A.  

The cloud consumer

B.  

The majority is covered by the consumer

C.  

It depends on the agreement

D.  

The responsibility is split equally

E.  

The cloud provider

A.  

False

B.  

True

A.  

False

B.  

True

A.  

VM communications may use a virtual network on the same hardware host

B.  

The guest OS can invoke stealth mode

C.  

Hypervisors depend upon multiple network interfaces

D.  

VM images can contain rootkits programmed to bypass firewalls

E.  

Most network security systems do not recognize encrypted VM traffic

A.  

By proxying or redirecting web traffic to the cloud provider

B.  

By utilizing a partitioned network drive

C.  

On the premise through a software or appliance installation

D.  

Both A and C

E.  

None of the above

A.  

Arbitrary contract termination by acquiring company

B.  

Resource isolation may fail

C.  

Provider may change physical location

D.  

Mass layoffs may occur

E.  

Non-binding agreements put at risk

A.  

Virtualization

B.  

Applistructure

C.  

Hypervisor

D.  

Metastructure

E.  

Orchestration

A.  

The process of specifying and maintaining access policies

B.  

Checking data storage to make sure it meets compliance requirements

C.  

Giving a third party vendor permission to work on your cloud solution

D.  

Establishing/asserting the identity to the application

E.  

Enforcing the rules by which access is granted to the resources

A.  

The on demand self-service nature of cloud computing environments.

B.  

Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.

C.  

The possibility of data crossing geographic or jurisdictional boundaries.

D.  

Object-based storage in a private cloud.

E.  

The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.

A.  

The devices used to access data have different storage formats.

B.  

The devices used to access data use a variety of operating systems and may have different programs installed on them.

C.  

The device may affect data dispersion.

D.  

The devices used to access data use a variety of applications or clients and may have different security characteristics.

E.  

The devices used to access data may have different ownership characteristics.

A.  

Multi-tenancy

B.  

Nation-state boundaries

C.  

Measured service

D.  

Unlimited bandwidth

E.  

Hybrid clouds

A.  

Management plane

B.  

Intrusion detection options

C.  

Secondary authentication factors

D.  

Network access points

E.  

Mobile security configuration options

A.  

Discovery

B.  

Custody

C.  

Subpoena

D.  

Risk Assessment

E.  

Scope

A.  

The development of a routine that covers all necessary security measures.

B.  

The diligent habits of good security practices and recording of the same.

C.  

The timely and efficient filing of security reports.

D.  

The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate.

E.  

The process of completing all forms and paperwork necessary to develop a defensible paper trail.

A.  

Application Consumer

B.  

Database Manager

C.  

Application Developer

D.  

Cloud Provider

E.  

Web Application CISO

A.  

Data Security and Encryption

B.  

Information Governance

C.  

Incident Response, Notification and Remediation

D.  

Compliance and Audit Management

E.  

Infrastructure Security