Читать книгу (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests - Sean Murphy, Ben Malisow - Страница 17

The third domain of the Certified Cloud Security Professional (CCSP) Exam Outline concerns the underlying infrastructure of the cloud, including both hardware and software, the concept of pooled resources, and a detailed discussion of identity and access management (IAM).

1 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. Your organization has its production environment hosted in a cloud environment. You are considering using cloud backup services for your BC/DR purposes as well. What would probably be the best strategy for this approach, in terms of redundancy and resiliency?Have your cloud provider also provide BC/DR backup.Keep a BC/DR backup on the premises of your corporate headquarters.Use another cloud provider for the BC/DR backup.Move your production environment back into your corporate premises, and use your cloud provider to host your BC/DR backup.

2 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You decide to have a tabletop test of the BC/DR activity. Which of the following will offer the best value during the test?Have all participants conduct their individual activities via remote meeting technology.Task a moderator well versed in BC/DR actions to supervise and present scenarios to the participants, including randomized special events.Provide copies of the BC/DR policy to all participants.Allow all users in your organization to participate.

3 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. Your organization has its production environment hosted by a cloud provider, and you have appropriate protections in place. Which of the following is a significant consideration for your BC/DR backup?Enough personnel at the BC/DR recovery site to ensure proper operationsGood cryptographic key managementAccess to the servers where the BC/DR backup is storedForensic analysis capabilities

4 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You are going to conduct a full test of the BC/DR plan. Which of the following strategies is an optimum technique to avoid major issues?Have another full backup of the production environment stored prior to the test.Assign all personnel tasks to perform during the test.Have the cloud provider implement a simulated disaster at a random moment in order to maximize realistic testing.Have your regulators present at the test so they can monitor performance.

5 A Security Assertion Markup Language (SAML) identity assertion token uses the ___________________ protocol.Extensible Markup Language (XML)Hypertext Transfer Protocol (HTTP)Hypertext Markup Language (HTML)American Standard Code for Information Interchange (ASCII)

6 The minimum essential characteristics of a cloud data center are often referred to as “ping, power, pipe.” What does this term mean?Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an Internet service provider (ISP)/the InternetApplication suitability; availability; connectivityInfrastructure as a service (IaaS); software as a service (SaaS); platform as a service (PaaS)Anti-malware tools; controls against distributed denial-of-service (DDoS) attacks; physical/environmental security controls, including fire suppression

7 To support all aspects of the CIA triad (confidentiality, integrity, availability), all of the following aspects of a cloud data center need to be engineered with redundancies except ___________________.Power supplyHVACAdministrative officesInternet service provider (ISP)/connectivity lines

8 Who is the cloud carrier?The cloud customerThe cloud providerThe regulator overseeing the cloud customer’s industryThe ISP between the cloud customer and provider

9 Which of the following terms describes a means to centralize logical control of all networked nodes in the environment, abstracted from the physical connections to each?Virtual private network (VPN)Software-defined network (SDN)Access control lists (ACLs)Role-based access control (RBAC)

10 In software-defined networking (SDN), the northbound interface (NBI) usually handles traffic between the ___________________ and the ___________________.Cloud customer; ISPSDN controllers; SDN applicationsCloud provider; ISPRouter; host

11 Software-defined networking (SDN) allows network administrators and architects to perform all the following functions except ___________________.Reroute traffic based on current customer demandCreate logical subnets without having to change any actual physical connectionsFilter access to resources based on specific rules or settingsDeliver streaming media content in an efficient manner by placing it closer to the end user

12 Which of the following is a device specially purposed to handle the issuance, distribution, and storage of cryptographic keys?Key management box (KMB)Hardware security module (HSM)Ticket-granting ticket (TGT)Trusted computing base (TCB)

13 When discussing the cloud, we often segregate the data center into the terms compute, storage, and networking. Compute is made up of ___________________ and ___________________.Routers; hostsApplication programming interface (APIs); northbound interface (NBIs)Central processing unit (CPU); random-access memory (RAM)Virtualized; actual hardware devices

