(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests. Ben Malisow

Чтение книги онлайн.

СКАЧАТЬ of resources that store the dataLegal order issued by the prevailing jurisdiction where the data is geographically situated

      137 Aside from the fact that the cloud customer probably cannot reach the physical storage assets of the cloud provider and that wiping an entire storage space would impact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud?All the data storage space in the cloud is already gaussed.Cloud data storage may not be affected by degaussing.Federal law prohibits it in the United States.The blast radius is too wide.

      138 Is overwriting a feasible secure sanitization method in the cloud?Yes, but only if you use multiple passes.No, because you can’t get physical access to cloud storage resources.Yes, but it requires a final pass with all zeros or ones.No, because the logical location of the stored data is almost impossible to determine.

      139 All of the following are reasons overwriting is not a viable secure sanitization method for data stored in the cloud except _______________.Overwriting an entire storage resource would affect other tenants’ dataRegulators usually frown on the practiceLocating the specific storage locations of cloud data is almost impossibleData is being backed constantly in the cloud; before you finished overwriting an entire data set, it would have been replicated elsewhere

      140 Which of the following might make crypto-shredding difficult or useless?The cloud provider also managing the organization’s keysLack of physical access to the environmentExternal attackersLack of user training and awareness

      141 Crypto-shredding requires at least ____ cryptosystem(s).OneTwoThreeFour

      142 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Ensuring profitabilityIncreasing performanceMotivating usersCorrecting accidental errors

      143 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Team building and moraleForensic investigationChoosing security controlsEnhancing quality

      144 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Compliance/auditMonitoring performanceGathering investmentEnforcing policy

      145 Who is responsible for performing archiving activities in a managed cloud environment?The cloud customerThe cloud providerThe customer’s regulatorDepends on the contract

      146 Data archiving and retention policies should include __________.How long the data must be kept before destructionThe depth of underground storage bunkers used for archivingThe names of specific personnel tasked with restoring data in the event of data loss in the operational environmentThe name(s) of regulators approving the policy

      147 What should data archiving and retention policies include?Names of personnel allowed to receive backup media, if third-party off-site archiving services are usedExplicit statement of data formats and types of storage mediaA list of personnel whose data will be archived on a regular basisWhich Internet service provider (ISP) should be used for backup procedures

      148 If the organization operates in a cloud environment, security operations procedures should include specific contact information for all of the following except _______________.Applicable regulatory entitiesFederal and local law enforcementThe originator or publisher of the governing policyThe cloud provider’s security response office

      149 If the organization operates in a cloud environment, security operations procedures should include guidance for all of the following audit or logging processes except _______________.Definition of security events and incidentsThe brand or vendor of the cloud provider’s audit or logging toolProcess for adding new audit or logging rulesProcess for filtering out false positives by amending the rule set

      150 What does nonrepudiation mean?Prohibiting certain parties from a private conversationEnsuring that a transaction is completed before saving the resultsEnsuring that someone cannot turn off auditing capabilities while performing a functionPreventing any party that participates in a transaction from claiming that it did not

CHAPTER 3 Domain 3: Cloud Platform and Infrastructure Security

      The third domain of the Certified Cloud Security Professional (CCSP) Exam Outline concerns the underlying infrastructure of the cloud, including both hardware and software, the concept of pooled resources, and a detailed discussion of identity and access management (IAM).

      1 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. Your organization has its production environment hosted in a cloud environment. You are considering using cloud backup services for your BC/DR purposes as well. What would probably be the best strategy for this approach, in terms of redundancy and resiliency?Have your cloud provider also provide BC/DR backup.Keep a BC/DR backup on the premises of your corporate headquarters.Use another cloud provider for the BC/DR backup.Move your production environment back into your corporate premises, and use your cloud provider to host your BC/DR backup.

      2 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You decide to have a tabletop test of the BC/DR activity. Which of the following will offer the best value during the test?Have all participants conduct their individual activities via remote meeting technology.Task a moderator well versed in BC/DR actions to supervise and present scenarios to the participants, including randomized special events.Provide copies of the BC/DR policy to all participants.Allow all users in your organization to participate.

      3 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. Your organization has its production environment hosted by a cloud provider, and you have appropriate protections in place. Which of the following is a significant consideration for your BC/DR backup?Enough personnel at the BC/DR recovery site to ensure proper operationsGood cryptographic key managementAccess to the servers where the BC/DR backup is storedForensic analysis capabilities

      4 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You are going to conduct a full test of the BC/DR plan. Which of the following strategies is an optimum technique to avoid major issues?Have another full backup of the production environment stored prior to the test.Assign all personnel tasks to perform during the test.Have the cloud provider implement a simulated disaster at a random moment in order to maximize realistic testing.Have your regulators present at the test so they can monitor performance.

      5 A Security Assertion Markup Language (SAML) identity assertion token uses the ___________________ protocol.Extensible Markup Language (XML)Hypertext Transfer Protocol (HTTP)Hypertext Markup Language (HTML)American Standard Code for Information Interchange (ASCII)

      6 The minimum essential characteristics of a cloud data center are often referred to as “ping, power, pipe.” What does this term mean?Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an Internet service provider (ISP)/the InternetApplication suitability; availability; connectivityInfrastructure as a service (IaaS); software as a service (SaaS); platform as a service (PaaS)Anti-malware tools; controls against distributed denial-of-service (DDoS) attacks; physical/environmental security controls, including fire suppression

      7 To support all aspects of the CIA triad (confidentiality, integrity, availability), all of the following aspects of a cloud data center need to be engineered with redundancies except ___________________.Power supplyHVACAdministrative officesInternet service provider (ISP)/connectivity lines

      8 Who is the cloud carrier?The cloud customerThe СКАЧАТЬ