Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 2: Certified Cloud Security Professional (CCSP)

Full screen (f)
exit full mode
Question
Which of the following roles is responsible for creating cloud components and the testing and validation of services?

A) Cloud auditor
B) Inter-cloud provider
C) Cloud service broker
D) Cloud service developer
Use Space or
up arrow
down arrow
to flip the card.
Question
Which crucial aspect of cloud computing can be most threatened by insecure APIs?

A) Automation
B) Resource pooling
C) Elasticity
D) Redundancy
Question
Every security program and process should have which of the following?

A) Severe penalties
B) Multifactor authentication
C) Foundational policy
D) Homomorphic encryption
Question
Security is a critical yet often overlooked consideration for BCDR planning. At which stage of the planning process should security be involved?

A) Scope definition
B) Requirements gathering
C) Analysis
D) Risk assessment
Question
Which of the following is NOT part of a retention policy?

A) Format
B) Costs
C) Accessibility
D) Duration
Question
Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?

A) XML
B) HTML
C) WS-Federation
D) SAML
Question
Which of the following is considered an external redundancy for a data center?

A) Power feeds to rack
B) Generators
C) Power distribution units
D) Storage systems
Question
Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?

A) SRE
B) RTO
C) RPO
D) RSL
Question
Which aspect of cloud computing will be most negatively impacted by vendor lock-in?

A) Elasticity
B) Reversibility
C) Interoperability
D) Portability
Question
In addition to battery backup, a UPS can offer which capability?

A) Breach alert
B) Confidentiality
C) Communication redundancy
D) Line conditioning
Question
What concept does the A represent within the DREAD model?

A) Affected users
B) Authorization
C) Authentication
D) Affinity
Question
Data labels could include all the following, except:

A) Multifactor authentication
B) Access restrictions
C) Confidentiality level
D) Distribution limitations
Question
The WS-Security standards are built around all of the following standards except which one?

A) SAML
B) WDSL
C) XML
D) SOAP
Question
The GAPP framework was developed through a joint effort between the major Canadian and American professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers. Which of the following is the meaning of GAPP?

A) General accounting personal privacy
B) Generally accepted privacy practices
C) Generally accepted privacy principles
D) General accounting privacy policies
Question
Having a reservation in a cloud environment can ensure operations continue in the event of high utilization across the cloud. Which of the following would NOT be a capability covered by reservations?

A) Performing business operations
B) Starting virtual machines
C) Running applications
D) Auto-scaling
Question
What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?

A) Proxy
B) Bastion
C) Honeypot
D) WAF
Question
What concept does the D represent within the STRIDE threat model?

A) Denial of service
B) Distributed
C) Data breach
D) Data loss
Question
Which of the following best describes the purpose and scope of ISO/IEC 27034-1?

A) Describes international privacy standards for cloud computing
B) Serves as a newer replacement for NIST 800-52 r4
C) Provides on overview of network and infrastructure security designed to secure cloud applications.
D) Provides an overview of application security that introduces definitive concepts, principles, and processes involved in application security.
Question
Which of the following standards primarily pertains to cabling designs and setups in a data center?

A) IDCA
B) BICSI
C) NFPA
D) Uptime Institute
Question
Many activities within a cloud environment are performed via programmatic means, where complex and distributed operations are handled without the need to perform each step individually. Which of the following concepts does this describe?

A) Orchestration
B) Provisioning
C) Automation
D) Allocation
Question
Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?

A) Virtualization
B) Multitenancy
C) Resource pooling
D) Dynamic optimization
Question
Which kind of SSAE audit report is most beneficial for a cloud customer, even though it's unlikely the cloud provider will share it?

A) SOC 3
B) SOC 1 Type 2
C) SOC 2 Type 2
D) SOC 1 Type 1
Question
Over time, what is a primary concern for data archiving?

A) Size of archives
B) Format of archives
C) Recoverability
D) Regulatory changes
Question
Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?

A) Cell blocking
B) Sandboxing
C) Pooling
D) Fencing
Question
Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

A) Memory
B) Number of users
C) Storage
D) CPU
Question
In order to prevent cloud customers from potentially consuming enormous amounts of resources within a cloud environment and thus having a negative impact on other customers, what concept is commonly used by a cloud provider?

A) Limit
B) Cap
C) Throttle
D) Reservation
Question
Cloud systems are increasingly used for BCDR solutions for organizations. What aspect of cloud computing makes their use for BCDR the most attractive?

