Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

39 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In which of the following cases would you not have to get permission from the cloud provider to install and implement the tool?If it’s hardware-based and your production environment is in an infrastructure as a service (IaaS) modelIf you purchased it from a vendor other than the cloud providerIf it’s software-based and your production environment is in a platform as a service (PaaS) modelIf it affects all guest instances on any given host device

40 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. Before implementing the solution, what should you explain to senior management?The additional risks of external attack associated with using the toolThe production impact it will have on the environmentWhat the price of the tool wasHow the solution works

41 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. Which of these activities should you perform before deploying the tool?Survey your company’s departments about the data under their control.Reconstruct your firewalls.Harden all your routers.Adjust the hypervisors.

42 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. What should you expect immediately following the implementation of the tool?Immediate decrease in lost dataA series of false-positive indicationsIncrease in morale across the organizationIncrease in gross revenue

43 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. What should you not expect the tool to address?Sensitive data sent inadvertently in user emailsSensitive data captured by screenshotsSensitive data moved to external devicesSensitive data in the contents of files sent via File Transfer Protocol (FTP)

44 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In order to get truly holistic coverage of your environment, you should be sure to include ____________ as a step in the deployment process.Getting signed user agreements from all usersInstallation of the solution on all assets in the cloud data centerAdoption of the tool in all routers between your users and the cloud providerEnsuring that all your customers install the tool

45 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. In order to increase the security value of the tool, you should consider combining it with _______________.Digital rights management (DRM) and security event and incident management (SIEM) toolsAn investment in upgraded project management softwareDigital insurance policiesThe Uptime Institute’s Tier certification

46 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. You are interested in fielding the solution as an awareness tool to optimize security for your organization through conditioning user behavior. You decide to set the solution to _______________.Suspend user accounts and notify the security office when it detects possible sensitive data egress attempted by a userHalt the transaction and notify the user’s supervisor when the user attempts to transfer sensitive dataQuery the user as to whether they intend to send sensitive data upon detection of an attempted transferSever remote connections upon detection of a possible sensitive data transfer

47 You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud-based production environment. You understand that all of the following aspects of cloud computing may make proper deployment of the tool difficult or costly except _______________.Data will not remain in one place or form in the cloudThe cloud environment will include redundant and resilient architectureThere will be a deleterious impact on production upon installing the toolYou might not have sufficient proper administrative rights in the cloud infrastructure

48 Egress monitoring solutions can aid all of the following security-related efforts except _______________.Access controlData exfiltrationE-discovery/forensicsData categorization/classification

49 The cloud security professional should be aware that encryption would most likely be necessary in all the following aspects of a cloud deployment except _______________.Data at restData in motionData in useData of relief

50 As with the traditional IT environment, cloud data encryption includes all the following elements except _______________.The userThe data itselfThe encryption engineThe encryption keys

51 Volume storage encryption in an infrastructure as a service (IaaS) arrangement will protect against data loss due to all of the following activities except _______________.Physical loss or theft of a deviceDisgruntled usersMalicious cloud administrators accessing the dataVirtual machine snapshots stolen from storage

52 In an infrastructure as a service (IaaS) arrangement, all of the following are examples of object storage encryption except _______________.File-level encryptionDigital rights management (DRM)Application-level encryptionTransport Layer Security (TLS)

53 All of the following are database encryption options that could be used in a platform as a service (PaaS) implementation except _______________.File-level encryptionSecure Sockets Layer (SSL)Transparent encryptionApplication-level encryption

54 In application-level encryption, where does the encryption engine reside?In the application accessing the databaseIn the operating system on which the application is runWithin the database accessed by the applicationIn the volume where the database resides

55 Which of the following database encryption techniques can be used to encrypt specific tables within the database?File-level encryptionTransparent encryptionApplication-level encryptionObject-level encryption

56 Which of the following database encryption techniques makes it difficult to perform database functions (searches, indexing, etc.)?File-level encryptionTransparent encryptionApplication-level encryptionVolume encryption

57 According to (ISC)2, where should the cloud customer’s encryption keys be stored?With the cloud customerWith a third-party providerAt the cloud provider data centerAnywhere but with the cloud provider

58 Which of the following is not used to determine data retention requirements?LegislationBusiness needsAverage media longevityContracts

59 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?External hacking detectionPrediction of physical device theftData classification/categorization issuesSocial engineering attacks

60 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting untrained personnelPredicting system outagesSending alerts for conflicts of interestEnforcing mandatory vacation

61 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Reducing workload for production personnelDecreasing size of log filesOptimizing performanceEnsuring adequate lighting of workspaces