A.  

Network Attached Storage (NAS)

B.  

Block storage

C.  

File storage

D.  

Object storage

A.  

Authorization

B.  

Federation

C.  

Authentication

D.  

Provisioning

A.  

Cloud Service Customers (CSCs) are solely responsible for security in the cloud environment. The Cloud Service Providers (CSPs) are accountable.

B.  

Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) share security responsibilities. The exact allocation of responsibilities depends on the technology and context.

C.  

Cloud Service Providers (CSPs) are solely responsible for security in the cloud environment. Cloud Service Customers (CSCs) have an advisory role.

D.  

Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) share security responsibilities. The allocation of responsibilities is constant.

A.  

Implementation guidance

B.  

Control objectives

C.  

Policies

D.  

Control specifications

A.  

The laws protecting customer data are based on the cloud provider and customer location only.

B.  

The confidentiality agreements between companies using cloud computing services is limited legally to the company, not the provider.

C.  

The companies using the cloud providers are the custodians of the data entrusted to them.

D.  

The cloud computing companies are absolved of all data security and associated risks through contracts and data laws.

E.  

The cloud computing companies own all customer data.

A.  

IaC is primarily used for designing network security policies

B.  

IaC enables automated and consistent deployment of recovery environments

C.  

IaC provides encryption and secure key management during recovery

D.  

IaC automates incident detection and alerting mechanisms

A.  

Relying on the cloud service provider's compliance certifications for all jurisdictions

B.  

Focusing on the compliance requirements defined by the laws, regulations, and standards enforced in the jurisdiction where the company is based

C.  

Relying only on established industry standards since they adequately address all compliance needs

D.  

Understanding the legal and regulatory requirements of each jurisdiction where data originates, is stored, or processed

A.  

To increase data transfer speeds within the cloud environment

B.  

To reduce the cost of cloud services

C.  

To ensure compliance, security, and efficient management aligned with the organization's goals

D.  

To eliminate the need for on-premises data centers

A.  

It replaces the need to enforce the principles of the need to know

B.  

It ensures only authorized users have access to resources

C.  

It automates and streamlines security processes in the organization

D.  

It reduces the need for regular security training and auditing, and frees up cybersecurity budget

A.  

Virtual Private Network (VPN)

B.  

Domain Name System (DNS)

C.  

Network Address Translation (NAT)

D.  

Virtual Local Area Network (VLAN)

A.  

Continuous Monitoring

B.  

Federation

C.  

Segregation of Duties

D.  

Principle of Least Privilege

A.  

It aids in determining the source IP of the attacker.

B.  

Because it simplifies the recovery process and increases the response time.

C.  

To prevent further unauthorized access and limit the management plane blast radius.

D.  

To facilitate the eradication of malware.

A.  

Policies and procedures shall be established for managing the risks associated with applying changes to business-critical or customer (tenant)-impacting (physical and virtual) applications and system-system interface (API) designs and configurations, infrastructure network and systems components.

B.  

Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationally-owned ormanaged user end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.

C.  

All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved for usage and the storage of company business data.

D.  

None of the above

A.  

Use of encryption for all data at rest

B.  

Implementation of robust IAM and network security practices

C.  

Regular software updates and patch management

D.  

Deployment of multi-factor authentication only

A.  

It consolidates logs into a single location.

B.  

It decreases the amount of data that needs to be reviewed.

C.  

It encrypts all logs to prevent unauthorized access.

D.  

It automatically resolves all detected security threats.

A.  

Relies only on automated security testing tools

B.  

Emphasizes post-deployment security audits

C.  

Focuses on security only during the testing phase

D.  

Integrates security early in the development process

A.  

The on demand self-service nature of cloud computing environments.

B.  

Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.

C.  

The possibility of data crossing geographic or jurisdictional boundaries.

D.  

Object-based storage in a private cloud.

E.  

The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.

A.  

False

B.  

