A.  

DLP can provide options for quickly deleting all of the data stored in a cloud environment.

B.  

DLP can classify all data in a storage repository.

C.  

DLP never provides options for how data found in violation of a policy can be handled.

D.  

DLP can provide options for where data is stored.

E.  

DLP can provide options for how data found in violation of a policy can be handled.

A.  

A network of servers connected to execute processes

B.  

A collection of physical hardware used to run applications

C.  

A single software application hosted on the cloud

D.  

Application software deployable on infrastructure/platform

A.  

Requires extensive on-premises infrastructure

B.  

Shifts more responsibility to cloud service providers

C.  

Increases workload for developers

D.  

Eliminates need for cloud service providers

A.  

Access policies encrypt sensitive data to protect it from disclosure and unrestricted access.

B.  

Access policies define the permitted actions that can be performed on resources.

C.  

Access policies determine where data can be stored.

D.  

Access policies scan systems to detect and remove malware infections.

A.  

Monitoring network traffic

B.  

Deploying cloud services

C.  

Governing access to cloud resources

D.  

Managing software licensing

A.  

Reduces the need for security auditing

B.  

Enables consistent security configurations through automation

C.  

Increases manual control over security settings

D.  

Increases scalability of cloud resources

A.  

Access limited to log events for incident analysis

B.  

Unlimited write access for all responders at all times

C.  

Full-read access without any approval process

D.  

Persistent read access and controlled write access for critical situations

A.  

Cloud Service Customers (CSCs) are solely responsible for security in the cloud environment. The Cloud Service Providers (CSPs) are accountable.

B.  

Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) share security responsibilities. The exact allocation of responsibilities depends on the technology and context.

C.  

Cloud Service Providers (CSPs) are solely responsible for security in the cloud environment. Cloud Service Customers (CSCs) have an advisory role.

D.  

Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) share security responsibilities. The allocation of responsibilities is constant.

A.  

Continuous Monitoring

B.  

Federation

C.  

Segregation of Duties

D.  

Principle of Least Privilege

A.  

Platform as a Service (PaaS)

B.  

Serverless Functions (FaaS)

C.  

Containers

D.  

Virtual Machines (VMs)

A.  

False

B.  

True

A.  

PBAC eliminates the need for defining and managing user roles and permissions.

B.  

PBAC is easier to implement and manage compared to Role-Based Access Control (RBAC).

C.  

PBAC allows enforcement of granular, context-aware security policies using multiple attributes.

D.  

PBAC ensures that access policies are consistent across all cloud providers and platforms.

A.  

Rapid elasticity

B.  

Resource pooling

C.  

Broad network access

D.  

Measured service

E.  

On-demand self-service

A.  

MFA relies on physical tokens and biometrics to secure accounts.

B.  

MFA requires multiple forms of validation that would have to compromise.

C.  

MFA requires and uses more complex passwords to secure accounts.

D.  

MFA eliminates the need for passwords through single sign-on.

A.  

Relying on the cloud service provider's compliance certifications for all jurisdictions

B.  

Focusing on the compliance requirements defined by the laws, regulations, and standards enforced in the jurisdiction where the company is based

C.  

Relying only on established industry standards since they adequately address all compliance needs

D.  

Understanding the legal and regulatory requirements of each jurisdiction where data originates, is stored, or processed

A.  

Application logic

B.  

Access controls

C.  

Encryption solutions

D.  

Physical destruction

E.  

Asset management and tracking

A.  

More efficient and timely system updates

B.  

ISO 27001 certification

C.  

Provider can obfuscate system O/S and versions

D.  

Greater compatibility with customer IT infrastructure

E.  

Lock-In

A.  

Defining and maintaining the governance plan

B.  

Adherence to internal policies, laws, regulations, standards, and best practices

C.  

Implementing automation technologies to monitor the control implemented

D.  

Conducting regular penetration testing as stated in applicable laws and regulations

A.  

False

B.  

True

A.  

To create isolated virtual networks

B.  

