Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

98 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, which aspect of cloud computing makes it particularly susceptible to account/service traffic hijacking?ScalabilityMetered serviceRemote accessPooled resources

99 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?Most of the cloud customer’s interaction with resources will be performed through APIs.APIs are inherently insecure.Attackers have already published vulnerabilities for all known APIs.APIs are known carcinogens.

100 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?Cloud customers and third parties are continually enhancing and modifying APIs.APIs can have automated settings.It is impossible to uninstall APIs.APIs are a form of malware.

101 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?APIs are always used for administrative access.Customers perform many high-value tasks via APIs.APIs are cursed.It is impossible to securely code APIs.

102 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, why are denial of service (DoS) attacks such a significant threat to cloud operations?DoS attackers operate internationally.There are no laws against DoS attacks, so they are impossible to prosecute.Availability issues prevent productivity in the cloud.DoS attacks that can affect cloud providers are easy to launch.

103 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what do we call denial of service (DoS) attacks staged from multiple machines against a specific target?Invasive denial of service (IDoS)Pervasive denial of service (PDoS)Massive denial of service (MDoS)Distributed denial of service (DDoS)

104 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what aspect of managed cloud services makes the threat of malicious insiders so alarming?ScalabilityMultitenancyMetered serviceFlexibility

105 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what aspect of managed cloud services makes the threat of abuse of cloud services so alarming from a management perspective?ScalabilityMultitenancyResiliencyBroadband connections

106 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, which of the following is not an aspect of due diligence that the cloud customer should be concerned with when considering a migration to a cloud provider?Ensuring that any legacy applications are not dependent on internal security controls before moving them to the cloud environmentReviewing all contractual elements to appropriately define each party’s roles, responsibilities, and requirementsAssessing the provider’s financial standing and soundnessVetting the cloud provider’s administrators and personnel to ensure the same level of trust as the legacy environment

107 The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. A cloud customer that does not perform sufficient due diligence can suffer harm if the cloud provider they’ve selected goes out of business. What do we call this problem?Vendor lock-inVendor lockoutVendor incapacityUnscaled

108 Which of the following is not a method for creating logical segmentation in a cloud data center?Virtual local area networks (VLANs)Network address translation (NAT)BridgingHubs

109 According to (ISC)2, the lack/ambiguity of physical endpoints as individual network components in the cloud environment creates what kind of threat/concern?The lack of defined endpoints makes it difficult to uniformly define, manage, and protect IT assets.Without physical endpoints, it is impossible to apply security controls to an environment.Without physical endpoints, it is impossible to track user activity.The lack of physical endpoints increases the opportunity for physical theft/damage.

110 When should cloud providers allow platform as a service (PaaS) customers shell access to the servers running their instances?NeverWeeklyOnly when the contract stipulates that requirementAlways

111 In a PaaS implementation, each instance should have its own user-level permissions; when instances share common policies/controls, the cloud security professional should be careful to reduce the possibility of _______________ and _______________ over time.Denial of service (DoS)/physical theftAuthorization creep/inheritanceSprawl/hashingIntercession/side-channel attacks

112 In a platform as a service (PaaS) environment, user access management often requires that data about user activity be collected, analyzed, audited, and reported against rule-based criteria. These criteria are usually based on _______________ .International standardsFederal regulationsOrganizational policiesFederation directives

113 An essential element of access management, _______________ is the practice of confirming that an individual is who they claim to be.AuthenticationAuthorizationNonrepudiationRegression

114 An essential element of access management, _______________ is the practice of granting permissions based on validated identification.AuthenticationAuthorizationNonrepudiationRegression

115 What is the usual order of an access management process?Access-authorization-authenticationAuthentication-authorization-accessAuthorization-authentication-accessAuthentication-access-authorization

116 Why are platform as a service (PaaS) environments at a higher likelihood of suffering backdoor vulnerabilities?They rely on virtualization.They are often used for software development.They have multitenancy.They are scalable.

117 Backdoors are sometimes left in software by developers _______________.In lieu of other security controlsAs a means to counter denial of service (DoS) attacksInadvertently or on purposeAs a way to distract attackers

118 Alice is staging an attack against Bob’s website. She is able to introduce a string of command code into a database Bob is running, simply by entering the command string into a data field. This is an example of which type of attack?Insecure direct object referenceBuffer overflowSQL injectionDenial of service

119 Bob is staging an attack against Alice’s website. He is able to embed a link on her site that will execute malicious code on a visitor’s machine if the visitor clicks on the link. This is an example of which type of attack?Cross-site scriptingBroken authentication/session managementSecurity misconfigurationInsecure cryptographic storage

120 Alice is staging an attack against Bob’s website. She has discovered that Bob has been storing cryptographic keys on a server with a default admin password and is able to get access to those keys and violate confidentiality and access controls. This is an example of which type of attack?SQL injectionBuffer overflowUsing components with known vulnerabilitiesSecurity misconfiguration