A) On-demand self-service
B) Measured service
C) Portability
D) Broad network access
Question
All of the following are techniques to enhance the portability of cloud data, in order to minimize the potential of vendor lock-in except:

A) Ensure there are no physical limitations to moving
B) Use DRM and DLP solutions widely throughout the cloud operation
C) Ensure favorable contract terms to support portability
D) Avoid proprietary data formats
Question
The goals of SIEM solution implementation include all of the following, except:

A) Dashboarding
B) Performance enhancement
C) Trend analysis
D) Centralization of log streams
Question
What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed?

A) Dynamic clustering
B) Dynamic balancing
C) Dynamic resource scheduling
D) Dynamic optimization
Question
The different cloud service models have varying levels of responsibilities for functions and operations depending with the model's level of service. In which of the following models would the responsibility for patching lie predominantly with the cloud customer?

A) DaaS
B) SaaS
C) PaaS
D) IaaS
Question
Which of the following are attributes of cloud computing?

A) Minimal management effort and shared resources
B) High cost and unique resources
C) Rapid provisioning and slow release of resources
D) Limited access and service provider interaction
Question
Which cloud storage type requires special consideration on the part of the cloud customer to ensure they do not program themselves into a vendor lock-in situation?

A) Unstructured
B) Object
C) Volume
D) Structured
Question
What's a potential problem when object storage versus volume storage is used within IaaS for application use and dependency?

A) Object storage is only optimized for small files.
B) Object storage is its own system, and data consistency depends on replication.
C) Object storage may have availability issues.
D) Object storage is dependent on access control from the host server.
Question
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?

A) Public
B) Community
C) Hybrid
D) Private
Question
Which of the following areas of responsibility would be shared between the cloud customer and cloud provider within the Software as a Service (SaaS) category?

A) Data
B) Governance
C) Application
D) Physical
Question
DLP can be combined with what other security technology to enhance data controls?

A) DRM
B) Hypervisor
C) SIEM
D) Kerberos
Question
Which of the following aspects of security is solely the responsibility of the cloud provider?

A) Regulatory compliance
B) Physical security
C) Operating system auditing
D) Personal security of developers
Question
Which of the following APIs are most commonly used within a cloud environment?

A) REST and SAML
B) SOAP and REST
C) REST and XML
D) XML and SAML
Question
The baseline should cover which of the following?

A) Data breach alerting and reporting
B) All regulatory compliance requirements
C) As many systems throughout the organization as possible
D) A process for version control
Question
Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers. Which of the following is NOT a unit covered by limits?

A) Hypervisor
B) Cloud customer
C) Virtual machine
D) Service
Question
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

A) GLBA
B) HIPAA
C) Safe Harbor
D) SOX
Question
Which of the cloud cross-cutting aspects relates to the oversight of processes and systems, as well as to ensuring their compliance with specific policies and regulations?

A) Governance
B) Regulatory requirements
C) Service-level agreements
D) Auditability
Question
Which aspect of archiving must be tested regularly for the duration of retention requirements?

A) Availability
B) Recoverability
C) Auditability
D) Portability
Question
Which phase of the cloud data lifecycle represents the first instance where security controls can be implemented?

A) Use
B) Share
C) Store
D) Create
Question
What type of masking strategy involves making a separate and distinct copy of data with masking in place?

A) Dynamic
B) Replication
C) Static
D) Duplication
Question
With an API, various features and optimizations are highly desirable to scalability, reliability, and security. What does the REST API support that the SOAP API does NOT support?

A) Acceleration
B) Caching
C) Redundancy
D) Encryption
Question
What is the concept of isolating an application from the underlying operating system for testing purposes?

A) Abstracting
B) Application virtualization
C) Hosting
D) Sandboxing
Question
Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?

A) Reservation
B) Share
C) Limit
D) Provision
Question
Who would be responsible for implementing IPsec to secure communications for an application?

A) Developers
B) Systems staff
C) Auditors
D) Cloud customer
Question
Which regulatory system pertains to the protection of healthcare data?

A) HIPAA
B) HAS
C) HITECH
D) HFCA
Question
Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster?

A) Broad network access
B) Interoperability
C) Resource pooling
D) Portability
Question
Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?

A) Reversibility
B) Availability
C) Portability
D) Interoperability
Question
Cryptographic keys for encrypted data stored in the cloud should be ________________ .

