CCSP Domain 2: Architecture and Design Flashcards

Question 1

Q

An email is an example of what type of data?

A. Structured data
B. Semi-structured data
C. RFC-defined data
D. Unstructured data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 24). Wiley. Kindle Edition.

Answer

A

D. Unstructured data

Explanation:
Emails and other freeform text are examples of unstructured data. Structured data like the data found in databases is carefully defined, whereas semi structured data like XML or JSON applies structure without being tightly controlled. While email itself is defined by an RFC, the term RFC defined data is not used in this context

Question 2

Q

Nick wants to ensure that data is properly handled once it is classified. He knows that data labeling is important to the process and will help his data loss prevention tool in its job of preventing data leakage and exposure. When should data be labeled in his data lifecycle?

A. Creation
B. Storage
C. Use
D. Destruction

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 24). Wiley. Kindle Edition.

Answer

A

A. Creation

Explanation:
Data labeling typically occurs during the Creation phase of the data lifecycle. Data labels may also be changed or added during use as data is modified.

Question 3

Q

Jacinda is planning to deploy a data loss prevention (DLP) system in her cloud environment. Which of the following challenges is most likely to impact the ability of her DLP system to determine whether sensitive data is being transmitted outside of her organization?

A. Lack of data labeling
B. Use of encryption for data in transit
C. Improper data labeling
D. Use of encryption for data at rest

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 24). Wiley. Kindle Edition.

Answer

A

B. Use of encryption for data in transit

Explanation:
Jacinda is likely to face challenges using her DLP system due to the broad and consistent use of encryption for data in transit or data in motion in cloud environments. She will need to take particular care to design and architect her environment to allow the DLP system to have access to the traffic it needs.

Question 4

Q

Susan wants to ensure that super user access in her cloud environment can be properly audited. Which of the following is not a common item required for auditing of privileged user access?

A. The remote IP address
B. The account used
C. The password used
D. The local IP address

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 24). Wiley. Kindle Edition.

Answer

A

C. The password used

Explanation:
Passwords are intentionally not captured or logged since creating an audit log that contains passwords would be a significant security issue.

Question 5

Q

Ben’s organization uses the same data deletion procedure for their on-site systems and their third-party-provided, cloud-hosted systems. Ben believes there is a problem with the process currently in use, which involves performing a single-pass zero-wipe of the disks and volumes in use before they are reused. What problem with this approach should Ben highlight for the cloud environment?

A. Crypto-shredding is a secure option for third-party-hosted cloud platforms.
B. Zero-wiping alone is not sufficient, and random patterns should also be used.
C. Zero- wiping requires multiple passes to ensure that there will be no remnant data. D. Drives should be degaussed instead of wiped or crypto-shredded to ensure that data is fully destroyed at the physical level.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 24). Wiley. Kindle Edition.

Answer

A

A. Crypto-shredding is a secure option for third-party-hosted cloud platforms.

Explanation:
Cryptographic erasure, or cryptoshredding, is the only way to ensure that drives and volumes hosted by third parties are securely cleared. Zero wiping may result in remnant data, particularly where drives are dynamically allocated space in a hosted environment. Degaussaing or other physical destruction is typically not possible with third party hosted systems without a special contract and dedicated hardware

Question 6

Q

Jason has been informed that his organization needs to place a legal hold on information related to pending litigation. What action should he take to place the hold? Restore the files from backups so that they match the dates for the hold request. Search for all files related to the litigation and provide them immediately to opposing counsel. Delete all the files named in the legal hold to limit the scope of litigation. Identify scope files and preserve them until they need to be produced.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 25). Wiley. Kindle Edition.

Answer

A

D. Drives should be degaussed instead of wiped or crypto-shredded to ensure that data is fully destroyed at the physical level.

Explanation:
Legal holds require organizations to identify and preserve data that meets the holds scope. Jason should identify the files and preserve them until they are required. Restoring files might erase important data, deleting files is completely contrary to the concept of the hold, and holds do not require immediate production - they are just what they sound like, a requirement to hold the data

Question 7

Q

Murali is reviewing a customer’s file inside of his organization’s customer relationship management tool and sees the customer’s Social Security number listed as XXX-XX-8945. What data obfuscation technique has been used?

A. Anonymization
B. Masking
C. Randomization
D. Hashing

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 25). Wiley. Kindle Edition.

Answer

A

B. Masking

Explanation:
Masking data involves replacing data with alternate characters like X or *. This is typically done via controls in the software or database itself, as the underlying data remains intact in the database. Anonymization or identification removes data that might allow individuals to be identified. Randomization or shuffling data moves it around, disassociating the data but leaving real data in place to be tested

Question 8

Q

An XML file is considered what type of data?

A. Unstructured data
B. Restructured data
C. Semi-structured data
D. Structured data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 25). Wiley. Kindle Edition.

Answer

A

C. Semi-structured data

Explanation:
XML and JSON are both examples of semi structured data. Other examples CSV files, XML, NoSQL Databases and HTML files

Question 9

Q

Lucca wants to implement logging in an infrastructure as a service cloud service provider’s environment for his Linux instances. He wants to capture events like creation and destruction of systems, as part of scaling requirements for performance. What logging tool or service should he use to have the most insight into these events?

A. Syslog from the Linux systems
B. The cloud service provider’s built-in logging function
C. Syslog-NG from the Linux systems
D. Logs from both the local event log and application log from the Linux systems

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 25). Wiley. Kindle Edition.

Answer

A

B. The cloud service provider’s built-in logging function

Explanation:
The providers own logging function is the best option as information about systems being created and destroyed wont exist on the local systems, and thus syslog, syslog-ng, and local logs wont work.

