shareholders

70 For which use case would it probably be best to use dynamic masking?Creating a test environment for a new applicationAllowing a customer service representative limited access to account dataSending incident response notificationsImplementing business continuity and disaster recovery (BC/DR)

71 What is one possible risk associated with the use of algorithmic masking for obscuring a data set?You could corrupt the production data.The data could be subject to easy inadvertent disclosure.Algorithms are two-way operations.A null set has no test value.

72 ____________ is a direct identifier, and ____________ is an indirect identifier.Username; passwordUser’s name; user’s ageUser’s IP address; user’s media access control (MAC) addressLocation; income level

73 Anonymization is the process of removing ____________ from data sets.AccessCryptographic keysNumeric valuesIdentifying information

74 Tokenization is a method of obscuring data that, other than encryption, can be used to comply with ____________ standards.Gramm-Leach-Bliley Act (GLBA)Payment Card Industry (PCI)Child Online Protection Act (COPA)Sarbanes-Oxley Act (SOX)

75 Tokenization requires at least ____ database(s).OneTwoThreeFour

76 Data owners might consider using tokenization for all of the following reasons except _______________.Regulatory or contractual complianceInferenceReduced cost of complianceMitigating risk from data lost to intrusion

77 Bit-splitting, also known as data dispersion, might be thought of as ____________ in the cloud.RAIDBIOSDDoSSYN-ACK

78 Bit-splitting also provides security against data breaches by _______________.Removing all access to unauthorized partiesEnsuring that an unauthorized user only gets a useless fragment of dataMoving data across jurisdictional boundariesTracking all incoming access requests

79 If bit-splitting is used to store data sets across multiple jurisdictions, how may this enhance security?By making seizure of data by law enforcement more difficultBy hiding it from attackers in a specific jurisdictionBy ensuring that users can only accidentally disclose data to one geographic areaBy restricting privilege user access

80 Which of the following is a possible negative aspect of bit-splitting?Less securityGreatest risk of unauthorized accessSignificantly greater processing overheadViolating regulatory compliance

81 Which of the following is a possible negative aspect of bit-splitting?It may require trust in additional third parties beyond the primary cloud service provider.There may be cause for management concern that the technology will violate internal policy.Users will have far greater difficulty understanding the implementation.Limited vendors make acquisition and support challenging.

82 Which of the following is a possible negative aspect of bit-splitting?Greater chance of physical theft of assetsLoss of public imageSome risk to availability, depending on the implementationA small fire hazard

83 Which of the following is a theoretical technology that is intended to allow encrypted material to be processed and manipulated without decrypting it first?Inverse postulationHomomorphic encryptionDidactic alignmentObverse reinstantiation

84 Which of the following is a data discovery approach used by e-commerce retailers to discern and predict shoppers’ needs?Big dataReal-time analyticsAgile analyticsAgile business intelligence

85 Which of the following is a data discovery approach that offers insight to trends of trends, using both historical and predictive approaches?Obverse polyglotismBig dataReal-time analyticsAgile analytics/business intelligence

86 Which of the following is not a data discovery technique?MetadataLabelsContent analysisData hover

87 Which of the following data discovery techniques involves using extra information automatically appended/included with the intended data when the data is created?MetadataLabelsContent analysisData hover

88 When labeling is used as a data discovery technique, who should be applying the labels?The security officeUsersData ownersRegulators

89 When data labels are being used in an environment (for discovery and other purposes), when should the labels be applied?During the risk assessmentAs part of the business impact analysis (BIA)At collection/creationWhen the discovery tools are implemented

90 Which of the following tools might be useful in data discovery efforts that are based on content analysis?Egress monitoring solutionsDigital rights management (DRM)iSCSIFibre Channel over Ethernet (FCoE)

91 All of the following might be used as data discovery characteristics in a content-analysis-based data discovery effort except _______________.KeywordsPattern matchingFrequencyInheritance

92 What is the risk to the organization posed by dashboards that display data discovery results?Increased chance of external penetrationFlawed management decisions based on edited displaysHigher likelihood of inadvertent disclosureRaised incidence of physical theft

93 Which of these is most likely to have the greatest negative impact on data discovery effort?Bandwidth latency issuesPoor physical security of the data centerSevere statutory regulationInaccurate or incomplete data

94 Cloud customers performing data discovery efforts will have to ensure that the cloud provider attends to all of the following requirements except _______________.Allowing sufficient access to large volumes of dataPreserving metadata tagsAssigning labelsPreserving and maintaining the data

95 Where should the cloud provider’s data discovery requirements be listed?National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53Applicable laws and regulationsPayment Card Industry Data Security Standard (PCI DSS)The managed services contract and SLA

96 Who will determine data classifications for the cloud customer?The cloud providerNational Institute of Standards and Technology (NIST)RegulatorsThe cloud customer

97 An organization’s data classification scheme must include which of the following categories?File sizeOrigin of the dataSensitivity of the dataWhatever the data owner decides