A) Not stored with the cloud provider.
B) Generated with redundancy
C) At least 128 bits long
D) Split into groups
Question
When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is:

A) Many states have data breach notification laws.
B) Breaches can cause the loss of proprietary data.
C) Breaches can cause the loss of intellectual property.
D) Legal liability can't be transferred to the cloud provider.
Question
Key maintenance and security are paramount within a cloud environment due to the widespread use of encryption for both data and transmissions. Which of the following key-management systems would provide the most robust control over and ownership of the key-management processes for the cloud customer?

A) Remote key management service
B) Local key management service
C) Client key management service
D) Internal key management service
Question
If a company needed to guarantee through contract and SLAs that a cloud provider would always have available sufficient resources to start their services and provide a certain level of provisioning, what would the contract need to refer to?

A) Limit
B) Reservation
C) Assurance
D) Guarantee
Question
Which of the following security technologies is commonly used to give administrators access into trust zones within an environment?

A) VPN
B) WAF
C) IPSec
D) HTTPS
Question
Which of the following would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?

A) Resource pooling
B) Virtualization
C) Multitenancy
D) Regulation
Question
Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?

A) Reservations
B) Measured service
C) Limits
D) Shares
Question
If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case?

A) Multitenancy
B) Broad network access
C) Portability
D) Elasticity
Question
A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it's best to lease space in a data center or build your own data center--and now with cloud computing, whether to purchase resources within a cloud. What is the biggest advantage to leasing space in a data center versus procuring cloud services?

A) Regulations
B) Control
C) Security
D) Costs
Question
Which format is the most commonly used standard for exchanging information within a federated identity system?

A) XML
B) HTML
C) SAML
D) JSON
Question
Which of the following are the storage types associated with IaaS?

A) Volume and object
B) Volume and label
C) Volume and container
D) Object and target
Question
Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?

A) CPU
B) Users
C) Memory
D) Network
Question
Which of the following is NOT an application or utility to apply and enforce baselines on a system?

A) Chef
B) GitHub
C) Puppet
D) Active Directory
Question
Data center and operations design traditionally takes a tiered, topological approach. Which of the following standards is focused on that approach and is prevalently used throughout the industry?

A) IDCA
B) NFPA
C) BICSI
D) Uptime Institute
Question
Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight. Which of the following is not a regulatory framework for more sensitive or specialized data?

A) FIPS 140-2
B) FedRAMP
C) PCI DSS
D) HIPAA
Question
Which of the following tasks within a SaaS environment would NOT be something the cloud customer would be responsible for?

A) Authentication mechanism
B) Branding
C) Training
D) User access
Question
You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition. Which of the following cloud concepts would this pertain to?

A) Removability
B) Extraction
C) Portability
D) Reversibility
Question
BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business. Which concept pertains to the amount of data and services needed to reach the predetermined level of operations?

A) SRE
B) RPO
C) RSL
D) RTO
Question
Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?

A) SP 800-153
B) SP 800-145
C) SP 800-53
D) SP 800-40
Question
Upon completing a risk analysis, a company has four different approaches to addressing risk. Which approach it takes will be based on costs, available options, and adherence to any regulatory requirements from independent audits. Which of the following groupings correctly represents the four possible approaches?

A) Accept, avoid, transfer, mitigate
B) Accept, deny, transfer, mitigate
C) Accept, deny, mitigate, revise
D) Accept, dismiss, transfer, mitigate
Question
What strategy involves hiding data in a data set to prevent someone from identifying specific individuals based on other data fields present?

A) Anonymization
B) Tokenization
C) Masking
D) Obfuscation
Question
What process is used within a clustered system to provide high availability and load balancing?

A) Dynamic balancing
B) Dynamic clustering
C) Dynamic optimization
D) Dynamic resource scheduling
Question
Legal controls refer to which of the following?

A) ISO 27001
B) PCI DSS
C) NIST 800-53r4
D) Controls designed to comply with laws and regulations related to the cloud environment
Question
Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?

A) Platform
B) Infrastructure
C) Software
D) Desktop
Question
Which of the following roles is responsible for peering with other cloud services and providers?

A) Cloud auditor
B) Inter-cloud provider
C) Cloud service broker
D) Cloud service developer
Question
An audit scope statement defines the limits and outcomes from an audit. Which of the following would NOT be included as part of an audit scope statement?

A) Reports
B) Certification
C) Billing
D) Exclusions
Question
Which crucial aspect of cloud computing can be most threatened by insecure APIs?

