(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests. Ben Malisow

Чтение книги онлайн.

      43 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. What should you not expect the tool to address?Sensitive data sent inadvertently in user emailsSensitive data captured by screenshotsSensitive data moved to external devicesSensitive data in the contents of files sent via File Transfer Protocol (FTP)

      44 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In order to get truly holistic coverage of your environment, you should be sure to include ____________ as a step in the deployment process.Getting signed user agreements from all usersInstallation of the solution on all assets in the cloud data centerAdoption of the tool in all routers between your users and the cloud providerEnsuring that all your customers install the tool

      45 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In order to increase the security value of the tool, you should consider combining it with _______________.Digital rights management (DRM) and security event and incident management (SIEM) toolsAn investment in upgraded project management softwareDigital insurance policiesThe Uptime Institute’s Tier certification

      46 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. You are interested in fielding the solution as an awareness tool to optimize security for your organization through conditioning user behavior. You decide to set the solution to _______________.Suspend user accounts and notify the security office when it detects possible sensitive data egress attempted by a userHalt the transaction and notify the user’s supervisor when the user attempts to transfer sensitive dataQuery the user as to whether they intend to send sensitive data upon detection of an attempted transferSever remote connections upon detection of a possible sensitive data transfer

      47 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. You understand that all of the following aspects of cloud computing may make proper deployment of the tool difficult or costly except _______________.Data will not remain in one place or form in the cloudThe cloud environment will include redundant and resilient architectureThere will be a deleterious impact on production upon installing the toolYou might not have sufficient proper administrative rights in the cloud infrastructure

      48 Egress monitoring solutions can aid all of the following security-related efforts except _______________.Access controlData exfiltrationE-discovery/forensicsData categorization/classification

      49 The cloud security professional should be aware that encryption would most likely be necessary in all the following aspects of a cloud deployment except _______________.Data at restData in motionData in useData of relief

      50 As with the traditional IT environment, cloud data encryption includes all the following elements except _______________.The userThe data itselfThe encryption engineThe encryption keys

      51 Volume storage encryption in an infrastructure as a service (IaaS) arrangement will protect against data loss due to all of the following activities except _______________.Physical loss or theft of a deviceDisgruntled usersMalicious cloud administrators accessing the dataVirtual machine snapshots stolen from storage

      52 In an infrastructure as a service (IaaS) arrangement, all of the following are examples of object storage encryption except _______________.File-level encryptionDigital rights management (DRM)Application-level encryptionTransport Layer Security (TLS)

      53 All of the following are database encryption options that could be used in a platform as a service (PaaS) implementation except _______________.File-level encryptionSecure Sockets Layer (SSL)Transparent encryptionApplication-level encryption

      54 In application-level encryption, where does the encryption engine reside?In the application accessing the databaseIn the operating system on which the application is runWithin the database accessed by the applicationIn the volume where the database resides

      55 Which of the following database encryption techniques can be used to encrypt specific tables within the database?File-level encryptionTransparent encryptionApplication-level encryptionObject-level encryption

      56 Which of the following database encryption techniques makes it difficult to perform database functions (searches, indexing, etc.)?File-level encryptionTransparent encryptionApplication-level encryptionVolume encryption

      57 According to (ISC)2, where should the cloud customer’s encryption keys be stored?With the cloud customerWith a third-party providerAt the cloud provider data centerAnywhere but with the cloud provider

      58 Which of the following is not used to determine data retention requirements?LegislationBusiness needsAverage media longevityContracts

      59 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?External hacking detectionPrediction of physical device theftData classification/categorization issuesSocial engineering attacks

      60 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting untrained personnelPredicting system outagesSending alerts for conflicts of interestEnforcing mandatory vacation

      61 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Reducing workload for production personnelDecreasing size of log filesOptimizing performanceEnsuring adequate lighting of workspaces

      62 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting ambient heating, ventilation, and air-conditioning (HVAC) problemsEnsuring proper cloud migrationDeciding risk parametersProtecting all physical entry points against the threat of fire

      63 In addition to predictive capabilities, event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) are instrumental in what other security function?Personnel safetyVehicle trackingIncident evidenceAcoustic dampening

      64 Which of the following is one of the benefits of event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM])?Greater physical securityPsychological deterrenceCost savingsMore logs can be reviewed, at faster speeds

      65 As in a traditional IT environment, proper key management is crucial in the cloud. Which of the following principles is not true regarding key management?It is good practice to introduce pseudorandom numbers when generating keys.Public keys should never be shared with anyone.Losing the keys is equivalent to losing the data.Symmetric keys should be passed out of band.

      66 Which of the following is a good business case for the use of data masking?The shipping department should get only a masked version of the customer’s address.The customer service department should get only a masked version of the customer’s Social Security (SS) number.The billing department should get only a masked version of the customer’s credit card number.The Human Resources (HR) department should get only a masked version of the employee’s driver’s license number.

      67 All of the following are methods of data masking suggested by (ISC)2 except _______________.Random substitutionAlgorithmic substitutionDeletionConflation

      68 If СКАЧАТЬ