Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

97 There are two reasons to conduct a test of the organization’s recovery from backup in an environment other than the primary production environment. Which of the following is one of them?It costs more to conduct a test at the same location as the primary workplace.You don’t want to waste travel budget on what is only a test.The risk of negative impact to both production and backup is too high.There won’t be enough room for everyone to sit in the primary facility.

98 There are two reasons to conduct a test of the organization’s recovery from backup in an environment other than the primary production environment. Which of the following is one of them?It is good to invest in more than one community.You want to approximate contingency conditions, which includes not operating in the primary location.It is good for your personnel to see other places occasionally.Your regulators won’t follow you off-site, so you’ll be unobserved during your test.

99 In an IaaS arrangement, who accepts responsibility for securing cloud-based applications?The cloud providerThe cloud customerThe regulatorThe end user/client

100 Industry best practices dictate that cloud customers do not ___________________.Create their own identity and access management (IAM) solutionsCreate contract language that favors them over the providerRetrain personnel for cloud operationsEncrypt data before it reaches the cloud

101 It is possible for the cloud customer to transfer ___________________ risk to the provider, but the cloud customer always retains ultimate legal risk.MarketPerceptionDataFinancial

102 A process for ___________________ can aid in protecting against data disclosure due to lost devices.User punishmentCredential revocationLaw enforcement notificationDevice tracking

103 All of the following can be used in the process of anomaly detection except ___________________.The ratio of failed to successful loginsTransactions completed successfullyEvent time of dayMultiple concurrent logins

104 Critical components should be protected with ___________________.Strong passwordsChain-link fencesHomomorphic encryptionMultifactor authentication

105 It’s important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ___________________.Prevent unknown, unpatched assets from being used as back doors to the environmentEnsure that any lost devices are automatically entered into the acquisition system for repurchasing and replacementMaintain user morale by having their devices properly catalogued and annotatedEnsure that billing for all devices is handled by the appropriate departments

106 Which of the following can enhance data portability?Interoperable export formatsEgress monitoring solutionsStrong physical protectionsAgile business intelligence

107 Which of the following can enhance application portability?Using the same cloud provider for the production environment and archivingConducting service trials in an alternate cloud provider environmentProviding cloud-usage training for all usersTuning web application firewalls (WAFs) to detect anomalous activity in inbound communications

108 What should the cloud customer do to ensure that disaster recovery activities don’t exceed the maximum allowable downtime (MAD)?Make sure any alternate provider can support the application needs of the organization.Ensure that contact information for all first responder agencies are correct and up-to-date at all times.Select an appropriate recovery time objective (RTO).Regularly review all regulatory directives for disaster response.

109 Which of the following would probably best aid an organization in deciding whether to migrate from a traditional environment to a particular cloud provider?Rate sheets comparing a cloud provider to other cloud providersCloud provider offers to provide engineering assistance during the migrationThe cost/benefit measure of closing the organization’s relocation site (hot site/warm site) and using the cloud for disaster recovery insteadSLA satisfaction surveys from other (current and past) cloud customers

110 A cloud provider will probably require all of the following except ___________________ before a customer conducts a penetration test.NoticeDescription of scope of the testPhysical location of the launch pointKnowledge of time frame/duration

111 Cloud providers will probably not allow ___________________ as part of a customer’s penetration test.Network mappingVulnerability scanningReconnaissanceSocial engineering

112 A cloud customer performing a penetration test without the provider’s permission is risking ___________________.Malware contaminationExcessive fees for SLA violationsLoss of market shareProsecution

113 When a customer performs a penetration test in the cloud, why isn’t the test an optimum simulation of attack conditions?Attackers don’t use remote access for cloud activity.Advanced notice removes the element of surprise.When cloud customers use malware, it’s not the same as when attackers use malware.Regulator involvement changes the attack surface.

114 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. What is the technology that creates most of the cost savings in the cloud environment?EmulationSecure remote accessCrypto-shreddingVirtualization

115 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. From the customer perspective, most of the cost differential created between the traditional environment and the cloud through virtualization is achieved by removing ___________________.External risksInternal risksRegulatory complianceSunk capital investment

116 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ___________________.RiskSecurity controlsPersonnelData

117 Which of the following is a risk posed by the use of virtualization?Internal threats interrupting service through physical accidents (spilling drinks, tripping over cables, etc.)The ease of transporting stolen virtual machine imagesIncreased susceptibility of virtual systems to malwareElectromagnetic pulse

118 The tasks performed by the hypervisor in the virtual environment can be most likened to the tasks of the ___________________ in the traditional environment.Central processing unit (CPU)Security teamOperating system (OS)Pretty Good Privacy (PGP)

119 Mass storage in the cloud will most likely currently involve ___________________.Spinning plattersTape drivesMagnetic disksSolid-state drives (SSDs)

120 What is the type of cloud storage arrangement that involves the use of associating metadata with the saved data?VolumeBlockObjectRedundant

121 According to the NIST Cloud Computing Reference Architecture, which of the following is most likely a cloud carrier?Amazon Web ServicesNetflixVerizonNessus

122 Resolving resource contentions in the cloud will most likely be the job of the ___________________.RouterEmulatorRegulatorHypervisor

123 Security controls installed on a guest virtual machine operating system (VM OS) will not function when ___________________.The user is accessing the VM remotelyThe OS is not scanned for vulnerabilitiesThe OS is not subject to version controlThe VM is not active while in storage

124 Typically, SSDs are ___________________.More expensive than spinning plattersLarger than tape backupHeavier than tape librariesMore subject to malware than legacy drives

125 Typically, SSDs are ___________________.Harder to install than magnetic memoryFaster than magnetic drivesHarder to administer than tape librariesMore likely to fail than spinning platters