A) Automation
B) Redundancy
C) Resource pooling
D) Elasticity
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/501
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 2: Certified Cloud Security Professional (CCSP)
1
Which of the following roles is responsible for creating cloud components and the testing and validation of services?

A) Cloud auditor
B) Inter-cloud provider
C) Cloud service broker
D) Cloud service developer
Cloud service developer
2
Which crucial aspect of cloud computing can be most threatened by insecure APIs?

A) Automation
B) Resource pooling
C) Elasticity
D) Redundancy
Automation
3
Every security program and process should have which of the following?

A) Severe penalties
B) Multifactor authentication
C) Foundational policy
D) Homomorphic encryption
Foundational policy
4
Security is a critical yet often overlooked consideration for BCDR planning. At which stage of the planning process should security be involved?

A) Scope definition
B) Requirements gathering
C) Analysis
D) Risk assessment
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following is NOT part of a retention policy?

A) Format
B) Costs
C) Accessibility
D) Duration
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
6
Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?

A) XML
B) HTML
C) WS-Federation
D) SAML
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following is considered an external redundancy for a data center?

A) Power feeds to rack
B) Generators
C) Power distribution units
D) Storage systems
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
8
Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?

A) SRE
B) RTO
C) RPO
D) RSL
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
9
Which aspect of cloud computing will be most negatively impacted by vendor lock-in?

A) Elasticity
B) Reversibility
C) Interoperability
D) Portability
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
10
In addition to battery backup, a UPS can offer which capability?

A) Breach alert
B) Confidentiality
C) Communication redundancy
D) Line conditioning
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
11
What concept does the A represent within the DREAD model?

A) Affected users
B) Authorization
C) Authentication
D) Affinity
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
12
Data labels could include all the following, except:

A) Multifactor authentication
B) Access restrictions
C) Confidentiality level
D) Distribution limitations
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
13
The WS-Security standards are built around all of the following standards except which one?

A) SAML
B) WDSL
C) XML
D) SOAP
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
14
The GAPP framework was developed through a joint effort between the major Canadian and American professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers. Which of the following is the meaning of GAPP?

A) General accounting personal privacy
B) Generally accepted privacy practices
C) Generally accepted privacy principles
D) General accounting privacy policies
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
15
Having a reservation in a cloud environment can ensure operations continue in the event of high utilization across the cloud. Which of the following would NOT be a capability covered by reservations?

A) Performing business operations
B) Starting virtual machines
C) Running applications
D) Auto-scaling
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
16
What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?

A) Proxy
B) Bastion
C) Honeypot
D) WAF
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
17
What concept does the D represent within the STRIDE threat model?

A) Denial of service
B) Distributed
C) Data breach
D) Data loss
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following best describes the purpose and scope of ISO/IEC 27034-1?

A) Describes international privacy standards for cloud computing
B) Serves as a newer replacement for NIST 800-52 r4
C) Provides on overview of network and infrastructure security designed to secure cloud applications.
D) Provides an overview of application security that introduces definitive concepts, principles, and processes involved in application security.
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following standards primarily pertains to cabling designs and setups in a data center?

A) IDCA
B) BICSI
C) NFPA
D) Uptime Institute
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
20
Many activities within a cloud environment are performed via programmatic means, where complex and distributed operations are handled without the need to perform each step individually. Which of the following concepts does this describe?

A) Orchestration
B) Provisioning
C) Automation
D) Allocation
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
21
Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?

A) Virtualization
B) Multitenancy
C) Resource pooling
D) Dynamic optimization
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
22
Which kind of SSAE audit report is most beneficial for a cloud customer, even though it's unlikely the cloud provider will share it?

A) SOC 3
B) SOC 1 Type 2
C) SOC 2 Type 2
D) SOC 1 Type 1
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
23
Over time, what is a primary concern for data archiving?

A) Size of archives
B) Format of archives
C) Recoverability
D) Regulatory changes
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
24
Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?

A) Cell blocking
B) Sandboxing
C) Pooling
D) Fencing
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
25
Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

A) Memory
B) Number of users
C) Storage
D) CPU
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
26
In order to prevent cloud customers from potentially consuming enormous amounts of resources within a cloud environment and thus having a negative impact on other customers, what concept is commonly used by a cloud provider?

A) Limit
B) Cap
C) Throttle
D) Reservation
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
27
Cloud systems are increasingly used for BCDR solutions for organizations. What aspect of cloud computing makes their use for BCDR the most attractive?