14 All of the following can be used to properly apportion cloud resources except ___________________.ReservationsSharesCancellationsLimits

15 Which of the following is a method for apportioning resources that involves setting guaranteed minimums for all tenants/customers within the environment?ReservationsSharesCancellationsLimits

16 Which of the following is a method for apportioning resources that involves setting maximum usage amounts for all tenants/customers within the environment?ReservationsSharesCancellationsLimits

17 Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations?ReservationsSharesCancellationsLimits

18 A bare-metal hypervisor is Type ___________________.1234

19 A hypervisor that runs inside another operating system (OS) is a Type ___________________ hypervisor.1234

20 A Type ___________________ hypervisor is probably more difficult to defend than other hypervisors.1234

21 One of the security challenges of operating in the cloud is that additional controls must be placed on file storage systems because ___________________.File stores are always kept in plain text in the cloudThere is no way to sanitize file storage space in the cloudVirtualization necessarily prevents the use of application-based security controlsVirtual machines are stored as snapshotted files when not in use

22 What is the main reason virtualization is used in the cloud?Virtual machines (VMs) are easier to administer.If a VM is infected with malware, it can be easily replaced.With VMs, the cloud provider does not have to deploy an entire hardware device for every new user.VMs are easier to operate than actual devices.

23 Orchestrating resource calls is the job of the ___________________.AdministratorRouterVMHypervisor

24 Which of the following terms describes a cloud storage area that uses a filesystem/hierarchy?Volume storageObject storageLogical unit number (LUN)Block storage

25 Typically, which form of cloud storage is used in the near term for snapshotted virtual machine (VM) images?Volume storageObject storageLogical unit number (LUN)Block storage

26 Who operates the management plane?RegulatorsEnd consumersPrivileged usersPrivacy data subjects

27 What is probably the optimum way to avoid vendor lock-in?Use nonproprietary data formats.Use industry-standard media.Use strong cryptography.Use favorable contract language.

28 Who will determine whether your organization’s cloud migration is satisfactory from a compliance perspective?The cloud providerThe cloud customerThe regulator(s)The Internet service provider (ISP)

29 What is probably the best way to avoid problems associated with vendor lock-out?Use strong contract language.Use nonproprietary data and media formats.Use strong cryptography.Use another provider for backup purposes.

30 In a public cloud services arrangement, who creates governance that will determine which controls are selected for the data center and how they are deployed?The cloud providerThe cloud customerThe regulator(s)The end user

31 What is the term that describes the situation when a malicious user or attacker can exit the restrictions of a virtual machine (VM) and access another VM residing on the same host?Host escapeGuest escapeProvider exitEscalation of privileges

32 What is the term that describes the situation when a malicious user or attacker can exit the restrictions of a single host and access other nodes on the network?Host escapeGuest escapeProvider exitEscalation of privileges

33 ___________________ is/are probably the main cause of virtualization sprawl.Malicious attackersLack of provider controlsLack of customer controlsEase of use

34 Sprawl is mainly a(n) ___________________ problem.TechnicalExternalManagementLogical

35 Which of the following risks exists in the traditional environment but is dramatically increased by moving into the cloud?Physical security breachesLoss of utility powerFinancial upheavalMan-in-the-middle attacks

36 A fundamental aspect of security principles, ___________________ should be implemented in the cloud as well as in traditional environments.Continual uptimeDefense in depthMultifactor authenticationSeparation of duties

37 From a security perspective, automation of configuration aids in ___________________.Enhancing performanceReducing potential attack vectorsIncreasing ease of use of the systemsReducing need for administrative personnel

38 ___________________ is the most prevalent protocol used in identity federation.Hypertext Transfer Protocol (HTTP)Security Assertion Markup Language (SAML)File Transfer Protocol (FTP)WS-Federation

39 A user signs on to a cloud-based social media platform. In another browser tab, the user finds an article worth posting to the social media platform. The user clicks on the platform’s icon listed on the article’s website, and the article is automatically posted to the user’s account on the social media platform. This is an example of what?Single sign-onInsecure direct identifiersIdentity federationCross-site scripting