98 Classification is usually considered a facet of data ____________.SecurityLabelingControlMarkup

99 Data classification can be ____________ or ____________.Inverse or obverseAutomatic or manualCorrect or incorrectDiurnal or nocturnal

100 Data may need to be reclassified for all the following reasons except _______________.Color changeTimeRepurposingTransfer of ownership

101 Proper __________ need(s) to be assigned to each data classification/category.Dollar valuesMetadataSecurity controlsPolicies

102 Data transformation in a cloud environment should be of great concern to organizations considering cloud migration because ____________ could affect data classification processes and implementations.MultitenancyVirtualizationRemote accessPhysical distance

103 Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?The userThe subjectThe cloud providerThe cloud customer

104 In a personally identifiable information (PII) context, who is the subject?The cloud customerThe cloud providerThe regulatorThe individual

105 In a personally identifiable information (PII) context, who is the processor?The cloud customerThe cloud providerThe regulatorThe individual

106 In a personally identifiable information (PII) context, who is the controller?The cloud customerThe cloud providerThe regulatorThe individual

107 In a personally identifiable information (PII) context, which of the following is not normally considered “processing”?StoringViewingDestroyingPrinting

108 Which of the following countries does not have a national privacy law that concerns personally identifiable information (PII) and applies to all entities?ArgentinaThe United StatesItalyAustralia

109 In protections afforded to personally identifiable information (PII) under the U.S. Health Information Portability and Accountability Act (HIPAA), the subject must __________ in order to allow the vendor to share their personal data.Opt inOpt outUndergo screeningProvide a biometric template

110 In protections afforded to personally identifiable information (PII) under the U.S. Gramm-Leach-Bliley Act (GLBA), the subject must __________ in order to prevent the vendor from sharing their personal data.Opt inOpt outUndergo screeningProvide a biometric template

111 The European Union (EU), with its implementation of privacy directives and regulations, treats individual privacy as ____________.A passing fadA human rightA legal obligationA business expense

112 If your organization collects/creates privacy data associated with European Union (EU) citizens and you operate in the cloud, you must prevent your provider from storing/moving/processing that data where?ArgentinaThe United StatesJapanIsrael

113 European Union (EU) personal privacy protections include the right to be _______________.SecureDeliveredForgottenProtected

114 The Cloud Security Alliance (CSA) has developed a model for cloud privacy frameworks called the Privacy Level Agreement (PLA). Why might a cloud service provider be reluctant to issue or adhere to a PLA?A PLA might limit the provider’s liability.A PLA would force the provider to accept more liability.A PLA is nonbinding.A PLA is not enforceable.

115 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) lists security controls from all the following frameworks except _______________.ISACA’s Control Objectives for Information and Related Technology (COBIT)Payment Card Industry Data Security Standard (PCI DSS)The Capability Maturity Model (CMM)International Organization for Standardization (ISO) 27001

116 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) lists security controls from all the following laws except _______________.Health Information Portability and Accountability Act (HIPAA)Family Education Rights and Privacy Act (FERPA)Personal Information Protection and Electronic Documents Act (PIPEDA)Digital Millennium Copyright Act (DMCA)

117 Digital rights management (DRM) tools might be used to protect all the following assets except _______________.A trusted deviceProprietary softwareMedical recordsFinancial data

118 Deploying digital rights management (DRM) tools in a bring-your-own-device (BYOD) environment will require _______________.User consent and actionEnhanced security protocolsUse of the cloudNewer, upgraded devices

119 Deploying digital rights management (DRM) tools in a bring-your-own-device (BYOD) environment will require _______________.A uniform browser installationPlatform-agnostic solutionsTurnstilesA secondary business continuity and disaster recovery (BC/DR) vendor

120 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) addresses all the following security architecture elements except _______________.Physical securityInfrastructure as a service (IaaS)Application securityBusiness drivers

121 DRM requires that every data resource be provisioned with __________.A tracking deviceAn access policyA hardware security module (HSM)A biometric system

122 Digital rights management (DRM) tools can be combined with __________ to enhance security capabilities.Roaming identity services (RIS)Egress monitoring solutions (DLP)Internal hardware settings (BIOS)The TEMPEST program

123 Digital rights management (DRM) tools should enforce __________, which is the characteristic of access rights following the object, in whatever form or location it might be or move to.Continuous audit trailLimiting printing outputPersistenceAutomatic expiration

124 Digital rights management (DRM) tools should enforce __________, which is the practice of capturing all relevant system events.Continuous audit trailLimiting printing outputPersistenceAutomatic expiration

125 Digital rights management (DRM) tools should enforce __________, which is the capability to revoke access based on the decision of the object owner or an administrator action.Integration with email filtering enginesDisabling screencap capabilitiesContinuous audit trailDynamic policy control

126 Digital rights management (DRM) tools should enforce __________, which is the revocation of access based on time.PersistenceDisabling screencap capabilitiesAutomatic expirationDynamic policy control