A) On-demand self-service
B) Measured service
C) Portability
D) Broad network access
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
28
All of the following are techniques to enhance the portability of cloud data, in order to minimize the potential of vendor lock-in except:

A) Ensure there are no physical limitations to moving
B) Use DRM and DLP solutions widely throughout the cloud operation
C) Ensure favorable contract terms to support portability
D) Avoid proprietary data formats
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
29
The goals of SIEM solution implementation include all of the following, except:

A) Dashboarding
B) Performance enhancement
C) Trend analysis
D) Centralization of log streams
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
30
What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed?

A) Dynamic clustering
B) Dynamic balancing
C) Dynamic resource scheduling
D) Dynamic optimization
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
31
The different cloud service models have varying levels of responsibilities for functions and operations depending with the model's level of service. In which of the following models would the responsibility for patching lie predominantly with the cloud customer?

A) DaaS
B) SaaS
C) PaaS
D) IaaS
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following are attributes of cloud computing?

A) Minimal management effort and shared resources
B) High cost and unique resources
C) Rapid provisioning and slow release of resources
D) Limited access and service provider interaction
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
33
Which cloud storage type requires special consideration on the part of the cloud customer to ensure they do not program themselves into a vendor lock-in situation?

A) Unstructured
B) Object
C) Volume
D) Structured
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
34
What's a potential problem when object storage versus volume storage is used within IaaS for application use and dependency?

A) Object storage is only optimized for small files.
B) Object storage is its own system, and data consistency depends on replication.
C) Object storage may have availability issues.
D) Object storage is dependent on access control from the host server.
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
35
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?

A) Public
B) Community
C) Hybrid
D) Private
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
36
Which of the following areas of responsibility would be shared between the cloud customer and cloud provider within the Software as a Service (SaaS) category?

A) Data
B) Governance
C) Application
D) Physical
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
37
DLP can be combined with what other security technology to enhance data controls?

A) DRM
B) Hypervisor
C) SIEM
D) Kerberos
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
38
Which of the following aspects of security is solely the responsibility of the cloud provider?

A) Regulatory compliance
B) Physical security
C) Operating system auditing
D) Personal security of developers
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
39
Which of the following APIs are most commonly used within a cloud environment?

A) REST and SAML
B) SOAP and REST
C) REST and XML
D) XML and SAML
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
40
The baseline should cover which of the following?

A) Data breach alerting and reporting
B) All regulatory compliance requirements
C) As many systems throughout the organization as possible
D) A process for version control
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
41
Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers. Which of the following is NOT a unit covered by limits?

A) Hypervisor
B) Cloud customer
C) Virtual machine
D) Service
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
42
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

A) GLBA
B) HIPAA
C) Safe Harbor
D) SOX
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
43
Which of the cloud cross-cutting aspects relates to the oversight of processes and systems, as well as to ensuring their compliance with specific policies and regulations?

A) Governance
B) Regulatory requirements
C) Service-level agreements
D) Auditability
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
44
Which aspect of archiving must be tested regularly for the duration of retention requirements?

A) Availability
B) Recoverability
C) Auditability
D) Portability
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
45
Which phase of the cloud data lifecycle represents the first instance where security controls can be implemented?

A) Use
B) Share
C) Store
D) Create
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
46
What type of masking strategy involves making a separate and distinct copy of data with masking in place?

A) Dynamic
B) Replication
C) Static
D) Duplication
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
47
With an API, various features and optimizations are highly desirable to scalability, reliability, and security. What does the REST API support that the SOAP API does NOT support?

A) Acceleration
B) Caching
C) Redundancy
D) Encryption
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
48
What is the concept of isolating an application from the underlying operating system for testing purposes?

A) Abstracting
B) Application virtualization
C) Hosting
D) Sandboxing
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
49
Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?

A) Reservation
B) Share
C) Limit
D) Provision
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
50
Who would be responsible for implementing IPsec to secure communications for an application?

A) Developers
B) Systems staff
C) Auditors
D) Cloud customer
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
51
Which regulatory system pertains to the protection of healthcare data?

A) HIPAA
B) HAS
C) HITECH
D) HFCA
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
52
Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster?

A) Broad network access
B) Interoperability
C) Resource pooling
D) Portability
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
53
Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?

A) Reversibility
B) Availability
C) Portability
D) Interoperability
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
54
Cryptographic keys for encrypted data stored in the cloud should be ________________ .

