Which of the following is not one of the defined security controls domains within the Cloud
Controls Matrix, published by the Cloud Security Alliance?
Response:

A.

Financial

B.

Human resources

C.

Mobile security

D.

Identity and access management

Which document will enforce uptime and availability requirements between the cloud
customer and cloud provider?
Response:

A.

Contract

B.

Operational level agreement

C.

Service level agreement

D.

Regulation

You are the security manager of a small firm that has just purchased a DLP solution to
implement in your cloud-based production environment.
In order to increase the security value of the DLP, you should consider combining it with
____________.
Response:

A.

Digital rights management (DRM) and security event and incident management (SIEM)
tools

B.

An investment in upgraded project management software

C.

Digital insurance policies

D.

The Uptime Institute’s Tier certification

The Transport Layer Security (TLS) protocol creates a secure communications channel
over public media (such as the Internet). In a typical TLS session, who initiates the
protocol?
Response:

A.

The server

B.

The client

C.

The certifying authority

D.

The ISP

Which phase of the cloud data lifecycle involves processing by a user or application?
Response: 

A.

Create

B.

Share

C.

Store

D.

Use

Which of the following should occur at each stage of the SDLC?

A.

Added functionality

B.

Management review

C.

Verification and validation

D.

Repurposing of any newly developed components

Which ISO standard refers to addressing security risks in a supply chain?

A.

ISO 27001

B.

ISO/IEC 28000:2007

C.

ISO 18799

D.

ISO 31000:2009

What is the term that describes the situation when a malicious user/attacker can exit
the restrictions of a single host and access other nodes on the network?
Response:

A.

Host escape

B.

Guest escape

C.

Provider exit

D.

Escalation of privileges

What are the phases of a software development lifecycle process model?
Response:

A.

Planning and requirements analysis, define, design, develop, testing, and maintenance

B.

Define, planning and requirements analysis, design, develop, testing, and maintenance

C.

Planning and requirements analysis, define, design, testing, develop, and maintenance

D.

Planning and requirements analysis, design, define, develop, testing, and maintenance

You are performing an audit of the security controls used in a cloud environment.
Which of the following would best serve your purpose?
Response:

A.

The business impact analysis (BIA)

B.

A copy of the VM baseline configuration

C.

The latest version of the company’s financial records

D.

A SOC 3 report from another (external) auditor