40 A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to review each other, for compliance with security governance and standards they all find acceptable, what is this federation model called?Cross-certificationProxySingle sign-onRegulated

41 A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to hire a third party to review each organization, for compliance with security governance and standards they all find acceptable, what is this federation model called?Cross-certificationProxySingle sign-onRegulated

42 A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to use the web of trust model for federation, who is/are the identity provider(s)?Each organizationA trusted third partyThe regulator overseeing their industryAll of their patients

43 A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to use the web of trust model for federation, who is/are the service providers?Each organizationA trusted third partyThe regulator overseeing their industryAll of their patients

44 A group of clinics decides to create an identification federation for their users (medical providers and clinicians). In this federation, all of the participating organizations would need to be in compliance with what U.S. federal regulation?Gramm-Leach-Bliley Act (GLBA)Family and Medical Leave Act (FMLA)Payment Card Industry Data Security Standard (PCI DSS)Health Information Portability and Accountability Act (HIPAA)

45 What is the process of granting access to resources?IdentificationAuthenticationAuthorizationFederation

46 The process of identity management includes all the following elements except ___________________.ProvisioningMaintenanceDeprovisioningRedaction

47 Which organizational entity usually performs the verification part of the provisioning element of the identification process?Information technology (IT)SecurityHuman resources (HR)Sales

48 Of the following options, which is a reason cloud data center audits are often less easy to verify than traditional audits?Data in the cloud can’t be audited.Controls in the cloud can’t be audited.Getting physical access can be difficult.There are no regulators for cloud operations.

49 Of the following options, which is a reason cloud data center audits are often less easy to verify than traditional audits?Cryptography is present.Auditors don’t like the cloud.Cloud equipment is resistant to audit.They often rely on data the provider chooses to disclose.

50 Of the following options, which is a reason cloud data center audits are often less easy to verify than audits in standard data centers?They frequently rely on third parties.The standards are too difficult to follow.The paperwork is cumbersome.There aren’t enough auditors.

51 The cloud customer will usually not have physical access to the cloud data center. This enhances security by ___________________.Reducing the need for qualified personnelLimiting access to sensitive informationReducing jurisdictional exposureEnsuring statutory compliance

52 Which of the following controls would be useful to build into a virtual machine baseline image for a cloud environment?GPS tracking/locatorAutomated vulnerability scan on system startupAccess control list (ACL) of authorized personnelWrite protection

53 Which of the following controls would be useful to build into a virtual machine baseline image for a cloud environment?Automatic registration with the configuration management systemEnhanced user training and awareness mediaMechanisms that prevent the file from being copiedKeystroke loggers

54 Virtual machine (VM) configuration management (CM) tools should probably include ___________________.Biometric recognitionAnti-tampering mechanismsLog file generationHackback capabilities

55 Using a virtual machine baseline image could be very useful for which of the following options?Physical securityAuditingTrainingCustomization

56 What can be revealed by an audit of a baseline virtual image, used in a cloud environment?Adequate physical protections in the data centerPotential criminal activity before it occursWhether necessary security controls are in place and functioning properlyLack of user training and awareness

57 Using one cloud provider for your operational environment and another for your BC/DR backup will also give you the additional benefit of ___________________.Allowing any custom VM builds you use to be instantly ported to another environmentAvoiding vendor lock-in/lock-outIncreased performanceLower cost

58 Having your BC/DR backup stored with the same cloud provider as your production environment can help you ___________________.Maintain regulatory complianceSpend less of your budget on travelingTrain your users about security awarenessRecover quickly from minor incidents

59 If you use the cloud for BC/DR purposes, even if you don’t operate your production environment in the cloud, you can cut costs by eliminating your ___________________.Security personnelBC/DR policyOld access credentialsNeed for a physical hot site/warm site

60 If the cloud is used for BC/DR purposes, the loss of ___________________ could gravely affect your organization’s RTO.Any cloud administratorA specific VMYour policy and contract documentationISP connectivity

