Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

62 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting ambient heating, ventilation, and air-conditioning (HVAC) problemsEnsuring proper cloud migrationDeciding risk parametersProtecting all physical entry points against the threat of fire

63 In addition to predictive capabilities, event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) are instrumental in what other security function?Personnel safetyVehicle trackingIncident evidenceAcoustic dampening

64 Which of the following is one of the benefits of event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM])?Greater physical securityPsychological deterrenceCost savingsMore logs can be reviewed, at faster speeds

65 As in a traditional IT environment, proper key management is crucial in the cloud. Which of the following principles is not true regarding key management?It is good practice to introduce pseudorandom numbers when generating keys.Public keys should never be shared with anyone.Losing the keys is equivalent to losing the data.Symmetric keys should be passed out of band.

66 Which of the following is a good business case for the use of data masking?The shipping department should get only a masked version of the customer’s address.The customer service department should get only a masked version of the customer’s Social Security (SS) number.The billing department should get only a masked version of the customer’s credit card number.The Human Resources (HR) department should get only a masked version of the employee’s driver’s license number.

67 All of the following are methods of data masking suggested by (ISC)2 except _______________.Random substitutionAlgorithmic substitutionDeletionConflation

68 If data masking is being performed for software testing purposes, which of the following is not a good masking technique to use?Random substitutionShufflingDeletionAlgorithmic substitution

69 For which use case would it probably be best to use static masking?Creating a test environment for a new applicationAllowing a customer service representative limited access to account dataProviding detailed reports to regulatorsNotifying shareholders

70 For which use case would it probably be best to use dynamic masking?Creating a test environment for a new applicationAllowing a customer service representative limited access to account dataSending incident response notificationsImplementing business continuity and disaster recovery (BC/DR)

71 What is one possible risk associated with the use of algorithmic masking for obscuring a data set?You could corrupt the production data.The data could be subject to easy inadvertent disclosure.Algorithms are two-way operations.A null set has no test value.

72 ____________ is a direct identifier, and ____________ is an indirect identifier.Username; passwordUser’s name; user’s ageUser’s IP address; user’s media access control (MAC) addressLocation; income level

73 Anonymization is the process of removing ____________ from data sets.AccessCryptographic keysNumeric valuesIdentifying information

74 Tokenization is a method of obscuring data that, other than encryption, can be used to comply with ____________ standards.Gramm-Leach-Bliley Act (GLBA)Payment Card Industry (PCI)Child Online Protection Act (COPA)Sarbanes-Oxley Act (SOX)

75 Tokenization requires at least ____ database(s).OneTwoThreeFour

76 Data owners might consider using tokenization for all of the following reasons except _______________.Regulatory or contractual complianceInferenceReduced cost of complianceMitigating risk from data lost to intrusion

77 Bit-splitting, also known as data dispersion, might be thought of as ____________ in the cloud.RAIDBIOSDDoSSYN-ACK

78 Bit-splitting also provides security against data breaches by _______________.Removing all access to unauthorized partiesEnsuring that an unauthorized user only gets a useless fragment of dataMoving data across jurisdictional boundariesTracking all incoming access requests

79 If bit-splitting is used to store data sets across multiple jurisdictions, how may this enhance security?By making seizure of data by law enforcement more difficultBy hiding it from attackers in a specific jurisdictionBy ensuring that users can only accidentally disclose data to one geographic areaBy restricting privilege user access

80 Which of the following is a possible negative aspect of bit-splitting?Less securityGreatest risk of unauthorized accessSignificantly greater processing overheadViolating regulatory compliance

81 Which of the following is a possible negative aspect of bit-splitting?It may require trust in additional third parties beyond the primary cloud service provider.There may be cause for management concern that the technology will violate internal policy.Users will have far greater difficulty understanding the implementation.Limited vendors make acquisition and support challenging.

82 Which of the following is a possible negative aspect of bit-splitting?Greater chance of physical theft of assetsLoss of public imageSome risk to availability, depending on the implementationA small fire hazard

83 Which of the following is a theoretical technology that is intended to allow encrypted material to be processed and manipulated without decrypting it first?Inverse postulationHomomorphic encryptionDidactic alignmentObverse reinstantiation

84 Which of the following is a data discovery approach used by e-commerce retailers to discern and predict shoppers’ needs?Big dataReal-time analyticsAgile analyticsAgile business intelligence

85 Which of the following is a data discovery approach that offers insight to trends of trends, using both historical and predictive approaches?Obverse polyglotismBig dataReal-time analyticsAgile analytics/business intelligence

86 Which of the following is not a data discovery technique?MetadataLabelsContent analysisData hover

87 Which of the following data discovery techniques involves using extra information automatically appended/included with the intended data when the data is created?MetadataLabelsContent analysisData hover

88 When labeling is used as a data discovery technique, who should be applying the labels?The security officeUsersData ownersRegulators

89 When data labels are being used in an environment (for discovery and other purposes), when should the labels be applied?During the risk assessmentAs part of the business impact analysis (BIA)At collection/creationWhen the discovery tools are implemented

90 Which of the following tools might be useful in data discovery efforts that are based on content analysis?Egress monitoring solutionsDigital rights management (DRM)iSCSIFibre Channel over Ethernet (FCoE)

91 All of the following might be used as data discovery characteristics in a content-analysis-based data discovery effort except _______________.KeywordsPattern matchingFrequencyInheritance

92 What is the risk to the organization posed by dashboards that display data discovery results?Increased chance of external penetrationFlawed management decisions based on edited displaysHigher likelihood of inadvertent disclosureRaised incidence of physical theft

93 Which of these is most likely to have the greatest negative impact on data discovery effort?Bandwidth latency issuesPoor physical security of the data centerSevere statutory regulationInaccurate or incomplete data

94 Cloud customers performing data discovery efforts will have to ensure that the cloud provider attends to all of the following requirements except _______________.Allowing sufficient access to large volumes of dataPreserving metadata tagsAssigning labelsPreserving and maintaining the data