A) Not stored with the cloud provider.
B) Generated with redundancy
C) At least 128 bits long
D) Split into groups
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
55
When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is:

A) Many states have data breach notification laws.
B) Breaches can cause the loss of proprietary data.
C) Breaches can cause the loss of intellectual property.
D) Legal liability can't be transferred to the cloud provider.
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
56
Key maintenance and security are paramount within a cloud environment due to the widespread use of encryption for both data and transmissions. Which of the following key-management systems would provide the most robust control over and ownership of the key-management processes for the cloud customer?

A) Remote key management service
B) Local key management service
C) Client key management service
D) Internal key management service
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
57
If a company needed to guarantee through contract and SLAs that a cloud provider would always have available sufficient resources to start their services and provide a certain level of provisioning, what would the contract need to refer to?

A) Limit
B) Reservation
C) Assurance
D) Guarantee
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
58
Which of the following security technologies is commonly used to give administrators access into trust zones within an environment?

A) VPN
B) WAF
C) IPSec
D) HTTPS
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
59
Which of the following would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?

A) Resource pooling
B) Virtualization
C) Multitenancy
D) Regulation
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
60
Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?

A) Reservations
B) Measured service
C) Limits
D) Shares
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
61
If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case?

A) Multitenancy
B) Broad network access
C) Portability
D) Elasticity
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
62
A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it's best to lease space in a data center or build your own data center--and now with cloud computing, whether to purchase resources within a cloud. What is the biggest advantage to leasing space in a data center versus procuring cloud services?

A) Regulations
B) Control
C) Security
D) Costs
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
63
Which format is the most commonly used standard for exchanging information within a federated identity system?

A) XML
B) HTML
C) SAML
D) JSON
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following are the storage types associated with IaaS?

A) Volume and object
B) Volume and label
C) Volume and container
D) Object and target
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
65
Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?

A) CPU
B) Users
C) Memory
D) Network
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
66
Which of the following is NOT an application or utility to apply and enforce baselines on a system?

A) Chef
B) GitHub
C) Puppet
D) Active Directory
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
67
Data center and operations design traditionally takes a tiered, topological approach. Which of the following standards is focused on that approach and is prevalently used throughout the industry?

A) IDCA
B) NFPA
C) BICSI
D) Uptime Institute
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
68
Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight. Which of the following is not a regulatory framework for more sensitive or specialized data?

A) FIPS 140-2
B) FedRAMP
C) PCI DSS
D) HIPAA
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
69
Which of the following tasks within a SaaS environment would NOT be something the cloud customer would be responsible for?

A) Authentication mechanism
B) Branding
C) Training
D) User access
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
70
You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition. Which of the following cloud concepts would this pertain to?

A) Removability
B) Extraction
C) Portability
D) Reversibility
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
71
BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business. Which concept pertains to the amount of data and services needed to reach the predetermined level of operations?

A) SRE
B) RPO
C) RSL
D) RTO
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
72
Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?

A) SP 800-153
B) SP 800-145
C) SP 800-53
D) SP 800-40
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
73
Upon completing a risk analysis, a company has four different approaches to addressing risk. Which approach it takes will be based on costs, available options, and adherence to any regulatory requirements from independent audits. Which of the following groupings correctly represents the four possible approaches?

A) Accept, avoid, transfer, mitigate
B) Accept, deny, transfer, mitigate
C) Accept, deny, mitigate, revise
D) Accept, dismiss, transfer, mitigate
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
74
What strategy involves hiding data in a data set to prevent someone from identifying specific individuals based on other data fields present?

A) Anonymization
B) Tokenization
C) Masking
D) Obfuscation
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
75
What process is used within a clustered system to provide high availability and load balancing?

A) Dynamic balancing
B) Dynamic clustering
C) Dynamic optimization
D) Dynamic resource scheduling
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
76
Legal controls refer to which of the following?

A) ISO 27001
B) PCI DSS
C) NIST 800-53r4
D) Controls designed to comply with laws and regulations related to the cloud environment
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
77
Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?

A) Platform
B) Infrastructure
C) Software
D) Desktop
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
78
Which of the following roles is responsible for peering with other cloud services and providers?

A) Cloud auditor
B) Inter-cloud provider
C) Cloud service broker
D) Cloud service developer
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
79
An audit scope statement defines the limits and outcomes from an audit. Which of the following would NOT be included as part of an audit scope statement?

A) Reports
B) Certification
C) Billing
D) Exclusions
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
80
Which crucial aspect of cloud computing can be most threatened by insecure APIs?

A) Automation
B) Redundancy
C) Resource pooling
D) Elasticity
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 501 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree