Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

67 What artifact—which should already exist within the organization—can be used to determine the critical assets necessary to protect in the BC/DR activity?Quantitative risk analysisQualitative risk analysisBusiness impact analysisRisk appetite

68 Which of the following is probably the most important element to address if your organization is using two different cloud providers for the production and BC/DR environments?Do they cost the same?Do they have similar facility protections in place?What level of end-user support do they each offer?Can the backup provider meet the same SLA requirements as the primary?

69 In a managed cloud services arrangement, who invokes a BC/DR action?The cloud providerThe cloud customerDepends on the contractAny user

70 What do you need to do in order to fully ensure that a BC/DR action will function during a contingency?Audit all performance functions.Audit all security functions.Perform a full-scale test.Mandate this capability in the contract.

71 Which of the following is probably the most important activity, of those listed?Regularly update the BC/DR plan/process.Have contact information for all personnel in the organization.Have contact information for essential BC/DR personnel.Have contact information for local law enforcement.

72 The BC/DR plan/policy should include all of the following except ___________________.Tasking for the office responsible for maintaining/enforcing the planContact information for essential entities, including BC/DR personnel and emergency services agenciesCopies of the laws/regulations/standards governing specific elements of the planChecklists for BC/DR personnel to follow

73 The BC/DR plan/process should be written and documented in such a way that it can be used by ___________________.UsersEssential BC/DR team membersRegulatorsSomeone with the requisite skills

74 Which of the following probably poses the most significant risk to the organization?Not having essential BC/DR personnel available during a contingencyNot including all BC/DR elements in the cloud contractReturning to normal operations too soonTelecommunications outages

75 Which of the following probably poses the most significant risk to the organization?Lack of data confidentiality during a contingencyLack of regulatory compliance during a contingencyReturning to normal operations too lateLack of encrypted communications during a contingency

76 Why does the physical location of your data backup and/or BC/DR failover environment matter?It may affect regulatory compliance.Lack of physical security.Environmental factors such as humidity.It doesn’t matter. Data can be saved anywhere without consequence.

77 According to the European Union Agency for Network and Information Security (ENISA), a cloud risk assessment should provide a means for customers to accomplish all these assurance tasks except ___________________.Assess risks associated with cloud migrationCompare offerings from different cloud providersReduce the risk of regulatory noncomplianceReduce the assurance burden on cloud providers

78 The European Union Agency for Network and Information Security’s (ENISA’s) definition of cloud computing differs slightly from the definition offered by (ISC)2 (and, for instance, NIST). What is one of the characteristics listed by ENISA but not included in the (ISC)2 definition?Metered serviceShared resourcesScalabilityProgrammatic management

79 Risk should always be considered from a business perspective. Risk is often balanced by corresponding ___________________.ProfitPerformanceCostOpportunity

80 When considering the option to migrate from an on-premise environment to a hosted cloud service, an organization should weigh the risks of allowing external entities to access the cloud data for collaborative purposes against ___________________.Not securing the data in the traditional environmentDisclosing the data publiclyInviting external personnel into the traditional workspace in order to enhance collaborationSending the data outside the traditional environment for collaborative purposes

81 There are many ways to handle risk. However, the usual methods for addressing risk are not all possible in the cloud because ___________________.Cloud data risks cannot be mitigatedMigrating into a cloud environment necessarily means you are accepting all risksSome risks cannot be transferred to a cloud providerCloud providers cannot avoid risk

82 In which cloud service model does the customer lose the most control over governance?Infrastructure as a service (IaaS)Platform as a service (PaaS)Software as a service (SaaS)Private cloud

83 Which of the following poses a new risk in the cloud, not affecting the traditional, on-premise IT environment?Internal threatsMultitenancyNatural disastersDistributed denial-of-service (DDoS) attacks

84 In addition to the security offered by the cloud provider, a cloud customer must consider the security offered by ___________________.The respective regulatorThe end user(s)Any vendor the cloud customer previously used in the on-premise environmentAny third parties the provider depends on

85 Which of the following poses a new risk in the cloud, not affecting the traditional, on-premise IT environment?User carelessnessInadvertent breachDevice failureResource exhaustion

86 Where is isolation failure probably least likely to pose a significant risk?Public cloudPrivate cloudPaaS environmentSaaS environment

87 Which of the following poses a new risk in the cloud, not affecting the traditional, on-premise environment?FireLegal seizure of another firm’s assetsMandatory privacy data breach notificationsFlooding

88 Which of these does the cloud customer need to ensure protection of intellectual property created in the cloud?Digital rights management (DRM) solutionsIdentity and access management (IAM) solutionsStrong contractual clausesCrypto-shredding

89 What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another user’s virtual machine?Unauthorized data disclosureInference attacksSocial engineeringPhysical intrusion

90 Key generation in a cloud environment might have less entropy than the traditional environment for all the following reasons except ___________________.Lack of direct input devicesNo social factorsUniform buildVirtualization

91 Lack of industry-wide standards for cloud computing creates a potential for ___________________.Privacy data breachPrivacy data disclosurevendor lock-invendor lock-out

92 What can hamper the ability of a cloud customer to protect their assets in a managed services arrangement?Prohibitions on port scanning and penetration testingGeographical dispersionRules against training usersLaws that prevent them from doing so

93 Cloud administration almost necessarily violates the principles of the ___________________ security model.Brewer-Nash (Chinese Wall)Graham-DenningBell-LaPadulaBiba

94 The physical layout of a cloud data center campus should include redundancies of all the following except ___________________.Physical perimeter security controls (fences, lights, walls, etc.)The administration/support staff buildingElectrical utility linesCommunications connectivity lines

95 Best practice for planning the physical resiliency for a cloud data center facility includes ___________________.Having one point of egress for personnelEnsuring that any cabling/connectivity enters the facility from different sides of the building/propertyEnsuring that all parking areas are near generators so that personnel in high-traffic areas are always illuminated by emergency lighting, even when utility power is not availableEnsuring that the foundation of the facility is rated to withstand earthquake tremors

96 The physical layout of a cloud data center campus should include redundancies of all the following except ___________________.GeneratorsHVAC unitsGenerator fuel storagePoints of personnel ingress