Question 10

Q

Joanna’s company uses a load balancer to distribute traffic between multiple web servers. What data point is often lost when traffic passes through load balancers to local web servers in a cloud environment?

A. The source IP address
B. The destination port
C. The query string
D. The destination IP address

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 25). Wiley. Kindle Edition.

Answer

A

A. The source IP address

Explanation:
Original source IP addresses may not be visible in the local web server log. Fortunately, load balancer logs can be used if they are available.

Question 11

Q

Isaac is using a hash function for both integrity checking and to allow address data to be referenced without the actual data being exposed. Which of the following attributes of the data will be not be lost when the data is hashed?

A. Its ability to be uniquely identified
B. The length of the data
C. The formatting of the data
D. The ability to sort the data based on street number

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (pp. 25-26). Wiley. Kindle Edition.

Answer

A

A. Its ability to be uniquely identified

Explanation:
Hashing converts variable length data to fixed length outputs, meaning that the length, formatting and the ability to perform operations on the data using strings or numbers will be list. Its ability to be uniquely identified wont be lost - Isaac just needs to know the hash of a given address to continue to reference that data element

Question 12

Q

Amanda’s operating procedures for secure data storage require her to ensure that she is using data dispersion techniques. What does Amanda need to do to be compliant with this requirement?

A. Delete all data not in secure storage.
B. Store data in more than one location or service.
C. Avoid storing data in intact form, requiring data from more than one location to use a data set.
D. Geographically separate data by at least 15 miles to ensure that a single natural disaster cannot destroy it.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 26). Wiley. Kindle Edition.

Answer

A

B. Store data in more than one location or service.

Explanation:
Data dispersion is the practice of ensuring that important data is stored in more than one location or service. It does not necessarily require specific distances or geographic limits, doesnt require deletion of data not in secure storage and doesnt require you to use multiple data sets to access data

Question 13

Q

Lisa runs Windows instances in her cloud-hosted environment. Each Windows instance is created with a C: drive that houses the operating system and application files. What type of storage best describes the C: drive for these Windows instances?

A. Long-term storage
B. Ephemeral storage
C. Raw storage
D. Volume-based storage

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 26). Wiley. Kindle Edition.

Answer

A

B. Ephemeral storage

Explanation:
Storage that is associated with an instance that will be destroyed when the instance is shut down is ephemeral storage.

Question 14

Q

Steve is working to classify data based on his organization’s data classification policies. Which of the following is not a common type of classification?

A. Size of the data
B. Sensitivity of the data
C. Jurisdiction covering the data
D. Criticality of the data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 26). Wiley. Kindle Edition.

Answer

A

A. Size of the data

Explanation:
The size of the data or files is not typically a data classification type or field. Sensitivity, jurisdiction and criticality are all commonly used to classify data

Question 15

Q

Chris is reviewing his data lifecycle and wants to take actions in the data creation stage that can help his data loss prevention system be more effective. Which of the following actions should he take to improve the success rate of his DLP controls?

A. Data labeling
B. Data classification
C. Hashing
D. Geolocation tagging

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 26). Wiley. Kindle Edition.

Answer

A

A. Data labeling

Explanation:
Data labels can help DLP systems identify and manage data, so Chris should ensure that data is labeled as part of its creation process to help his DLP identify and protect it

Question 16

Q

Gary is gathering data to support a legal case on behalf of his company. Why might he digitally sign files as they are collected and preserve them along with the data in a documented, validated way?

A. To allow for data dispersion
B. To ensure the files are not copied
C. To keep the files secure by encrypting them
D. To support nonrepudiation

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 27). Wiley. Kindle Edition.

Answer

A

D. To support nonrepudiation

Explanation:
Chain of custody documentation, often including actions like hashing files to ensure they are not changed from their original form, is commonly done to support nonrepudiation

Question 17

Q

Valerie is performing a risk assessment for her cloud environment and wants to identify risks to her organization’s ephemeral volume-based storage used for system drives in a scalable, virtual machine–based environment. Which of the following is not a threat to ephemeral storage?

A. Inadvertent exposure
B. Malicious access due to credential theft
C. Poor performance due to its ephemeral nature
D. Loss of forensic artifacts

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 27). Wiley. Kindle Edition.

Answer

A

C. Poor performance due to its ephemeral nature

Explanation:
Ephemeral storage will have the performance of its overall storage type, so low performance isnt an expected issue. Inadvertent exposure, malicious access and loss of forensic artifacts are all concerns for ephemeral storage

Question 18

Q

Which storage type is most likely to have remnant data issues in an environment in which the storage is reused for other customers after it is reallocated if it is not crypto-shredded when it is deallocated and instead is zero-wiped?

A. Ephemeral storage
B. Raw storage
C. Long-term storage
D. Magneto-optical storage

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 27). Wiley. Kindle Edition.

Answer

A

B. Raw storage

Explanation:
Raw storage provides direct access to a disk, and without crypto shredding is likely to have remnant data on the disk after it is used.

Question 19

Q

Kathleen wants to perform data discovery across a large data set and knows that some data types are more difficult to perform discovery on than others. Which of the following data types is the hardest to perform discovery actions on?

A. Unstructured data
B. Semi-structured data
C. Rigidly structured data
D. Structured data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 27). Wiley. Kindle Edition.

Answer

A

A. Unstructured data

Explanation:
Unstructured data is the most difficult to perform discovery against because the data is unlabeled and requires discovery to be done using searches or other techniques that can handle arbitrary data.

Question 20

Q

Isaac wants to filter events based on the country of origin for authentications. What log information should he use to perform a best-effort match for logins?

A. userID
B. IP address
C. Geolocation
D. MAC address

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 27). Wiley. Kindle Edition.