61 What is the most important asset to protect in cloud BC/DR activities?Intellectual propertyHardware at the cloud data centerPersonnelData on portable media

62 When considering cloud data replication strategies (i.e., whether you are making backups at the block, file, or database level), which element of your organization’s BC/DR plan will be most affected by your choice?Recovery time objectiveRecovery point objectiveMaximum allowable downtimeMean time to failure

63 In addition to BC/DR, what other benefit can your data archive/backup provide?Physical security enforcementAccess control methodologySecurity control against data breachAvailability for data lost accidentally

64 Which of the following risks is probably most significant when choosing to use one cloud provider for your operational environment and another for BC/DR backup/archive?Physical intrusionProprietary formats/lack of interoperabilityVendor lock-in/lock-outNatural disasters

65 Return to normal operations is a phase in BC/DR activity when the emergency is over and regular production can resume. Which of the following can sometimes be the result when the organization uses two different cloud providers for the production and BC/DR environments?Both providers are affected by the emergency, extending the time before return to normal can occur.The BC/DR provider becomes the new normal production environment.Regulators will find the organization in violation of compliance guidance.All data is lost irretrievably.

66 Which of these determines the critical assets, recovery time objective (RTO), and recover point objective (RPO) for BC/DR purposes?Business driversUser inputRegulator mandateIndustry standards

67 What artifact—which should already exist within the organization—can be used to determine the critical assets necessary to protect in the BC/DR activity?Quantitative risk analysisQualitative risk analysisBusiness impact analysisRisk appetite

68 Which of the following is probably the most important element to address if your organization is using two different cloud providers for the production and BC/DR environments?Do they cost the same?Do they have similar facility protections in place?What level of end-user support do they each offer?Can the backup provider meet the same SLA requirements as the primary?

69 In a managed cloud services arrangement, who invokes a BC/DR action?The cloud providerThe cloud customerDepends on the contractAny user

70 What do you need to do in order to fully ensure that a BC/DR action will function during a contingency?Audit all performance functions.Audit all security functions.Perform a full-scale test.Mandate this capability in the contract.

71 Which of the following is probably the most important activity, of those listed?Regularly update the BC/DR plan/process.Have contact information for all personnel in the organization.Have contact information for essential BC/DR personnel.Have contact information for local law enforcement.

72 The BC/DR plan/policy should include all of the following except ___________________.Tasking for the office responsible for maintaining/enforcing the planContact information for essential entities, including BC/DR personnel and emergency services agenciesCopies of the laws/regulations/standards governing specific elements of the planChecklists for BC/DR personnel to follow

73 The BC/DR plan/process should be written and documented in such a way that it can be used by ___________________.UsersEssential BC/DR team membersRegulatorsSomeone with the requisite skills

74 Which of the following probably poses the most significant risk to the organization?Not having essential BC/DR personnel available during a contingencyNot including all BC/DR elements in the cloud contractReturning to normal operations too soonTelecommunications outages

75 Which of the following probably poses the most significant risk to the organization?Lack of data confidentiality during a contingencyLack of regulatory compliance during a contingencyReturning to normal operations too lateLack of encrypted communications during a contingency

76 Why does the physical location of your data backup and/or BC/DR failover environment matter?It may affect regulatory compliance.Lack of physical security.Environmental factors such as humidity.It doesn’t matter. Data can be saved anywhere without consequence.

77 According to the European Union Agency for Network and Information Security (ENISA), a cloud risk assessment should provide a means for customers to accomplish all these assurance tasks except ___________________.Assess risks associated with cloud migrationCompare offerings from different cloud providersReduce the risk of regulatory noncomplianceReduce the assurance burden on cloud providers

78 The European Union Agency for Network and Information Security’s (ENISA’s) definition of cloud computing differs slightly from the definition offered by (ISC)2 (and, for instance, NIST). What is one of the characteristics listed by ENISA but not included in the (ISC)2 definition?Metered serviceShared resourcesScalabilityProgrammatic management

79 Risk should always be considered from a business perspective. Risk is often balanced by corresponding ___________________.ProfitPerformanceCostOpportunity