True

A.  

Limiting deployment to a single cloud service

B.  

Establishing identity and access management protocols

C.  

Reducing the amount of cloud storage used

D.  

Management plane compatibility and consistent controls

A.  

You might not have the ability or administrative rights to search or access all hosted data.

B.  

The cloud provider must conduct the search with the full administrative controls.

C.  

All cloud-hosted email accounts are easily searchable.

D.  

Search and discovery time is always factored into a contract between the consumer and provider.

E.  

You can easily search across your environment using any E-Discovery tool.

A.  

The development of a routine that covers all necessary security measures.

B.  

The diligent habits of good security practices and recording of the same.

C.  

The timely and efficient filing of security reports.

D.  

The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate.

E.  

The process of completing all forms and paperwork necessary to develop a defensible paper trail.

A.  

Data storage

B.  

Network configurations

C.  

User permissions

D.  

Trigger events

A.  

You should apply cloud firewalls on a per-network basis.

B.  

You should deploy your cloud firewalls identical to the existing firewalls.

C.  

You should always open traffic between workloads in the same virtual subnet for better visibility.

D.  

You should implement a default allow with cloud firewalls and then restrict as necessary.

E.  

You should implement a default deny with cloud firewalls.

A.  

To meet legal requirements and avoid fines

B.  

To ensure effective and continuous improvement of security measures

C.  

To document all cybersecurity incidents and monitor them overtime

D.  

To reduce the number of security incidents to zero

A.  

Cascade-and-filter approach

B.  

Parallel processing approach

C.  

Streamlined single-filter method

D.  

Unfiltered bulk analysis

A.  

Identifies code vulnerabilities early in the development

B.  

Increases the speed of deployment to production

C.  

Improves runtime performance of the application

D.  

Enhances the user interface of the application

A.  

Automating the VM image creation processes

B.  

Managing network configurations for VMs

C.  

Providing backup solutions for VM images

D.  

Enhancing security of VM images

A.  

Anomaly detection

B.  

Assisting analysts

C.  

Threat intelligence

D.  

Automated responses

A.  

Developing a cloud service provider evaluation criterion

B.  

Deploying automated security monitoring tools across cloud services

C.  

Establishing a Cloud Incident Response Team and response plans

D.  

Conducting regular vulnerability assessments on cloud infrastructure

A.  

Software as a Service (SaaS)

B.  

Database as a Service (DBaaS)

C.  

Platform as a Service (PaaS)

D.  

Infrastructure as a Service (IaaS)

A.  

SDN is a hardware-based solution for optimizing network performance

B.  

SDN eliminates the need for physical network devices and cabling

C.  

SDN allows networks to be dynamically configured and managed through software

D.  

SDN is primarily focused on improving network security through advanced firewalls

A.  

Documenting lessons learned and finalizing reports

B.  

Restoring systems to operational status while preventing recurrence

C.  

Monitoring network traffic for anomalies

D.  

Identifying and classifying security threats

A.  

The IdP is used for authentication purposes and does not play a role in managing access to deployments.

B.  

The IdP manages user, group, and role mappings for access to deployments across cloud providers.

C.  

The IdP solely manages access within a deployment and resides within the deployment infrastructure.

D.  

The IdP is responsible for creating deployments and setting up access policies within a single cloud provider.

A.  

Rapid elasticity

B.  

Resource pooling

C.  

Broad network access

D.  

Measured service

E.  

On-demand self-service

A.  

Legal Issues: Contracts and Electronic Discovery

B.  

Infrastructure Security

C.  

Compliance and Audit Management

D.  

Information Governance

E.  

Governance and Enterprise Risk Management

A.  

Infrastructure

B.  

Datastructure

C.  

Infostructure

D.  

Applistructure

E.  

Metastructure

A.  

Access control

B.  

Federated Identity Management

C.  

Authoritative source

D.  

Entitlement

E.  

