Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

121 Which of the following is a management risk that organizations migrating to the cloud will have to address?Insider threatVirtual sprawlDistributed denial of service (DDoS) attacksNatural disasters

122 Which kind of hypervisor is the preferred target of attackers, and why?Type 1, because it is more straightforwardType 1, because it has a greater attack surfaceType 2, because it is less protectedType 2, because it has a greater attack surface

123 Which of the following would make a good provision to include in the service-level agreement (SLA) between cloud customer and provider?Location of the data centerAmount of data uploaded/downloaded during a pay periodType of personnel security controls for network administratorsPhysical security barriers on the perimeter of the data center campus

124 What is the most significant aspect of the service-level agreement (SLA) that incentivizes the cloud provider to perform?The thoroughness with which it details all aspects of cloud processingThe financial penalty for not meeting service levelsThe legal liability for violating data breach notification requirementsThe risk exposure to the cloud provider

125 From a customer perspective, all of the following are benefits of infrastructure as a service (IaaS) cloud services except _______________.Reduced cost of ownershipReduced energy costsMetered usageReduced cost of administering the operating system (OS) in the cloud environment

126 From an academic perspective, what is the main distinction between an event and an incident?Incidents can last for extended periods (days or weeks), whereas an event is momentary.Incidents can happen at the network level, whereas events are restricted to the system level.Events are anything that can occur in the IT environment, whereas incidents are unscheduled events.Events occur only during processing, whereas incidents can occur at any time.

127 The cloud computing characteristic of elasticity promotes which aspect of the CIA triad?ConfidentialityIntegrityAvailabilityNone

128 A hosted cloud environment is great for an organization to use as _______________.Storage of physical assetsA testbed/sandboxA platform for managing unsecured production dataA cost-free service for meeting all user needs

129 What is the entity that created the Statement on Standards for Attestation Engagements (SSAE) auditing standard and certifies auditors for that standard?National Institute of Standards and Technology (NIST)European Network and Information Security Agency (ENISA)General Data Protection Regulation (GDPR)American Institute of Certified Public Accountants (AICPA)

130 The current American Institute of Certified Public Accountants (AICPA) standard codifies certain audit reporting mechanisms. What are these called?Sarbanes-Oxley Act (SOX) reportsSecure Sockets Layer (SSL) auditsSherwood Applied Business Structure Architecture (SABSA)System and Organization Controls (SOC) reports

131 Which of the following is not a report used to assess the design and selection of security controls within an organization?Consensus Assessments Initiative Questionnaire (CAIQ)Cloud Security Alliance Cloud Controls Matrix (CSA CCM)SOC 1SOC 2 Type 1

132 Which of the following is a report used to assess the implementation and effectiveness of security controls within an organization?SOC 1SOC 2 Type 1SOC 2 Type 2SOC 3

133 _______________ is an example of due care, and _______________ is an example of due diligence.Privacy data security policy; auditing the controls dictated by the privacy data security policyThe European Union General Data Protection Regulation (GDPR); the Gramm-Leach-Bliley Act (GLBA)Locks on doors; turnstilesPerimeter defenses; internal defenses

134 In a Lightweight Directory Access Protocol (LDAP) environment, each entry in a directory server is identified by a _______________.Domain name (DN)Distinguished name (DN)Directory name (DN)Default name (DN)

135 Each of the following is an element of the Identification phase of the identity and access management (IAM) process except _______________.ProvisioningInversionManagementDeprovisioning

136 Which of the following is true about two-person integrity?It forces all employees to distrust one another.It requires two different identity and access management matrices (IAM).It forces collusion for unauthorized access.It enables more thieves to gain access to the facility.

137 All of the following are statutory regulations except the _______________.Gramm-Leach-Bliley Act (GLBA)Health Information Portability and Accountability Act (HIPAA)Federal Information Systems Management Act (FISMA)Payment Card Industry Data Security Standard (PCI DSS)

138 A cloud data encryption situation where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a _______________.ThreatRiskHybrid cloud deployment modelCase of infringing on the rights of the provider

139 Which of the following is one of the benefits of a private cloud deployment?Less costHigher performanceRetaining control of governanceReduction in need for maintenance capability on the customer side

140 What are the two general delivery modes for the software as a service (SaaS) model?Ranked and freeHosted application management and software on demandIntrinsic motivation complex and undulating perspective detailsFramed and modular

141 Your organization has migrated into a platform as a service (PaaS) configuration. A network administrator within the cloud provider has accessed your data and sold a list of your users to a competitor. Who is required to make data breach notifications in accordance with all applicable laws?The network admin responsibleThe cloud providerThe regulators overseeing your deploymentYour organization

142 If an organization wants to retain the most control of their assets in the cloud, which service and deployment model combination should they choose?Platform as a service (PaaS), communityInfrastructure as a service (IaaS), hybridSoftware as a service (SaaS), publicInfrastructure as a service (IaaS), private

143 If an organization wants to realize the most cost savings by reducing administrative overhead, which service and deployment model combination should they choose?Platform as a service (PaaS), communityInfrastructure as a service (IaaS), hybridSoftware as a service (SaaS), publicInfrastructure as a service (IaaS), private

In Domain 2, the exam outline focuses on the data owned by the cloud customer, hosted in the cloud. The domain discusses methods for securing the data, including specific tools and techniques.

1 In which of these options does the encryption engine reside within the application accessing the database?Transparent encryptionSymmetric-key encryptionApplication-level encryptionHomomorphic encryption

2 You are the security team leader for an organization that has an infrastructure as a service (IaaS) production environment hosted by a cloud provider. You want to implement an event monitoring (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) solution in your production environment in order to acquire better data for security defenses and decisions. Which of the following is probably your most significant concern about implementing this solution in the cloud?The solution should give you better analysis capability by automating a great deal of the associated tasks.Dashboards produced by the tool are a flawless management benefit.You will have to coordinate with the cloud provider to ensure that the tool is acceptable and functioning properly.Senior management will be required to approve the acquisition and implementation of the tool.

3 Which of the following is not a step in the crypto-shredding process?Encrypt data with a particular encryption engine.Encrypt first resulting keys with another encryption engine.Save backup of second resulting keys.Destroy original second resulting keys.