80 When considering the option to migrate from an on-premise environment to a hosted cloud service, an organization should weigh the risks of allowing external entities to access the cloud data for collaborative purposes against ___________________.Not securing the data in the traditional environmentDisclosing the data publiclyInviting external personnel into the traditional workspace in order to enhance collaborationSending the data outside the traditional environment for collaborative purposes

81 There are many ways to handle risk. However, the usual methods for addressing risk are not all possible in the cloud because ___________________.Cloud data risks cannot be mitigatedMigrating into a cloud environment necessarily means you are accepting all risksSome risks cannot be transferred to a cloud providerCloud providers cannot avoid risk

82 In which cloud service model does the customer lose the most control over governance?Infrastructure as a service (IaaS)Platform as a service (PaaS)Software as a service (SaaS)Private cloud

83 Which of the following poses a new risk in the cloud, not affecting the traditional, on-premise IT environment?Internal threatsMultitenancyNatural disastersDistributed denial-of-service (DDoS) attacks

84 In addition to the security offered by the cloud provider, a cloud customer must consider the security offered by ___________________.The respective regulatorThe end user(s)Any vendor the cloud customer previously used in the on-premise environmentAny third parties the provider depends on

85 Which of the following poses a new risk in the cloud, not affecting the traditional, on-premise IT environment?User carelessnessInadvertent breachDevice failureResource exhaustion

86 Where is isolation failure probably least likely to pose a significant risk?Public cloudPrivate cloudPaaS environmentSaaS environment

87 Which of the following poses a new risk in the cloud, not affecting the traditional, on-premise environment?FireLegal seizure of another firm’s assetsMandatory privacy data breach notificationsFlooding

88 Which of these does the cloud customer need to ensure protection of intellectual property created in the cloud?Digital rights management (DRM) solutionsIdentity and access management (IAM) solutionsStrong contractual clausesCrypto-shredding

89 What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another user’s virtual machine?Unauthorized data disclosureInference attacksSocial engineeringPhysical intrusion

90 Key generation in a cloud environment might have less entropy than the traditional environment for all the following reasons except ___________________.Lack of direct input devicesNo social factorsUniform buildVirtualization

91 Lack of industry-wide standards for cloud computing creates a potential for ___________________.Privacy data breachPrivacy data disclosurevendor lock-invendor lock-out

92 What can hamper the ability of a cloud customer to protect their assets in a managed services arrangement?Prohibitions on port scanning and penetration testingGeographical dispersionRules against training usersLaws that prevent them from doing so

93 Cloud administration almost necessarily violates the principles of the ___________________ security model.Brewer-Nash (Chinese Wall)Graham-DenningBell-LaPadulaBiba

94 The physical layout of a cloud data center campus should include redundancies of all the following except ___________________.Physical perimeter security controls (fences, lights, walls, etc.)The administration/support staff buildingElectrical utility linesCommunications connectivity lines

95 Best practice for planning the physical resiliency for a cloud data center facility includes ___________________.Having one point of egress for personnelEnsuring that any cabling/connectivity enters the facility from different sides of the building/propertyEnsuring that all parking areas are near generators so that personnel in high-traffic areas are always illuminated by emergency lighting, even when utility power is not availableEnsuring that the foundation of the facility is rated to withstand earthquake tremors

96 The physical layout of a cloud data center campus should include redundancies of all the following except ___________________.GeneratorsHVAC unitsGenerator fuel storagePoints of personnel ingress

97 There are two reasons to conduct a test of the organization’s recovery from backup in an environment other than the primary production environment. Which of the following is one of them?It costs more to conduct a test at the same location as the primary workplace.You don’t want to waste travel budget on what is only a test.The risk of negative impact to both production and backup is too high.There won’t be enough room for everyone to sit in the primary facility.

98 There are two reasons to conduct a test of the organization’s recovery from backup in an environment other than the primary production environment. Which of the following is one of them?It is good to invest in more than one community.You want to approximate contingency conditions, which includes not operating in the primary location.It is good for your personnel to see other places occasionally.Your regulators won’t follow you off-site, so you’ll be unobserved during your test.