Answer

A

C. Geolocation

Explanation:
While it isnt always perfectly accurate, geolocation, data attempts to identify the location of a given IP address. Isaac can use that data to attempt to match authentication events to logins, although VPNs and other tools may obscure the actual login location for users

Question 21

Q

Charleen wants to use a data obfuscation method that allows realistic data to be used without the data being actual data associated with specific users or individuals. What data obfucation method should she use?

A. Hashing
B. Shuffling
C. Randomization
D. Masking

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 28). Wiley. Kindle Edition.

Answer

A

B. Shuffling

Explanation:
While there may be some concerns about read data being used, Charleens goal is to have actual data for testing, making shuffling her best option

Question 22

Q

Michelle wants to track deletion of files in an object storage bucket. What potential issue should she be aware of if her organization makes heavy use of object-based storage for storage of ephemeral files?

A. The logging may not be accurate.
B. Logging may be automatically disabled if too many events occur.
C. Creation and deletion events cannot be logged in filesystems.
D. The high volume of logging may increase operational costs.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 28). Wiley. Kindle Edition.

Answer

A

D. The high volume of logging may increase operational costs.

Explanation:
Michelle should be aware that logging deletion events, like any other high volume event, may incur additional costs for her organizations.

Question 23

Q

Diana is outlining the labeling scheme her organization will use for their data. Which of the following is not a common data label?

A. Creation date
B. Data monetary value
C. Date of scheduled destruction
D. Confidentiality level

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 28). Wiley. Kindle Edition.

Answer

A

B. Data monetary value

Explanation:
Data confidentiality level is often contained in a label, but the monetary value is not a common data label. Creation and scheduled destruction date are also common data labels

Question 24

Q

Susan wants to be prepared for legal holds. What organizational policy often accounts for legal holds?

A. Data classification policy
B. Retention policy
C. Acceptable use policy
D. Data breach response policy

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 28). Wiley. Kindle Edition.

Answer

A

B. Retention policy

Explanation:
Retention policies often include language that addresses legal holds because holds can impact retention practices and requirements. Data classification, acceptable use and data breach response policies typically do not include legal hold language

Question 25

Q

Henry wants to follow the OWASP guidelines for key storage. Which of the following is not a best practice for key storage?

A. Keys must be stored in plaintext to allow for access.
B. Keys must be protected in both volatile and persistent memory.
C. Keys stored in databases should be encrypted using key encryption keys.
D. Keys should be protected in storage to ensure that they are not modified or changed inadvertently.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 28). Wiley. Kindle Edition.

Answer

A

A. Keys must be stored in plaintext to allow for access.

Explanation:
Keys should never be stored in plaintext format and should instead be stored in a secure manner - typically encrypted in a hardware security module or other key vault

Question 26

Q

Marco wants to implement an information rights management tool. What phase of the data lifecycle relies heavily on IRM to ensure the organization retains control of its data?

A. Create
B. Store
C. Share
D. Destroy

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 29). Wiley. Kindle Edition.

Answer

A

C. Share

Explanation:
While IRMs are useful through many of the phases of the cloud data lifecycle, Marco knows that sharing data is when an IRM is most heavily used to ensure that data is not inadvertently exposed or misused

Question 27

Q

JSON is an example of what type of data?

A. Structured data
B. Semi-structured data
C. Unstructured data
D. Labeled data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 29). Wiley. Kindle Edition.

Answer

A

B. Semi-structured data

Explanation:
JSON is an example of semi structure data. Other examples include CSV files, XML, NoSQL databses and HTML files

Question 28

Q

Charleen wants to perform data discovery on her organization’s data, which is stored in archival storage hosted by her organization’s cloud service provider. What issue should she point out about this discovery plan?

A. It may be slow and costly due to how archival storage is designed and priced.
B. The data may not exist because it has been archived.
C. The discovery process cannot be run against archival storage because it is not online under normal circumstances.
D. The data will need to be decrypted before being scanned for discovery purposes.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 29). Wiley. Kindle Edition.

Answer

A

A. It may be slow and costly due to how archival storage is designed and priced.

Explanation:
Cloud archival storage is typically designed primary as a storage location with infrequent and smaller scale access, not for large scale interactive access like a discovery process will use. It is likely to be a slow and potentially costly effort if the data is scanned while in the archival location

Question 29

Q

Ujama’s manager has asked him to perform data mapping to prepare for his next task. What will Ujama be doing?

A. Adding data labels to unstructured data
B. Matching fields in one database to fields in another database
C. Identifying the storage locations for files of specific types on system drives
D. Building a file and folder structure for data storage

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 29). Wiley. Kindle Edition.

Answer

A

B. Matching fields in one database to fields in another database

Explanation:
Data mapping is the process of matching fields in databases to allow them to be integrated or for purposes such as data migration

Question 30

Q

Lin wants to ensure that her organization’s data labels remain with the data. How should she label her data to give it the best chance of retaining its labels?

A. Embed the labels in the filename.
B. Add the labels to the file’s content at the beginning of the file.
C. Add labels to the file metadata.
D. Add the labels to the file’s content at the end of the file.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 29). Wiley. Kindle Edition.

Answer

A

C. Add labels to the file metadata.

Explanation:
Adding labels as part of the files metadata is a common practice and is less likely to be changed than including them in the file name

Question 31

Q

Nina’s organization has lost the cryptographic keys associated with one of their cloud-based servers. What can Nina do to recover the data the keys were used to protect?

A. Generate new keys to recover the data.
B. Use the passphrase for the keys to recover the keys.
C. Reverse the hash that was used to encrypt the data.
D. The data is lost and Nina cannot recover it.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 29). Wiley. Kindle Edition.

