(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests. Ben Malisow

Чтение книги онлайн.

СКАЧАТЬ cloud computing characteristic of elasticity promotes which aspect of the CIA triad?ConfidentialityIntegrityAvailabilityNone

      128 A hosted cloud environment is great for an organization to use as _______________.Storage of physical assetsA testbed/sandboxA platform for managing unsecured production dataA cost-free service for meeting all user needs

      129 What is the entity that created the Statement on Standards for Attestation Engagements (SSAE) auditing standard and certifies auditors for that standard?National Institute of Standards and Technology (NIST)European Network and Information Security Agency (ENISA)General Data Protection Regulation (GDPR)American Institute of Certified Public Accountants (AICPA)

      130 The current American Institute of Certified Public Accountants (AICPA) standard codifies certain audit reporting mechanisms. What are these called?Sarbanes-Oxley Act (SOX) reportsSecure Sockets Layer (SSL) auditsSherwood Applied Business Structure Architecture (SABSA)System and Organization Controls (SOC) reports

      131 Which of the following is not a report used to assess the design and selection of security controls within an organization?Consensus Assessments Initiative Questionnaire (CAIQ)Cloud Security Alliance Cloud Controls Matrix (CSA CCM)SOC 1SOC 2 Type 1

      132 Which of the following is a report used to assess the implementation and effectiveness of security controls within an organization?SOC 1SOC 2 Type 1SOC 2 Type 2SOC 3

      133 _______________ is an example of due care, and _______________ is an example of due diligence.Privacy data security policy; auditing the controls dictated by the privacy data security policyThe European Union General Data Protection Regulation (GDPR); the Gramm-Leach-Bliley Act (GLBA)Locks on doors; turnstilesPerimeter defenses; internal defenses

      134 In a Lightweight Directory Access Protocol (LDAP) environment, each entry in a directory server is identified by a _______________.Domain name (DN)Distinguished name (DN)Directory name (DN)Default name (DN)

      135 Each of the following is an element of the Identification phase of the identity and access management (IAM) process except _______________.ProvisioningInversionManagementDeprovisioning

      136 Which of the following is true about two-person integrity?It forces all employees to distrust one another.It requires two different identity and access management matrices (IAM).It forces collusion for unauthorized access.It enables more thieves to gain access to the facility.

      137 All of the following are statutory regulations except the _______________.Gramm-Leach-Bliley Act (GLBA)Health Information Portability and Accountability Act (HIPAA)Federal Information Systems Management Act (FISMA)Payment Card Industry Data Security Standard (PCI DSS)

      138 A cloud data encryption situation where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a _______________.ThreatRiskHybrid cloud deployment modelCase of infringing on the rights of the provider

      139 Which of the following is one of the benefits of a private cloud deployment?Less costHigher performanceRetaining control of governanceReduction in need for maintenance capability on the customer side

      140 What are the two general delivery modes for the software as a service (SaaS) model?Ranked and freeHosted application management and software on demandIntrinsic motivation complex and undulating perspective detailsFramed and modular

      141 Your organization has migrated into a platform as a service (PaaS) configuration. A network administrator within the cloud provider has accessed your data and sold a list of your users to a competitor. Who is required to make data breach notifications in accordance with all applicable laws?The network admin responsibleThe cloud providerThe regulators overseeing your deploymentYour organization

      142 If an organization wants to retain the most control of their assets in the cloud, which service and deployment model combination should they choose?Platform as a service (PaaS), communityInfrastructure as a service (IaaS), hybridSoftware as a service (SaaS), publicInfrastructure as a service (IaaS), private

      143 If an organization wants to realize the most cost savings by reducing administrative overhead, which service and deployment model combination should they choose?Platform as a service (PaaS), communityInfrastructure as a service (IaaS), hybridSoftware as a service (SaaS), publicInfrastructure as a service (IaaS), private

CHAPTER 2 Domain 2: Cloud Data Security

      In Domain 2, the exam outline focuses on the data owned by the cloud customer, hosted in the cloud. The domain discusses methods for securing the data, including specific tools and techniques.

      1 In which of these options does the encryption engine reside within the application accessing the database?Transparent encryptionSymmetric-key encryptionApplication-level encryptionHomomorphic encryption

      2 You are the security team leader for an organization that has an infrastructure as a service (IaaS) production environment hosted by a cloud provider. You want to implement an event monitoring (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) solution in your production environment in order to acquire better data for security defenses and decisions. Which of the following is probably your most significant concern about implementing this solution in the cloud?The solution should give you better analysis capability by automating a great deal of the associated tasks.Dashboards produced by the tool are a flawless management benefit.You will have to coordinate with the cloud provider to ensure that the tool is acceptable and functioning properly.Senior management will be required to approve the acquisition and implementation of the tool.

      3 Which of the following is not a step in the crypto-shredding process?Encrypt data with a particular encryption engine.Encrypt first resulting keys with another encryption engine.Save backup of second resulting keys.Destroy original second resulting keys.

      4 Which of the following sanitization methods is feasible for use in the cloud?Crypto-shreddingDegaussingPhysical destructionOverwriting

      5 Which of the following is not a method for enhancing data portability?Crypto-shreddingUsing standard data formatsAvoiding proprietary servicesFavorable contract terms

      6 When implementing a digital rights management (DRM) solution in a cloud environment, which of the following does not pose an additional challenge for the cloud customer?Users might be required to install a DRM agent on their local devices.DRM solutions might have difficulty interfacing with multiple different operating systems and services.DRM solutions might have difficulty interacting with virtualized instances.Ownership of intellectual property might be difficult to ascertain.

      7 When implementing cryptography in a cloud environment, where is the worst place to store the keys?With the cloud providerOff the cloud, with the data ownerWith a third-party provider, in key escrowAnywhere but with the cloud provider

      8 Which of the following is not a security concern related to archiving data for long-term storage?Long-term storage of the related cryptographic keysFormat of the dataMedia the data resides onUnderground depth of the storage facility

      9 Data dispersion is a cloud data security technique that is most similar to which legacy implementation?Business continuity and disaster recovery (BC/DR)Redundant Array of Inexpensive Disks (RAID)Software-defined networking (SDN)Content delivery network (CDN)

      10 Data dispersion uses _______________, where the traditional implementation is called “striping.”ChunkingVaultingLumpingGrouping

      11 Data dispersion uses _______________, where the traditional implementation СКАЧАТЬ