99 In an IaaS arrangement, who accepts responsibility for securing cloud-based applications?The cloud providerThe cloud customerThe regulatorThe end user/client

100 Industry best practices dictate that cloud customers do not ___________________.Create their own identity and access management (IAM) solutionsCreate contract language that favors them over the providerRetrain personnel for cloud operationsEncrypt data before it reaches the cloud

101 It is possible for the cloud customer to transfer ___________________ risk to the provider, but the cloud customer always retains ultimate legal risk.MarketPerceptionDataFinancial

102 A process for ___________________ can aid in protecting against data disclosure due to lost devices.User punishmentCredential revocationLaw enforcement notificationDevice tracking

103 All of the following can be used in the process of anomaly detection except ___________________.The ratio of failed to successful loginsTransactions completed successfullyEvent time of dayMultiple concurrent logins

104 Critical components should be protected with ___________________.Strong passwordsChain-link fencesHomomorphic encryptionMultifactor authentication

105 It’s important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ___________________.Prevent unknown, unpatched assets from being used as back doors to the environmentEnsure that any lost devices are automatically entered into the acquisition system for repurchasing and replacementMaintain user morale by having their devices properly catalogued and annotatedEnsure that billing for all devices is handled by the appropriate departments

106 Which of the following can enhance data portability?Interoperable export formatsEgress monitoring solutionsStrong physical protectionsAgile business intelligence

107 Which of the following can enhance application portability?Using the same cloud provider for the production environment and archivingConducting service trials in an alternate cloud provider environmentProviding cloud-usage training for all usersTuning web application firewalls (WAFs) to detect anomalous activity in inbound communications

108 What should the cloud customer do to ensure that disaster recovery activities don’t exceed the maximum allowable downtime (MAD)?Make sure any alternate provider can support the application needs of the organization.Ensure that contact information for all first responder agencies are correct and up-to-date at all times.Select an appropriate recovery time objective (RTO).Regularly review all regulatory directives for disaster response.

109 Which of the following would probably best aid an organization in deciding whether to migrate from a traditional environment to a particular cloud provider?Rate sheets comparing a cloud provider to other cloud providersCloud provider offers to provide engineering assistance during the migrationThe cost/benefit measure of closing the organization’s relocation site (hot site/warm site) and using the cloud for disaster recovery insteadSLA satisfaction surveys from other (current and past) cloud customers

110 A cloud provider will probably require all of the following except ___________________ before a customer conducts a penetration test.NoticeDescription of scope of the testPhysical location of the launch pointKnowledge of time frame/duration

111 Cloud providers will probably not allow ___________________ as part of a customer’s penetration test.Network mappingVulnerability scanningReconnaissanceSocial engineering

112 A cloud customer performing a penetration test without the provider’s permission is risking ___________________.Malware contaminationExcessive fees for SLA violationsLoss of market shareProsecution

113 When a customer performs a penetration test in the cloud, why isn’t the test an optimum simulation of attack conditions?Attackers don’t use remote access for cloud activity.Advanced notice removes the element of surprise.When cloud customers use malware, it’s not the same as when attackers use malware.Regulator involvement changes the attack surface.

114 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. What is the technology that creates most of the cost savings in the cloud environment?EmulationSecure remote accessCrypto-shreddingVirtualization

115 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. From the customer perspective, most of the cost differential created between the traditional environment and the cloud through virtualization is achieved by removing ___________________.External risksInternal risksRegulatory complianceSunk capital investment

116 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ___________________.RiskSecurity controlsPersonnelData

117 Which of the following is a risk posed by the use of virtualization?Internal threats interrupting service through physical accidents (spilling drinks, tripping over cables, etc.)The ease of transporting stolen virtual machine imagesIncreased susceptibility of virtual systems to malwareElectromagnetic pulse