To monitor network performance and activity

C.  

To distribute incoming network traffic across multiple destinations

D.  

To encrypt data for secure transmission

A.  

Formalizing cloud security policies

B.  

Implementing best-practice cloud security control objectives

C.  

Negotiating SLAs with cloud providers

D.  

Establishing a governance hierarchy

A.  

Application Consumer

B.  

Database Manager

C.  

Application Developer

D.  

Cloud Provider

E.  

Web Application CISO

A.  

Integration with network infrastructure

B.  

Adherence to software development practices

C.  

Optimization for cost reduction

D.  

Alignment with security objectives and regulatory requirements

A.  

Cloud networks are software-defined networks (SDNs)

B.  

Cloud networks rely on dedicated hardware appliances

C.  

Cloud networks are less scalable than traditional networks

D.  

Cloud networks have the same architecture as traditional networks

A.  

To create a separation between development and operations

B.  

To eliminate the need for IT operations by automating all tasks

C.  

To enhance collaboration between development and IT operations for efficient delivery

D.  

To reduce the development team size by merging roles

A.  

False

B.  

True

A.  

Monitoring application performance

B.  

Manual configuration of security policies

C.  

Installation of operating systems

D.  

Provisioning of VMs, networking and other resources

A.  

Manual patch management

B.  

Ad hoc security policies

C.  

Static resource allocation

D.  

Automated compliance checks

A.  

Intrusion Prevention System

B.  

URL filters

C.  

Data Loss Prevention

D.  

Cloud Access and Security Brokers (CASB)

E.  

Database Activity Monitoring

A.  

Platform as a Service (PaaS)

B.  

Network as a Service (NaaS)

C.  

Infrastructure as a Service (laaS)

D.  

Software as a Service (SaaS)

A.  

Configuring secondary authentication

B.  

Establishing multiple accounts

C.  

Maintaining tight control of the primary account holder credentials

D.  

Implementing least privilege accounts

E.  

Configuring role-based authentication

A.  

Provider documentation

B.  

Provider run audits and reports

C.  

Third-party attestations

D.  

Provider and consumer contracts

E.  

EDiscovery tools

A.  

Risk Impact

B.  

Domain

C.  

Control Specification

A.  

Management plane

B.  

Virtualization layers

C.  

Physical components

D.  

PaaS/SaaS services

A.  

Multi-application, single tenant environments

B.  

Long distance relationships

C.  

Multi-tenant environments

D.  

Distributed computing arrangements

E.  

Single tenant environments

A.  

To automate the data encryption process across all cloud services

B.  

To reduce the overall cost of cloud storage solutions

C.  

To apply appropriate security controls based on asset sensitivity and importance

D.  

To increase the speed of data retrieval within the cloud environment

A.  

Scope of the assessment and the exact included features and services for the assessment

B.  

Provider infrastructure information including maintenance windows and contracts

C.  

Network or architecture diagrams including all end point security devices in use

D.  

Service-level agreements between all parties

E.  

Full API access to all required services

A.  

False

B.  

True

A.  

Fixed resource allocations

B.  

Unlimited data storage capacity

C.  

Increased on-premise hardware

D.  

Elasticity of cloud resources

A.  

Customers can bypass the need for encryption

B.  

Customers retain control over their encryption keys

C.  

Customers can share their encryption keys more easily

D.  

It reduces the computational load on the cloud service provider

A.  

Ensuring secure data encryption at rest

B.  

Man-in-the-middle attacks

C.  

Increase resource consumption on servers

D.  

Data exposure to unauthorized users

A.  

Multi-tenancy

B.  

Nation-state boundaries

C.  

Measured service

D.  

Unlimited bandwidth

E.  

Hybrid clouds

A.  

Enables programmatic configuration

B.  

Decreases network security

C.  

Increases hardware dependency

D.  

Increases network complexity

A.  

Risk Impact

B.  

Domain

C.  

Control Specification

A.  

Authorization

B.  

Federation

C.  