Answer

A

D. The data is lost and Nina cannot recover it.

Explanation:
Key escrow and backup is incredibly important, and once a key is lost, it cannot be recovered and the data should be considered lost. Generating a new key will not decrypt the data, the passphrase isnt sufficient to recover keys and hashing is not a form of encryption and cannot be reversed

Question 32

Q

Madani is planning to perform data discovery on various data sets and files his organization has. On which type of data will discovery be most easily performed?

A. Unstructured data
B. Semi-structured data
C. Encrypted data
D. Structured data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 30). Wiley. Kindle Edition.

Answer

A

D. Structured data

Explanation:
Madani knows that structured data is well defined and organized and will be the easiest to perform discovery actions on

Question 33

Q

Ashley tracks the handling of a forensic image, including recording who handles it, when it was collected and when each transfer occurs, and why the transfer occurred. What practice is Ashley performing?

A. Documenting chain of custody
B. Ensuring repudiation
C. A legal hold
D. Forensic accounting

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 30). Wiley. Kindle Edition.

Answer

A

A. Documenting chain of custody

Explanation:
Ashley is documenting the chain of custody for the image to ensure it can be used in court.

Question 34

Q

Which of the following is not a common goal of data classification policies?

A. Identifying classification levels
B. Assigning responsibilities
C. Defining roles
D. Mapping data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 30). Wiley. Kindle Edition.

Answer

A

D. Mapping data

Explanation:
Data mapping is a term used to describe matching fields in databases to allow data migration or integration. Data classification policies do identify classification levels, assign responsibilities and define roles

Question 35

Q

Hiroyuki wants to optimize his organization’s data labeling process. How and when should he implement data labeling to be most efficient and effective?

A. Manual labeling at the data creation stage
B. Automated labeling at the data creation stage
C. Automated labeling at the data use stage
D. Manual labeling at the data use stage

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 30). Wiley. Kindle Edition.

Answer

A

B. Automated labeling at the data creation stage

Explanation:
Labeling data at creation ensures that it can be properly handled through the rest of its lifecycle. Automated labeling is preferable where possible to avoid human error and to accommodate the volume of data that most organizations create

Question 36

Q

Jen wants to ensure that keys used by individuals in her organization can be handled properly. Which of the following is not a best practice for handling long-term keys in use by humans?

A. Anonymize access using the key
B. Identify the key user
C. Identify when the key is used
D. Uniquely tag the keys

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 30). Wiley. Kindle Edition.

Answer

A

A. Anonymize access using the key

Explanation:
Anonymizing access using a key removes the ability to provide accountability and works against organizational best practices. Identifying the key, the user and when and how it is used supports accountability for usage

Question 37

Q

Danielle wants to ensure that the data stored in her cloud-hosted datacenter is properly destroyed when it is no longer needed. Which of the following options should she choose?

A. Physical destruction of the media
B. Crypto-shredding
C. Degaussing
D. Overwriting

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 30). Wiley. Kindle Edition.

Answer

A

B. Crypto-shredding

Explanation:
Cryptoshredding is the only viable option in environments controlled or managed by a third party organization in most circumstances. Physical destruction is not permitted or supported by third party provider, nor is degaussing, which will also not work on many modern drives

Question 38

Q

Charles wants to use tokenization as a security practice for his organization’s data. What technical requirement will he have to meet to accomplish this?

A. He will need to encrypt his data.
B. He will need two distinct databases.
C. He will need to use a FIPS 140-2 capable cryptographic engine to create tokens.
D. He will need to deidentify the data.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 31). Wiley. Kindle Edition.

Answer

A

B. He will need two distinct databases.

Explanation:
Tokenization relies on two distinct databases, one with actual data and one with tokenized data. Token servers then pull the data the token represents from the real data database when needed. This process does not require encryption, specify FIPS requirements or involve deidentification practices

Question 39

Q

Once Charles has his two databases ready, what step comes next in the tokenization process?

A. Data discovery to identify sensitive data
B. Tokenization of the index values
C. Hashing each item in the database
D. Randomization of data in the database to prepare for tokenization

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 31). Wiley. Kindle Edition.

Answer

A

A. Data discovery to identify sensitive data

Explanation:
With the source database ready and a tokenization database prepared to be populated, the next step is to identify which data should be tokenized. Not all data is sensitive and thus not all data needs to be tokenized. Once you know what data will be tokenized, you can tokenize it - sometimes by hashing the data. Randomization is not part of this process

Question 40

Q

Jack wants to understand how data is used in his organization. What tool is often used to help IT professionals understand where and how data is used and moved through an organization?

A. Data classification
B. Data mapping
C. Dataflow diagrams
D. Data policies

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 31). Wiley. Kindle Edition.

Answer

A

C. Dataflow diagrams

Explanation:
Dataflow diagrams are a critical part of organizational understanding of how data is created, moves and is used throughout an organization. They often include details like ports, protocols, data elements and classification and other details that can help you understand not only where data is but how it gets there and what data is in use

Question 41

Q

Annie has a database with a field titled “chosen name” and she has another database with a field titled “name.” She knows that these fields are used for the same purpose in her organization and wants to use data from both databases. What process could she use to match these and other fields to allow her to do so more easily?

A. Data mapping
B. Column consolidation
C. Data labeling
D. Columnar aggregation

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 31). Wiley. Kindle Edition.

Answer

A

A. Data mapping

Explanation:
Annie should map the data between the database fields and then use the mappings to help her sort and manage data as needed. Data labeling is used to tag data with important information like classification, creation date or time, or other elements. Column consolidation and columnar aggregation were made up

Question 42

Q

Which of the following items is not commonly included in dataflow diagrams?