Authentication

A.  

To encrypt data within VMs for secure storage

B.  

To facilitate direct manual intervention in VM deployments

C.  

To enable rapid scaling of virtual machines on demand

D.  

To ensure consistency, security, and efficiency in VM image creation

A.  

Downloading images from random online repositories

B.  

Using image factories and trusted sources

C.  

Cloning existing, running VMs

D.  

Manually configuring each VM image

A.  

It allows single set credential access to multiple systems and services

B.  

It encrypts data between multiple systems and services

C.  

It segregates user permissions across different systems and services

D.  

It enhances multi-factor authentication across all systems and services

A.  

Application logic

B.  

Access controls

C.  

Encryption solutions

D.  

Physical destruction

E.  

Asset management and tracking

A.  

False

B.  

True

A.  

Reduces the need for security auditing

B.  

Enables consistent security configurations through automation

C.  

Increases manual control over security settings

D.  

Increases scalability of cloud resources

A.  

The IdP relies on the relying party to authenticate and authorize users.

B.  

The relying party makes assertions to the IdP about user authorizations.

C.  

The IdP and relying party have no direct trust relationship.

D.  

The IdP makes assertions to the relying party after building a trust relationship.

A.  

Risk assessment

B.  

Audit

C.  

Penetration testing

D.  

Incident response

A.  

The hypervisor

B.  

Virtualization management components apart from the hypervisor

C.  

Configuration and VM sprawl issues

D.  

All of the above

A.  

To encrypt data at rest and in transit

B.  

Ensure only authorized entities access resources

C.  

To monitor and log all user activities and traffic

D.  

Ensure all users have the same level of access

A.  

A list of permissions assigned to different users

B.  

A network resource that handles authorization requests

C.  

A database containing all entitlements

D.  

A trusted system holding accurate identity information

A.  

PBAC eliminates the need for defining and managing user roles and permissions.

B.  

PBAC is easier to implement and manage compared to Role-Based Access Control (RBAC).

C.  

PBAC allows enforcement of granular, context-aware security policies using multiple attributes.

D.  

PBAC ensures that access policies are consistent across all cloud providers and platforms.

A.  

Platform-based Workload

B.  

Pod

C.  

Abstraction

D.  

Container

E.  

Virtual machine

A.  

False

B.  

True

A.  

More efficient and timely system updates

B.  

ISO 27001 certification

C.  

Provider can obfuscate system O/S and versions

D.  

Greater compatibility with customer IT infrastructure

E.  

Lock-In

A.  

Implementing real-time visibility

B.  

Deploying container-specific antivirus scanning

C.  

Using static code analysis tools in the pipeline

D.  

Full packet network monitoring

A.  

To encrypt data to ensure its confidentiality

B.  

To govern identities' access to resources in the cloud

C.  

To monitor network traffic for suspicious activity

D.  

To provide a backup solution for cloud data

A.  

False

B.  

True

A.  

Create, Store, Use, and Share

B.  

Create and Store

C.  

Create and Use

D.  

Create, Store, and Use

E.  

Create, Use, Store, and Delete

A.  

Network traffic rules for cloud environments

B.  

A number of requirements to be implemented, based upon numerous standards and regulatory requirements

C.  

Federal legal business requirements for all cloud operators

D.  

A list of cloud configurations including traffic logic and efficient routes

E.  

The command and control management hierarchy of typical cloud company

A.  

Shared responsibilities should be consistent across all services.

B.  

Based on the per-service SLAs for security.

C.  

Responsibilities are the same across IaaS, PaaS, and SaaS in the shared model.

D.  

Responsibilities are divided between the cloud provider and the customer based on the service type.

A.  

Redundancy

B.  

Auto-scaling

C.  

Load balancing

D.  

Failover

A.  

CI/CD step

B.  

Storage capacity requirements

C.  

Sensitivity of data

D.  

Data controller

A.  