Authentication

D.  

Provisioning

A.  

By implementing end-to-end encryption and multi-factor authentication

B.  

By conducting regular security audits and updates

C.  

By deploying intrusion detection systems and monitoring

D.  

By integrating security at the architectural and design level

A.  

Through virtualization, with administrators allocating resources based on SLAs

B.  

Through abstraction and automation to distribute resources to customers

C.  

By allocating physical systems to a single customer at a time

D.  

Through manual configuration of resources for each user need

A.  

The on demand self-service nature of cloud computing environments.

B.  

Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.

C.  

The possibility of data crossing geographic or jurisdictional boundaries.

D.  

Object-based storage in a private cloud.

E.  

The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.

A.  

False

B.  

True

A.  

Analyzing management plane logs

B.  

Regularly backing up data

C.  

Isolating the compromised system

D.  

Taking snapshots of virtual machines

A.  

Inconsistent policy standards and the proliferation of provider requirements.

B.  

Limited visibility into internal operations and technology.

C.  

Excessive details shared by the cloud provider and consequent information overload.

D.  

Poor provider documentation and over-reliance on pooled audit.

A.  

Only the cloud consumer

B.  

Only the cloud provider

C.  

Both the cloud provider and consumer

D.  

It is determined in the agreement between the entities

E.  

It is outsourced as per the entity agreement

A.  

VM communications may use a virtual network on the same hardware host

B.  

The guest OS can invoke stealth mode

C.  

Hypervisors depend upon multiple network interfaces

D.  

VM images can contain rootkits programmed to bypass firewalls

E.  

Most network security systems do not recognize encrypted VM traffic

A.  

A data destruction plan

B.  

A communication plan

C.  

A back-up website

D.  

A spill remediation kit

E.  

A rainy day fund

A.  

Administrative access

B.  

Management plane

C.  

Identity and Access Management

D.  

Single sign-on

E.  

Cloud dashboard

A.  

It identifies issues before full deployment, saving time and resources.

B.  

It increases the overall testing time and costs.

C.  

It allows skipping final verification tests.

D.  

It eliminates the need for continuous integration.

A.  

(Service and Application Logs

B.  

Security Logs

C.  

Network Logs

D.  

Debug Logs

A.  

The laws protecting customer data are based on the cloud provider and customer location only.

B.  

The confidentiality agreements between companies using cloud computing services is limited legally to the company, not the provider.

C.  

The companies using the cloud providers are the custodians of the data entrusted to them.

D.  

The cloud computing companies are absolved of all data security and associated risks through contracts and data laws.

E.  

The cloud computing companies own all customer data.

A.  

Risk assessment

B.  

Audit

C.  

Penetration testing

D.  

Incident response

A.  

Infrastructure

B.  

Datastructure

C.  

Infostructure

D.  

Applistructure

E.  

Metastructure

A.  

Management Console

B.  

Management plane

C.  

Orchestrators

D.  

Abstraction layer

A.  

The Data Security Lifecycle has six stages, is strictly linear, and never varies.

B.  

The Data Security Lifecycle has six stages, can be non-linear, and varies in that some data may never pass through all stages.

C.  

The Data Security Lifecycle has five stages, is circular, and varies in that some data may never pass through all stages.

D.  

The Data Security Lifecycle has six stages, can be non-linear, and is distinct in that data must always pass through all phases.

E.  

The Data Security Lifecycle has five stages, can be non-linear, and is distinct in that data must always pass through all phases.

A.  

Detective controls

B.  

Preventive controls

C.  

Compensating controls

D.  

Administrative controls

A.  

Automating incident response procedures

B.  

Optimizing cloud cost efficiency

C.  

Continuous monitoring of configurations

D.  

Managing user access permissions

A.  

Intrusion Detection Systems

B.  

Hardware Security Modules

C.  

Network Access Control Lists

D.  

API Gateways

A.  

Disabling unnecessary VM services and using containers

B.  

Encryption for data at rest and software bill of materials

C.  