118 The tasks performed by the hypervisor in the virtual environment can be most likened to the tasks of the ___________________ in the traditional environment.Central processing unit (CPU)Security teamOperating system (OS)Pretty Good Privacy (PGP)

119 Mass storage in the cloud will most likely currently involve ___________________.Spinning plattersTape drivesMagnetic disksSolid-state drives (SSDs)

120 What is the type of cloud storage arrangement that involves the use of associating metadata with the saved data?VolumeBlockObjectRedundant

121 According to the NIST Cloud Computing Reference Architecture, which of the following is most likely a cloud carrier?Amazon Web ServicesNetflixVerizonNessus

122 Resolving resource contentions in the cloud will most likely be the job of the ___________________.RouterEmulatorRegulatorHypervisor

123 Security controls installed on a guest virtual machine operating system (VM OS) will not function when ___________________.The user is accessing the VM remotelyThe OS is not scanned for vulnerabilitiesThe OS is not subject to version controlThe VM is not active while in storage

124 Typically, SSDs are ___________________.More expensive than spinning plattersLarger than tape backupHeavier than tape librariesMore subject to malware than legacy drives

125 Typically, SSDs are ___________________.Harder to install than magnetic memoryFaster than magnetic drivesHarder to administer than tape librariesMore likely to fail than spinning platters

126 Typically, SSDs are ___________________.Impossible to destroy physicallyNot vulnerable to degaussingSubject to a longer warrantyProtected by international trade laws

127 Of the following control techniques/solutions, which can be combined to enhance the protections offered by each?Fences/firewallsAsset inventories/personnel trainingData dispersion/encryptionIntrusion prevention solutions/intrusion detection solutions

128 Of the following control techniques/solutions, which can be combined to enhance the protections offered by each?Razor tape/background checksLeast privilege/generatorsDLP/DRMPersonnel badging/secure baselines

129 Risk assessment is the responsibility of ___________________.Companies offering managed cloud servicesRegulatory bodiesEvery organizationLegislative entities

130 Which entity can best aid the organization in avoiding vendor lock-in?Senior managementThe IT security officeGeneral counselThe cloud security representative

131 Perhaps the best method for avoiding vendor lock-out is also a means for enhancing BC/DR capabilities. This is ___________________.Having a warm site within 250 miles of the primary production environmentUsing one cloud provider for primary production and another for backup purposesBuilding a data center above the flood plainCross-training all personnel

132 ___________________ can often be the result of inadvertent activity.DDoSPhishingSprawlDisasters

133 Of the following, which is probably the most significant risk in a managed cloud environment?DDoSManagement plane breachGuest escapePhysical attack on the utility service lines

134 What is the optimal number of entrances to the cloud data center campus?OneTwoThreeFour

135 The cloud data center campus physical access point should include all of the following except ___________________.Reception areaVideo surveillanceBadging procedureMantrap structures

136 Where should multiple egress points be included?At the power distribution substationWithin the data centerIn every building on the campusIn the security operations center

137 Which of the following is a risk in the cloud environment that does not exist or is not as prevalent in the traditional environment?DDoSIsolation failureExternal attackInternal attack

138 All security controls necessarily ___________________.Are expensiveDegrade performanceRequire senior management approvalWill work in the cloud environment as well as they worked in the traditional environment

139 Which of the following is a risk in the cloud environment that does not exist or is not as prevalent in the traditional environment?Legal liability in multiple jurisdictionsLoss of productivity due to DDoSAbility of users to gain access to their physical workplaceFire

140 Which of the following is a risk in the cloud environment that does not exist or is not as prevalent in the traditional environment?Loss of availability due to DDoSLoss of value due to DDoSLoss of confidentiality due to DDoSLoss of liability due to DDoS

141 DDoS attacks do not affect ___________________ for cloud customers.ProductivityAvailabilityConnectivityIntegrity

142 Sprawl in the cloud can lead to significant additional costs to the organization because of ___________________.Larger necessary physical footprintMuch larger utility consumptionSoftware licensingRequisite additional training

143 It is best to use variables in ___________________.Baseline configurationsSecurity control implementationsContract languageBC/DR tests