Cloud sprawl disperses assets, making it harder to monitor assets.

B.  

Cloud sprawl centralizes assets, simplifying security monitoring.

C.  

Cloud sprawl reduces the number of assets, easing security efforts.

D.  

Cloud sprawl has no impact on security monitoring.

A.  

Serverless computing

B.  

Virtual machineless

C.  

Abstraction

D.  

Container

E.  

Provider managed

A.  

It allows CSPs to reduce operational costs and increase security efficiency

B.  

It ensures transparency and accountability for security measures

C.  

It reduces the frequency for regular independent audits

D.  

It helps CSPs enhance their marketing strategies and relationship with policymakers

A.  

Arbitrary contract termination by acquiring company

B.  

Resource isolation may fail

C.  

Provider may change physical location

D.  

Mass layoffs may occur

E.  

Non-binding agreements put at risk

A.  

Implementing network segmentation

B.  

Using secure, approved base images

C.  

Regularly updating repository software

D.  

Enforcing runtime protection measures

A.  

It reduces hardware costs

B.  

It provides dynamic and granular policies with less management overhead

C.  

It locks down access and provides stronger data security

D.  

It reduces the blast radius of a compromised system

E.  

It enables you to configure applications around business groups

A.  

Geolocation data exclusively

B.  

Username and password

C.  

IP address and port number

D.  

Identity, device, and contextual factors

A.  

MFA relies on physical tokens and biometrics to secure accounts.

B.  

MFA requires multiple forms of validation that would have to compromise.

C.  

MFA requires and uses more complex passwords to secure accounts.

D.  

MFA eliminates the need for passwords through single sign-on.

A.  

VM communications may use a virtual network on the same hardware host

B.  

The guest OS can invoke stealth mode

C.  

Hypervisors depend upon multiple network interfaces

D.  

VM images can contain rootkits programmed to bypass firewalls

E.  

Most network security systems do not recognize encrypted VM traffic

A.  

Management Console

B.  

Management plane

C.  

Orchestrators

D.  

Abstraction layer

A.  

Manual patch management

B.  

Ad hoc security policies

C.  

Static resource allocation

D.  

Automated compliance checks

A.  

(Service and Application Logs

B.  

Security Logs

C.  

Network Logs

D.  

Debug Logs

A.  

False

B.  

True

A.  

Spam filtering

B.  

Authentication

C.  

Provisioning

D.  

Web filtering

E.  

Intrusion detection

A.  

Integrated development environments

B.  

Updated threat and trust models

C.  

No modification is needed

D.  

Just-in-time compilers

E.  

Both B and C

A.  

Containers

B.  

Function as a Service (FaaS)

C.  

AI Workloads

D.  

Virtual Machines (VMs)

A.  

Single key for all data owners

B.  

One key per data owner

C.  

Multiple keys per data owner

D.  

The answer could be A, B, or C depending on the provider

E.  

C for data subject to the EU Data Protection Directive; B for all others

A.  

To comply with cloud service level agreements (SLAs)

B.  

To streamline communication with cloud service providers and customers

C.  

To ensure compatibility with cloud environments for effective incident analysis

D.  

To increase the speed of incident response team deployments

A.  

Mappings to well-known standards and frameworks

B.  

Service Provider or Tenant/Consumer

C.  

Physical, Network, Compute, Storage, Application or Data

D.  

SaaS, PaaS or IaaS

A.  

They are standards that cannot be modified to suit the unique needs of different cloud environments.

B.  

They focus on the technical aspects of cloud security with less consideration on the broader organizational goals.

C.  

They dictate specific implementation methods for securing cloud environments, tailored to individual cloud providers.

D.  

They provide outcome-focused guidelines for desired controls, ensuring measurable and adaptable security measures

A.  

DLP can provide options for quickly deleting all of the data stored in a cloud environment.

B.  

DLP can classify all data in a storage repository.