Using secure base images, patch and configuration management

D.  

Network isolation and monitoring

A.  

Data Security Posture Management (DSPM)

B.  

SaaS Security Posture Management (SSPM)

C.  

Cloud Detection and Response (CDR)

D.  

Cloud Security Posture Management (CSPM)

A.  

Cloud customers operate independently without sharing resources

B.  

Cloud customers share a common pool of resources but are segregated and isolated from each other

C.  

Multiple cloud customers are allocated a set of dedicated resources via a common web interface

D.  

Cloud customers share resources without any segregation or isolation

A.  

Evaluation

B.  

Data Preparation

C.  

Training

D.  

Inference

A.  

It is a unit of processing that consumes memory

B.  

It does not require a hardware stack

C.  

It is always a virtual machine

D.  

It is configured for specific, established tasks

E.  

It must be containerized

A.  

The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.

B.  

The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company’s overall security posture in an efficient manner.

C.  

The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

A.  

Geolocation data exclusively

B.  

Username and password

C.  

IP address and port number

D.  

Identity, device, and contextual factors

A.  

Cloud providers are responsible for everything under the 'limited O responsibilities clauses.' The customer and the provider have joint accountability.

B.  

Cloud providers assume full responsibility for the security obligations, and cloud customers are accountable for overall compliance.

C.  

Data ownership rights are solely determined by the cloud provider, leaving organizations with no control or accountability over their data.

D.  

Organizations are accountable for the security and compliance of their data and systems, even though they may lack full visibility into their cloud provider's infrastructure.

A.  

Cloud storage management and governance

B.  

Data center infrastructure and architecture

C.  

IAM and networking

D.  

Application development and deployment

A.  

Replacing the need for security teams.

B.  

Slowing down the development process for testing.

C.  

Automating security checks and deployments.

D.  

Enhancing code quality.

A.  

False

B.  

True

A.  

False

B.  

True

A.  

Unified Threat Management (UTM).

B.  

Web Application Firewall (WAF).

C.  

Endpoint Detection and Response (EDR).

D.  

Intrusion Detection System (IDS).

A.  

False

B.  

True

A.  

On-Demand Self-Service

B.  

Broad Network Access

C.  

Resource Pooling

D.  

Rapid Elasticity

A.  

They provide real-time threat detection and response

B.  

They detail the network traffic between cloud services

C.  

They track cloud administrative activities

D.  

They report on user activities within applications

A.  

Using access controls as the sole security measure

B.  

Encrypting all objects in the repository

C.  

Encrypting the access paths only

D.  

Encrypting only sensitive objects

A.  

Platform-as-a-service (PaaS)

B.  

Desktop-as-a-service (DaaS)

C.  

Infrastructure-as-a-service (IaaS)

D.  

Identity-as-a-service (IDaaS)

E.  

Software-as-a-service (SaaS)

A.  

False

B.  

True

A.  

Legal Issues: Contracts and Electronic Discovery

B.  

Infrastructure Security

C.  

Compliance and Audit Management

D.  

Information Governance

E.  

Governance and Enterprise Risk Management

A.  

Volume storage

B.  

Platform

C.  

Database

D.  

Application

E.  

Object storage

A.  

False

B.  

True

A.  

Encryption

B.  

Organization

C.  

Knowledge management

D.  

IDS

E.  

Insulation

A.  

Function as a Service (FaaS)

B.  

Platform as a Service (PaaS)

C.  

Software as a Service (SaaS)

D.  

Infrastructure as a Service (laa

A.  

Program frameworks evaluate the performance of individual security tools

B.  

Program frameworks focus on implementing specific security technologies

C.  

Program frameworks help organize overarching security policies and objectives

D.  

Program frameworks primarily define compliance requirements for regulations

A.  

Obtain provider permission for test

B.  

Use techniques to evade cloud provider’s detection systems

C.  

Use application layer testing tools exclusively

D.  

Use network layer testing tools exclusively

E.  

Schedule vulnerability test at night