A. Data types or fields
B. Services
C. Systems
D. Data lifespan information

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 31). Wiley. Kindle Edition.

Answer

A

D. Data lifespan information

Explanation:
Data lifespan is not a typical entry in a dataflow diagram, since they focus on flows, not policies. Data types, fields of names, services, systems, ports, protocols, and security details are all commonly included in dataflow diagrams

Question 43

Q

Jim’s organization wants to implement cryptographic erasure as their primary means of destroying data when they are done with it. What first step is required to support this through the data’s lifecycle?

A. Hash all of the data at creation.
B. Zero-wipe drives before they are used to ensure no previous data is resident.
C. Encrypt the drive or volume at creation.
D. All of the above.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 31). Wiley. Kindle Edition.

Answer

A

C. Encrypt the drive or volume at creation.

Explanation:
Encrypting the drive or volume at creation ensures that any data written to the drive or volume through its lifespan will be encrypted and that destruction of the encryption key will result in secure destruction of the data

Question 44

Q

Charles wants to store data in a relational database, which uses columns and tables that describe the data. Which of the following types of data cannot be easily stored in a relational database other than as a text blob?

A. Structured data
B. Semi-structured data
C. Unstructured data
D. All of the above

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 32). Wiley. Kindle Edition.

Answer

A

C. Unstructured data

Explanation:
Unstructured data does not have the structure required to be easily stored in a database. Semi structured data and structured data is easier to store in a relational database since it has descriptors and elements that make it easier to map into fields

Question 45

Q

Olivia wants to write a data retention policy for her organization. Which list best describes common components of a retention policy?

A. Retention periods, regulatory compliance requirements, data classification, data deletion and lifespan, and archiving and retrieval procedures
B. Retention periods, logging, data classification, data deletion processes, and compliance requirements
C. Data classification requirements, regulatory compliance requirements, data creation and tagging requirements, and data retrieval procedures
D. Regulatory and compliance requirements and mapping to retention periods for the organization, legal hold processes, and data deletion requirements

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 32). Wiley. Kindle Edition.

Answer

A

A. Retention periods, regulatory compliance requirements, data classification, data deletion and lifespan, and archiving and retrieval procedures

Explanation:
Retention policies often include retention periods, regulatory and compliance requirements, data classification impacts on retention, how and when data should be deleted, and archiving and retrieval processes. In addition, Olivia may want to include monitoring, maintenance, and enforcement

Question 46

Q

Hui wants to revoke a certificate issued by her information rights management (IRM) system. How can she verify that the certificate has been revoked?

A. Issue a new certificate using the same information as the original certificate.
B. Attempt to access the data using her own certificate.
C. Check the IRM’s certificate revocation list.
D. Delete the private keys for the original certificate.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 32). Wiley. Kindle Edition.

Answer

A

C. Check the IRM’s certificate revocation list.

Explanation:
An IRM needs to maintain a certificate revocation list that allows users and applications to validate certificates, just like any other service that uses certificates. That means that Hui should be able to check to see if the revoked certificate is in the list to validate her actions. Issuing a new cert using the same info, accessing the data using her own cert, or deleting the private keys will not invalidate the existing certificate

Question 47

Q

Frank’s organization is preparing to adopt an information rights management tool. What IRM capability focuses on providing rights to individuals based on their roles to ensure appropriate data access?

A. Tagging
B. Data labeling
C. Encryption
D. Provisioning

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 32). Wiley. Kindle Edition.

Answer

A

D. Provisioning

Explanation:
The provisioning capability of IRM systems focuses on providing rights to individuals based on roles and job functions.

Question 48

Q

Randy is following his organization’s data classification policy and tags data that was identified in the organization’s business impact analysis. What type of classification is Randy performing?

A. Criticality
B. Jurisdiction
C. Security
D. Sensitivity

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 32). Wiley. Kindle Edition.

Answer

A

A. Criticality

Explanation:
Business impact analysis helps to determine what data is needed to continue the operations of the business. This is an assessment of the criticality of the data and Randy knows that the data he flags may be necessary in the event of a disaster or other business continuity issue

Question 49

Q

Susan is concerned that her organization doesn’t understand how a critical application works in their cloud environment. Recent issues indicate that her organization’s developers and cloud architects have different ideas about how systems and services work together. What should Susan prepare to help document and explain how systems and services work together?

A. Data classification
B. A business impact analysis
C. A dataflow diagram
D. Data mapping

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 33). Wiley. Kindle Edition.

Answer

A

C. A dataflow diagram

Explanation:
Susan should prepare a dataflow diagram to share with her application developers and cloud architects to make sure that the application and service environment is correctly documented.

Question 50

Q

Jane is considering data dispersion as a security and availability strategy for her organization. What risk should she highlight as the most significant potential problem if her organization does adopt a multivendor approach to dispersion?

A. Data dispersion makes it difficult to encrypt data.
B. Geographic dispersion may impact performance.
C. An outage at a provider may result in data not being available.
D. Most cloud vendors do not offer support for dispersion.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 33). Wiley. Kindle Edition.

Answer

A

C. An outage at a provider may result in data not being available.

Explanation:
The most common risk, and thus the most impactful risk in this list, is the potential for a provider outage to result in the inability to access dispersed data

Question 51

Q

Selah is implementing an information rights management system. What requirement will she encounter if she wants to control files on workstations and laptops?

A. The need to deploy a cloud-native server
B. The need to install an agent on endpoint devices
C. The need to deploy an on-site server
D. The need to install an agent on cloud-based systems

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 33). Wiley. Kindle Edition.