127 Digital rights management (DRM) tools should enforce __________, which is interoperability with the organization’s other access control activities.PersistenceSupport for existing authentication security infrastructureContinuous audit trailDynamic policy control

128 In a data retention policy, what is perhaps the most crucial element?Location of the data archiveFrequency of backupsSecurity controls in long-term storageData recovery procedures

129 __________ is the practice of taking data out of the production environment and putting it into long-term storage.DeletionArchivingCrypto-shreddingStoring

130 In general, all policies within an organization should include each of the following elements except _______________.The date on which the policy will expireThe assignment of an entity to review the applicability of the possibility occasionallyThe assignment of an entity to monitor and maintain the process described in the policyA list of the laws, regulations, practices, and/or standards that drove the creation of the policy

131 The goals of secure sanitization (or “data destruction”) include all of the following except _______________.Removing data objects or filesMinimizing or eliminating data remanenceRemoving pointers and metadata about specific files or objectsCreating a secure, archived copy for business continuity and disaster recovery (BC/DR) purposes

132 Why is deleting a file or object insufficient for secure sanitization purposes?Drives and disks must be demagnetized for true secure destruction.Physical destruction is the only acceptable method of secure sanitization.Deletion usually only removes pointers or indicators of file location.Only administrators should be allowed to delete files or objects.

133 Data destruction in the cloud is difficult because ____________.Cloud data doesn’t have substanceRegulations prevent itThe hardware belongs to the providerMost of the data is subterranean

134 Data destruction in the cloud is difficult because ____________.Data in the cloud is constantly being replicated and backed upDelete commands are prohibited in the cloudInternet service providers (ISPs) will not allow destruction of data stored in the cloudThe end clients may prevent it

135 Data destruction in the cloud is difficult because ____________.Only law enforcement is permitted to destroy cloud dataThe largest cloud vendors have prevented customers from destroying dataCloud data renews itself automaticallyThe cloud is often a multitenant environment

136 Which of the following is the best and only completely secure method of data destruction?DegaussingCrypto-shreddingPhysical destruction of resources that store the dataLegal order issued by the prevailing jurisdiction where the data is geographically situated

137 Aside from the fact that the cloud customer probably cannot reach the physical storage assets of the cloud provider and that wiping an entire storage space would impact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud?All the data storage space in the cloud is already gaussed.Cloud data storage may not be affected by degaussing.Federal law prohibits it in the United States.The blast radius is too wide.

138 Is overwriting a feasible secure sanitization method in the cloud?Yes, but only if you use multiple passes.No, because you can’t get physical access to cloud storage resources.Yes, but it requires a final pass with all zeros or ones.No, because the logical location of the stored data is almost impossible to determine.

139 All of the following are reasons overwriting is not a viable secure sanitization method for data stored in the cloud except _______________.Overwriting an entire storage resource would affect other tenants’ dataRegulators usually frown on the practiceLocating the specific storage locations of cloud data is almost impossibleData is being backed constantly in the cloud; before you finished overwriting an entire data set, it would have been replicated elsewhere

140 Which of the following might make crypto-shredding difficult or useless?The cloud provider also managing the organization’s keysLack of physical access to the environmentExternal attackersLack of user training and awareness

141 Crypto-shredding requires at least ____ cryptosystem(s).OneTwoThreeFour

142 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Ensuring profitabilityIncreasing performanceMotivating usersCorrecting accidental errors

143 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Team building and moraleForensic investigationChoosing security controlsEnhancing quality

144 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Compliance/auditMonitoring performanceGathering investmentEnforcing policy

145 Who is responsible for performing archiving activities in a managed cloud environment?The cloud customerThe cloud providerThe customer’s regulatorDepends on the contract

146 Data archiving and retention policies should include __________.How long the data must be kept before destructionThe depth of underground storage bunkers used for archivingThe names of specific personnel tasked with restoring data in the event of data loss in the operational environmentThe name(s) of regulators approving the policy

147 What should data archiving and retention policies include?Names of personnel allowed to receive backup media, if third-party off-site archiving services are usedExplicit statement of data formats and types of storage mediaA list of personnel whose data will be archived on a regular basisWhich Internet service provider (ISP) should be used for backup procedures

148 If the organization operates in a cloud environment, security operations procedures should include specific contact information for all of the following except _______________.Applicable regulatory entitiesFederal and local law enforcementThe originator or publisher of the governing policyThe cloud provider’s security response office

149 If the organization operates in a cloud environment, security operations procedures should include guidance for all of the following audit or logging processes except _______________.Definition of security events and incidentsThe brand or vendor of the cloud provider’s audit or logging toolProcess for adding new audit or logging rulesProcess for filtering out false positives by amending the rule set

150 What does nonrepudiation mean?Prohibiting certain parties from a private conversationEnsuring that a transaction is completed before saving the resultsEnsuring that someone cannot turn off auditing capabilities while performing a functionPreventing any party that participates in a transaction from claiming that it did not