Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

4 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You are going to conduct a full test of the BC/DR plan. Which of the following strategies is an optimum technique to avoid major issues?Have another full backup of the production environment stored prior to the test.Assign all personnel tasks to perform during the test.Have the cloud provider implement a simulated disaster at a random moment in order to maximize realistic testing.Have your regulators present at the test so they can monitor performance.

5 A Security Assertion Markup Language (SAML) identity assertion token uses the ___________________ protocol.Extensible Markup Language (XML)Hypertext Transfer Protocol (HTTP)Hypertext Markup Language (HTML)American Standard Code for Information Interchange (ASCII)

6 The minimum essential characteristics of a cloud data center are often referred to as “ping, power, pipe.” What does this term mean?Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an Internet service provider (ISP)/the InternetApplication suitability; availability; connectivityInfrastructure as a service (IaaS); software as a service (SaaS); platform as a service (PaaS)Anti-malware tools; controls against distributed denial-of-service (DDoS) attacks; physical/environmental security controls, including fire suppression

7 To support all aspects of the CIA triad (confidentiality, integrity, availability), all of the following aspects of a cloud data center need to be engineered with redundancies except ___________________.Power supplyHVACAdministrative officesInternet service provider (ISP)/connectivity lines

8 Who is the cloud carrier?The cloud customerThe cloud providerThe regulator overseeing the cloud customer’s industryThe ISP between the cloud customer and provider

9 Which of the following terms describes a means to centralize logical control of all networked nodes in the environment, abstracted from the physical connections to each?Virtual private network (VPN)Software-defined network (SDN)Access control lists (ACLs)Role-based access control (RBAC)

10 In software-defined networking (SDN), the northbound interface (NBI) usually handles traffic between the ___________________ and the ___________________.Cloud customer; ISPSDN controllers; SDN applicationsCloud provider; ISPRouter; host

11 Software-defined networking (SDN) allows network administrators and architects to perform all the following functions except ___________________.Reroute traffic based on current customer demandCreate logical subnets without having to change any actual physical connectionsFilter access to resources based on specific rules or settingsDeliver streaming media content in an efficient manner by placing it closer to the end user

12 Which of the following is a device specially purposed to handle the issuance, distribution, and storage of cryptographic keys?Key management box (KMB)Hardware security module (HSM)Ticket-granting ticket (TGT)Trusted computing base (TCB)

13 When discussing the cloud, we often segregate the data center into the terms compute, storage, and networking. Compute is made up of ___________________ and ___________________.Routers; hostsApplication programming interface (APIs); northbound interface (NBIs)Central processing unit (CPU); random-access memory (RAM)Virtualized; actual hardware devices

14 All of the following can be used to properly apportion cloud resources except ___________________.ReservationsSharesCancellationsLimits

15 Which of the following is a method for apportioning resources that involves setting guaranteed minimums for all tenants/customers within the environment?ReservationsSharesCancellationsLimits

16 Which of the following is a method for apportioning resources that involves setting maximum usage amounts for all tenants/customers within the environment?ReservationsSharesCancellationsLimits

17 Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations?ReservationsSharesCancellationsLimits

18 A bare-metal hypervisor is Type ___________________.1234

19 A hypervisor that runs inside another operating system (OS) is a Type ___________________ hypervisor.1234

20 A Type ___________________ hypervisor is probably more difficult to defend than other hypervisors.1234

21 One of the security challenges of operating in the cloud is that additional controls must be placed on file storage systems because ___________________.File stores are always kept in plain text in the cloudThere is no way to sanitize file storage space in the cloudVirtualization necessarily prevents the use of application-based security controlsVirtual machines are stored as snapshotted files when not in use

22 What is the main reason virtualization is used in the cloud?Virtual machines (VMs) are easier to administer.If a VM is infected with malware, it can be easily replaced.With VMs, the cloud provider does not have to deploy an entire hardware device for every new user.VMs are easier to operate than actual devices.

23 Orchestrating resource calls is the job of the ___________________.AdministratorRouterVMHypervisor

24 Which of the following terms describes a cloud storage area that uses a filesystem/hierarchy?Volume storageObject storageLogical unit number (LUN)Block storage

25 Typically, which form of cloud storage is used in the near term for snapshotted virtual machine (VM) images?Volume storageObject storageLogical unit number (LUN)Block storage

26 Who operates the management plane?RegulatorsEnd consumersPrivileged usersPrivacy data subjects

27 What is probably the optimum way to avoid vendor lock-in?Use nonproprietary data formats.Use industry-standard media.Use strong cryptography.Use favorable contract language.

28 Who will determine whether your organization’s cloud migration is satisfactory from a compliance perspective?The cloud providerThe cloud customerThe regulator(s)The Internet service provider (ISP)

29 What is probably the best way to avoid problems associated with vendor lock-out?Use strong contract language.Use nonproprietary data and media formats.Use strong cryptography.Use another provider for backup purposes.

30 In a public cloud services arrangement, who creates governance that will determine which controls are selected for the data center and how they are deployed?The cloud providerThe cloud customerThe regulator(s)The end user

31 What is the term that describes the situation when a malicious user or attacker can exit the restrictions of a virtual machine (VM) and access another VM residing on the same host?Host escapeGuest escapeProvider exitEscalation of privileges

32 What is the term that describes the situation when a malicious user or attacker can exit the restrictions of a single host and access other nodes on the network?Host escapeGuest escapeProvider exitEscalation of privileges

33 ___________________ is/are probably the main cause of virtualization sprawl.Malicious attackersLack of provider controlsLack of customer controlsEase of use

34 Sprawl is mainly a(n) ___________________ problem.TechnicalExternalManagementLogical

35 Which of the following risks exists in the traditional environment but is dramatically increased by moving into the cloud?Physical security breachesLoss of utility powerFinancial upheavalMan-in-the-middle attacks

36 A fundamental aspect of security principles, ___________________ should be implemented in the cloud as well as in traditional environments.Continual uptimeDefense in depthMultifactor authenticationSeparation of duties

37 From a security perspective, automation of configuration aids in ___________________.Enhancing performanceReducing potential attack vectorsIncreasing ease of use of the systemsReducing need for administrative personnel