Answer

A

B. The need to install an agent on endpoint devices

Explanation:
Installation of a local agent is typically required by IRM systems to ensure data is properly handled on endpoint systems. The questions doesnt specify the use of a server either in the cloud or locally, and the endpoints mentioned are are not cloud based

Question 52

Q

Audio and video files are examples of what type of data?

A. Unstructured data
B. Sensitive data
C. Labeled data
D. Structured data

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 33). Wiley. Kindle Edition.

Answer

A

A. Unstructured data

Explanation:
Unstructured data includes data like images, audio, video, word processing files and other data that does not have a formally defined structure like structured data does. There’s no information that indicates that this is sensitive information, and there isnt any mention of labeling in the question

Question 53

Q

Wayne wants to perform data discovery on a very large data set stored in a cloud service using a tool that is hosted in a different cloud service, which will require copying the data to the cloud where the tool resides. What is the primary cost concern he should consider when evaluating an option like this?

A. The cost of the storage tier the data is currently in
B. Ingress and egress fees for moving the data between cloud services
C. The cost of logs generated by the discovery process in the cloud where it is hosted D. The cost of logs generated by the discovery process in the cloud where the data resides

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 33). Wiley. Kindle Edition.

Answer

A

B. Ingress and egress fees for moving the data between cloud services

Explanation:
Ingress and egress fees are often some of the highest expenses involved in this effort
Since the data is already contained in a storage tier, no new expenses should arise. Logs are text based and can be stored efficiently, so it is unlikely that log files will be a major cost driver

Question 54

Q

Amanda’s organization uses a chain of custody process for forensic data and has captured a drive image from a compromised system hosted in their cloud environment. Amanda wants to analyze the drive without causing issues that might result in repudiation of the drive image or an issue with the chain of custody of the image. What actions should she take to analyze the drive?

A. Analyze the drive while connected to a forensic write-protect device.
B. Analyze the drive using only approved forensic software.
C. Make a copy of the original image, validate it, and then analyze the copy.
D. Log all actions taken on the original copy of the drive to maintain a chain of custody.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (pp. 33-34). Wiley. Kindle Edition.

Answer

A

C. Make a copy of the original image, validate it, and then analyze the copy.

Explanation:
Amanda knows that the original drive should be preserved, and actions should only be taken on a forensic copy. Working with the original, regardless of the process, is not a forensic best practice

Question 55

Q

Which of the following is not a common information rights management tool control capability?

A. Preventing taking a screenshot or photo of the displayed text
B. Disabling copying of text
C. Preventing local copies from being saved
D. Disallowing printing

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 34). Wiley. Kindle Edition.

Answer

A

A. Preventing taking a screenshot or photo of the displayed text

Explanation:
While IRM systems can control actions on the system, taking a photo (or even a screenshot) of displayed text is typically outside of their capabilities. Preventing copying, printing and making copies are all common IRM features

Question 56

Q

Felix operates his organization’s cloud resources in multiple countries, including member states of the European Union. What is the most significant concern Felix should express about conducting data discovery across data sets contained in their cloud storage?

A. Costs may vary across difference regions, making it difficult to estimate the price for the discovery.
B. Regulatory requirements will vary across different locations and may make compliance difficult during discovery.
C. Structured data will be harder to process than unstructured data, making inter-region discovery challenging.
D. Encryption may not be allowed between regions, making the discovery less secure.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 34). Wiley. Kindle Edition.

Answer

A

B. Regulatory requirements will vary across different locations and may make compliance difficult during discovery.

Explanation:
Regulatory compliance is important for organizations and Felix needs to point out that discovery across multiple countries and regions may involve a complex set of regulations to comply with. Costs may vary in different regions, but that is not the primary concern Felix needs to raise. There isnt any mention in the question of whether data is structured or not, and while encryption import and export may be covered by law, discovery can be conducted using local tools in each region if necessary

Question 57

Q

Jason wants to lower the ongoing cost of using storage in his cloud infrastructure as a service environment for logs and other data that is infrequently accessed. What should he consider doing with the data?

A. Delete the data to save costs.
B. Archive the data to a lower cost storage tier.
C. Move the data to a third-party service provider to reduce costs.
D. Archive the data to a higher performance storage tier.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 34). Wiley. Kindle Edition.

Answer

A

B. Archive the data to a lower cost storage tier.

Explanation:
Archiving data to a lower cost and typically lower performance storage tier is a common strategy for cloud data retention. Examples like Amazons Glacier allow for long term storage with infreqeunt or slow access and may come with additional costs for retrieval, but optimize costs when data is unlikely to be accessed. Deleting the data does not allow it to be used, moving to a third party service provider is more complex, and moving to a higher performance storage tier does not meet his cost needs

Question 58

Q

Frank knows that his organization adds data labels for data during its creation. What additional phase of the cloud data lifecycle often includes data labels as data is combined or modified?

A. Store
B. Use
C. Sharing
D. Deletion

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 34). Wiley. Kindle Edition.

Answer

A

B. Use

Explanation:
The Use phase of the data lifecycle often includes modification of data and thus will require labels to change or be added

Question 59

Q

Chris wants to send data from his web application to client systems securely. What encryption protocol should he use?

A. SSL
B. MD5
C. SHA-1
D. TLS

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 35). Wiley. Kindle Edition.

Answer

A

D. TLS

Explanation:
TLS, or Transport Layer Security, is the encryption protocol of choice for web application traffic

Question 60

Q

Kathleen’s organization uses a technique known as bit-splitting that breaks up encrypted information across multiple cloud services to make it more difficult to acquire and recover the data. What cloud data concept best describes activities like this?

A. Data dispersion
B. Data mapping
C. Business continuity
D. Dataflows

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 35). Wiley. Kindle Edition.