C.  

DLP never provides options for how data found in violation of a policy can be handled.

D.  

DLP can provide options for where data is stored.

E.  

DLP can provide options for how data found in violation of a policy can be handled.

A.  

By implementing end-to-end encryption and multi-factor authentication

B.  

By conducting regular security audits and updates

C.  

By deploying intrusion detection systems and monitoring

D.  

By integrating security at the architectural and design level

A.  

Multiple copies in different locations

B.  

Drives are backed up, swapped, and archived constantly

C.  

Full back ups weekly

D.  

Data loss is unavoidable with drive failures

E.  

Incremental backups daily

A.  

Increasing manual security audits frequency

B.  

Converting all workloads to ephemeral

C.  

Restricting access to workload configurations

D.  

Implementing automated security and compliance checks

A.  

DevSecOps removes the need for a separate security team.

B.  

DevSecOps focuses primarily on automating development without security.

C.  

DevSecOps reduces the development time by skipping security checks.

D.  

DevSecOps integrates security into every stage of the DevOps process.

A.  

Inconsistent policy standards and the proliferation of provider requirements.

B.  

Limited visibility into internal operations and technology.

C.  

Excessive details shared by the cloud provider and consequent information overload.

D.  

Poor provider documentation and over-reliance on pooled audit.

A.  

Conceptual models or frameworks

B.  

Design patterns

C.  

Controls models or frameworks

D.  

Reference architectures

E.  

Cloud Controls Matrix (CCM)

A.  

It identifies issues before full deployment, saving time and resources.

B.  

It increases the overall testing time and costs.

C.  

It allows skipping final verification tests.

D.  

It eliminates the need for continuous integration.

A.  

The provider’s computing resources are pooled to serve multiple consumers.

B.  

Internet-based CPUs are pooled to enable multi-threading.

C.  

The dedicated computing resources of each client are pooled together in a colocation facility.

D.  

Placing Internet (“cloud”) data centers near multiple sources of energy, such as hydroelectric dams.

E.  

None of the above.

A.  

More physical control over assets and processes.

B.  

Greater reliance on contracts, audits, and assessments due to lack of visibility or management.

C.  

Decreased requirement for proactive management of relationship and adherence to contracts.

D.  

Increased need, but reduction in costs, for managing risks accepted by the cloud provider.

E.  

None of the above.

A.  

Enhancing user experience with intuitive interfaces.

B.  

Maximizing cost savings through resource optimization.

C.  

Increasing scalability and flexibility of cloud solutions.

D.  

Ensuring compliance with regulatory requirements and internal policies.

A.  

Component credentials

B.  

Immutable infrastructure

C.  

Infrastructure as code

D.  

Application integration

A.  

Forwarding plane

B.  

Management plane

C.  

Data plane

D.  

Application plane

A.  

Using access controls as the sole security measure

B.  

Encrypting all objects in the repository

C.  

Encrypting the access paths only

D.  

Encrypting only sensitive objects

A.  

Generating logs within the SaaS applications

B.  

Managing the financial costs of SaaS subscriptions

C.  

Providing training sessions for staff on using SaaS tools

D.  

Evaluating the security measures and compliance requirements

A.  

Inability to monitor cloud infrastructure for threats

B.  

IAM failures

C.  

Lack of encryption for data at rest

D.  

Vulnerabilities in cloud provider's physical infrastructure

A.  

Client, Controller, and Gateway

B.  

Client, Controller, Firewall, and Gateway

C.  

Client, Firewall, and Gateway

D.  

Controller, Firewall, and Gateway

E.  

Client, Controller, and Firewall

A.  

Volume storage

B.  

Platform

C.  

Database

D.  

Application

E.  

Object storage

A.  

Simplifies network design and maintenance

B.  

Enhances security by isolating workloads from each other

C.  

Increases the overall performance of network traffic

D.  

Reduces the need for encryption across the network