Topic 1: Exam Pool A
One of the security challenges of operating in the cloud is that additional controls must be
placed on file storage systems because ____________.
Response:
A.
File stores are always kept in plain text in the cloud
B.
There is no way to sanitize file storage space in the cloud
C.
Virtualization necessarily prevents the use of application-based security controls
D.
Virtual machines are stored as snapshotted files when not in use
Virtual machines are stored as snapshotted files when not in use
Data labels could include all the following, except:
Response:
A.
Source
B.
Delivery vendor
C.
Handling restrictions
D.
Jurisdiction
Delivery vendor
Which type of report is considered for “general” use and does not contain any
sensitive information?
Response:
A.
SOC 1
B.
SAS-70
C.
SOC 3
D.
SOC 2
SOC 3
Which standards body depends heavily on contributions and input from its open
membership base?
Response:
A.
NIST
B.
ISO
C.
ICANN
D.
CSA
CSA
The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months. The 2013 OWASP
Top Ten list includes “unvalidated redirects and forwards.”
Which of the following is a good way to protect against this problem?
Response:
A.
Don’t use redirects/forwards in your applications.
B.
Refrain from storing credentials long term.
C.
Implement security incident/event monitoring (security information and event
management (SIEM)/security information management (SIM)/security event management
(SEM)) solutions.
D.
Implement digital rights management (DRM) solutions.
Don’t use redirects/forwards in your applications.
When considering the option to migrate from an on-premises environment to a hosted
cloud service, an organization should weigh the risks of allowing external entities to access the cloud data for collaborative purposes against ____________.
Response:
A.
Not securing the data in the legacy environment
B.
Disclosing the data publicly
C.
Inviting external personnel into the legacy workspace in order to enhance collaboration
D.
Sending the data outside the legacy environment for collaborative purposes
Sending the data outside the legacy environment for collaborative purposes
According to the (ISC)2 Cloud Secure Data Life Cycle, which phase comes soon after
(or at the same time as) the Create phase?
A.
Store
B.
Use
C.
Deploy
D.
Archive
Store
All of the following are usually nonfunctional requirements except ____________.
Response:
A.
Color
B.
Sound
C.
Security
D.
Function
Function
The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common
threats to organizations participating in cloud computing.According to the CSA, an organization that suffers a data breach might suffer all of
the following negative effects except __________.
Response:
A.
Cost of compliance with notification laws
B.
Loss of public perception/goodwill
C.
Loss of market share
D.
Cost of detection
Cost of detection
TLS uses ___________ to authenticate a connection and create a shared secret for
the duration of the session.
A.
SAML 2.0
B.
X.509 certificates
C.
802.11X
D.
The Diffie-Hellman process
X.509 certificates