Answer

A

A. Data dispersion

Explanation:
Data dispersion best fits this description, and bit splitting is a form of data dispersion, although it is one that is more frequently associated with malicious use to avoid forensic analysis and investigations

Question 61

Q

Gurleen’s organization has preserved data due to a legal hold, but the data has hit the end of its retention timeframe due to statutory requirements. What should Gurleen do?

A. Contact the appropriate government agency about the statute to inquire about the legal hold.
B. Delete the data based on the statutory requirements.
C. Continue to preserve the data to meet the legal hold requirements.
D. Make a copy of the data for the legal hold and delete the original data.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 35). Wiley. Kindle Edition.

Answer

A

C. Continue to preserve the data to meet the legal hold requirements.

Explanation:
Legal holds normally take precedence over other deletion requirements. While Gurleen should check with her organizations legal counsel, in general she should continue to preserve the data

Question 62

Q

Quentin’s organization uses ephemeral storage that is attached to systems when they are instantiated in the organization’s cloud-hosted environment. What will happen when the instances are terminated?

A. The volume will be retained to be used with a future instance.
B. The volume will be wiped and reused for the next instance owned by Quentin’s organization that is instantiated.
C. The data will be moved to a long-term storage tier until it is manually deleted.
D. The storage will be wiped and reclaimed by the provider to be allocated elsewhere.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 35). Wiley. Kindle Edition.

Answer

A

D. The storage will be wiped and reclaimed by the provider to be allocated elsewhere.

Explanation:
Ephemeral storage that is associated with instances in most cloud providers infrastructure is wiped and reclaimed for reallocation when instances are terminated. If the instance were merely shut down, the storage would be retained for when the system was reactivated

Question 63

Q

Renee wants to set a retention period for log files in her data retention policy that minimizes the ongoing cost of retention. What retention period should she select for ephemeral logs that do not have a contractual or legal requirement for retention?

A. 45 days
B. 6 months
C. 3 years
D. 7 years

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 35). Wiley. Kindle Edition.

Answer

A

A. 45 days

Explanation:
Ephemeral data is often kept for shorter time periods like 45 days, a time period sufficient to allow investigations without building up large volumes of data that will not be used and which can be expensive to store. Longer term storage may be required by law or contracts or due to specific contractual requirements

Question 64

Q

Brian has been tasked with performing a cryptographic erasure process on an encrypted drive. What steps does he need to take to ensure that the data is securely destroyed?

A. Destroy all copies of the encryption key.
B. Encrypt, then decrypt the drive.
C. Decrypt, then re-encrypt the drive with a new key.
D. Degauss the drive, then zero-wipe it.

Chapple, Mike; Seidl, David. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 36). Wiley. Kindle Edition.

Answer

A

A. Destroy all copies of the encryption key.

Explanation:
While it may seem quite simple, securely erasing all copies of the encryption key is all that it takes to complete the destruction process for crypto shredding

Answer 65

A

A. Service outages

Explanation:
Service outages are the only direct threat to availability on this list

Answer 66

A

D. A certificate

Explanation:
Information rights management systems typically rely on certs to identify systems. They can be issued centrally and managed as well as used for digital signatures and encryption

Answer 67

A

C. Hashing

Explanations:
Dereks organization is using hashing, which uses a one way cryptographic function to replace data with values that can be referenced without exposing the actual data. Anonymization focuses on removing data that can be associated with specific users or individuals, masking uses alternate characters to conceal data and shuffling switches data around while retaining actual data for testing

Answer 68

A

A. Long-term storage

Explanation
Long term storage is storage that is intended to continue to exist and is often used for logs or data storage. Storage that is associated with an instance that will be destroyed when the instance is shut down is ephemeral storage. Raw storage is storage that you have direct access to like a hard drive or an SSD

Answer 69

A

C. Use a second instance in the original provider’s cloud for the backup system.

Explanation:
OWASPs Secrets Management Cheatsheet describes three main requirements for break glass secrets backup environments:
ensuring automated backups are in placed and executed regularly based on the number of secrets and their lifecycle, frequently testing the restore procedures, and encrypting backups and placing them on secure, monitored storage

Answer 70

A

B. Use standard test secrets and search for them.

Explanation:
Using standard test secrets makes them easier to detect if they are in an exposed location. Since Alaina specifically has an internal test environment, this is the right location to use standard secrets

Answer 71

A

D. Retrieval time

Explanation:
Retrieval time, the amount of time before data can be accessed, is a primary driver for the cost of archival storage in cloud environments

Answer 72

A

D. Data mapping

Explanation:
The figure shows a data mapping process between two database tables matching names, phone numbers and email addresses. String comparisons compares two strings to determine if they are the same.

Answer 73

A

B. Provisioning

Explanation:
Provisioning for IRM systems gives users the rights and permissions that they need to access files they have rights to.

Answer 74

A

B. Data access patterns

Explanation:
Data access patterns are one of the most important things to understand before selecting archival storage. Archival storage classes and services often focus on inexpensive, low frequency, slow access, but other options can include more dynamic access capabilities

Answer 75

A

B. The data owner

Explanation:
Data owners are defined by data classification policies and hold overall responsibility for data that they own. Data custodians are responsible for the data, ensuring access control, proper storage and other operational controls.

Answer 76

A

C. Tokenized data is only a concern if the database it is matched with is also exposed

Explanation:
Tokenized data is only a concern if the database with original data that it references is also exposed.

Answer 77

A

A. Enable versioning.

Explanation:
Versioning tools like those found in Amazons S3 environment allow you to revert to a previous version if an inadvertent change occurs, if data is corrupted, or if the file is deleted.

Answer 78

A

C. Maximize the rights of important secrets to reduce the total number of secrets required.

Explanation:
The concept of least privilege is used for secrets too, and maximizing it is a bad idea. Brian should instead seek to limit the rights a given secret provides to constrain the impact of a potential breach or misuse

Answer 79

A

B. Enable access logging.

Explanation:
Access logging will allow Chris to monitor for access to specific buckets by individuals, including privileged accounts

Answer 80

A

C. Content-based discovery

Explanation:
Jamie is performing content based discovery by searching for specific terms in unstructured data. Label based discovery would rely on data labels

Answer 81

A

B. Immediately revoke the certificate and add it to the certificate revocation list.

Explanation:
Mike should immediately revoke the cert so that any malicious use will be limited. He may then want to determine why the cert was exposed and issue a new cert to ensure that the user or owner can continue to perform their job

Answer 82

A

A. Tag data with its sensitivity level.

Explanation:
Tagging data will help the DLP manage it appropriately without having to rely on pattern matching. Reducing the overall amount of data may help, but Dans first priority should be using more effective methods.

Answer 83

A

C. A unique tag for each system instance

Explanation:
Tags are important tool when working with ephemeral systems. While IP addresses may be reused and admin accounts are likley to be the same across systems, tags can be unique, allows events to be tracked to an instance. The systems deletion time should be logged, as should the time it is instantiated, but this obviously wouldnt be in every log event created by the machine

Answer 84

A

B. Preserve the data requested until the legal hold is over.

Explanation:
Legal holds typically override other agreements and lifecycles. Valerie should preserve only the data requested or covered by legal hold, and she should continue with normal practices for the remaining data

Answer 85

A

A. Establish DLP policies.

Explanation:
Heikkis next step will be to set up policies that apply appropriate controls to the data that he has categorized and labeled. Once those policies are set, he can train users and run the DLP

Answer 86

A

A. Metadata-based discovery

Explanation:
Kara is performing metadata-based discovery using the metadata that already exists in most digital photos. Content based discovery might compare the photos looking for specific subjects and label or tag based discovery would leverage data labels

Answer 87

A

D. The tokenized data can be looked up against a database that contains customer data.

Explanation:
Rick knows that tokenized data can be looked up against a database that contains the original customer data, allowing it to be accessed as needed. The actual customer data is stored in a separate database, meaning that a breach of the token database would not result in a customer data breach. The customer data is more secure but could still be breached if attackers leveraged the tokens and their lookup capability

Answer 88

A

B. Check hashes of machine instances against a hash of the original.

Explanation:
Hashes can be used to validate whether an image has been modified, but it is important to note that a running machine will have a different hash than the original. Jack may need to check specific file hashes instead. Cloud provider logs may not show changes to an instance, timestamps are time consuming to check and may be notified when files are copied, and rebuilding the machine will typically result in differences

Answer 89

A

B. Dispersion

Explanation:
Dispersion is the concept of ensuring that data is in multiple locations so that a single failure, event or loss cannot result in the destruction or loss of the data. Deduplication involves removing duplicates from a data set; protected supply and lifecycle management are how data is managed throughout its life and doesnt specifically describe where data is stored for redundancy

Answer 90

A

A. The need to ensure regulatory compliance

Explanation:
When data is created and used in other countries, it may be subject to regulations specific to those countries. Christina should point out that regulatory compliance is critical and could prove complex in this scenario. Exposure issues should be accounted for through best practices like using encryption for all transfers. Transfer speeds for archival data are typically not as critical as for operational data and permissions should be set to be appropriate for the data regardless of location

Answer 91

A

D. Use

Explanation:
The Use stage occurs after Classification and before Transfer or Archiving

Answer 92

A

D. Two different files can be hashed to the same output.

Explanation:
Ben knows that hashes are a one way functions and cannot be reverse. They generate fixed length output from variable length input, and identical files will generate identical output. Two different files should never generate the same output

Answer 93

A

C. Share

Explanation:
IRM can be particularly useful during the sharing stage of the cloud data lifecycle since information rights management tools can ensure privileges are access to data are appropriately managed as data moves around the organization and potentially leaves it

Answer 94

A

A. Storage

Explanation:
Storage occurs after creation in the cloud data lifecycle. Labeling is typically done as part of the creation process. Proivisioning may be done at any time but is often associated with use. Encryption is not a stage in the cycle

Answer 95

A

A. Anonymization

Explanation:
Naomi has attempted to anonymize the data by removing personally identifiable data. Hashes use a one way cryptographic function to reference data without having the data itself exposed or in use.

Answer 96

A

B. Data value

Explanation:
Data value is typically not included in a data retention policy. Instead, retention periods, compliance requirements and data classification are included as well as lifecycle requirements and arching and retrieval procedures

Answer 97

A

C. Raw storage

Explanation:
Raw storage is storage that you have direct access to like a hard drive or an SSD that has access to the underlying device. Long term storage is storage that is intended to continue to exist and is often used for logs or data storage.

Answer 98

A

C. They will need to open the files using tools that support IRM.

Explanation:
IRM tools require that client devices and applications support IRM or that they access files via web applications that can provide IRM controls

Answer 99

A

B. Extract and catalog metadata.

Explanation:
Using existing metadata will help Angelo with his data discovery process, so he should start with that. Once he has the metadata processed, he can use it to speed up other cataloging efforts like scanning for sensitive data, classifying data and mapping the data to compliance requirements

Answer 100

A

B. Raw storage

Explanation:
This is an example of raw storage, which directly presents underlying hardware to users

Brainscape's Knowledge GenomeTM

CCSP Domain 2: Architecture and Design Flashcards

Brainscape's Knowledge Genome^TM