CCSP Exams 06 Flashcards
Which of the following types of software is a Type 2 hypervisor dependent upon that is different than a Type 1 hypervisor?
Operating system
VPN
IDS
Firewall
Answer: Operating system
“Operating system” is correct because a Type 2 hypervisor runs on top of an Operating Systems, not directly against the underlying hardware like a Type 1 hypervisor.
Which cloud service category brings with it the most expensive startup costs, but also the lowest costs for ongoing support and maintenance staff?
laaS
PaaS
DaaS
SaaS
Answer: SaaS
“SaaS” is correct because SaaS will typically have the highest upfront costs, but ultimately little to no costs in staff and maintenance ongoing.
Which of the following cloud concepts encapsulates the security concerns related to bring your own device (BYOD) that a cloud security professional must always be cognizant of?
Broad network access
On-demand self-service
Interoperability
Portability
Answer: Broad network access
“Broad network access” is correct as broad network access is a key concept of cloud computing, where services and applications are accessible across the public internet and through a variety of clients and devices. This particularly applies to BYOD situations and the large number of clients and configurations that may interact with cloud services and data.
Which of the following aspects of cloud computing would be the most important consideration for a disaster recovery strategy?
Interoperability
Elasticity
Portability
Reversibility
**Answer: Portability **
“Portability” is correct because portability pertains to the ability for a cloud customer to easily move applications and services between different cloud providers. This will allow an organization to effectively establish a disaster recovery strategy, without having to modify their services and adapt to each different cloud provider.
If you are bidding on contracts with the US Federal Government, which security framework will you need to be knowledgeable and familiar with?
ISO/IEC 27001
NIST SP 800-53
SOC II
PCI DSS
Answer: NIST SP 800-53
“NIST SP 800-53” is correct as the NIST SP 800-53 publication governs requirements for security of US Government systems, with the exception of national security systems. Anyone bidding on such contracts will need to be very familiar with its requirements, as they are very specific in how hardware and configurations must be done and will be crucial for any contract proposal.
With an on-premises data center, all resources are owned, controlled, and maintained by a single entity, and typically for their exclusive use. Within a cloud environment, the same resources are shared by many different customers. What is this concept called?
System sharing
Resource pooling
Co-location
Interoperability
**Answer: Resource pooling **
“Resource pooling” is correct as resource pooling involves the sharing of a large number of resources between different customerss
Your IT Security Director has asked you to evaluate a cloud provider to determine if their security practices match with current organizational policy regarding data sanitation processes. When comparing to your traditional data center, which of the following options is unlikely to be available with a cloud provider?
Degaussing
Cryptographic erasure
Zeroing
Overwriting
Answer: Degaussing
“Degaussing” is correct because degaussing is a process of physically altering or removing the magnetic nature of storage hardware, and as such, would not be available within a cloud environment. This is due to resource pooling and multitenancy, as well as the dynamic nature of a cloud, where data can be moved and stored in different places constantly.
Which of the following threat types is mostly likely to occur as a result of an organization moving from a traditional data center to a cloud environment?
System vulnerabilities
Data breach
Insecure APIs
Insufficient due diligence
Answer: Insufficient due diligence
“Insufficient due diligence” is correct because an organization must fully evaluate and prepare for a cloud move to ensure they are meeting all security requirements.
Which of the following types of threats is often made possible via social engineering tactics?
System vulnerabilities
Insufficient due diligence
Data loss
Advanced persistent threats
Answer: Advanced persistent threats (APT)
“Advanced persistent threats (APT)” is correct as advanced persistent threats occur when an attacker is able to gain access to a system and reside there for a long period of time without being detected. This is usually done to snoop on traffic or collect information over time. Often, it is accomplished through social engineering tactics to gain access to valid and real accounts so that access can be performed without detection.
Which type of cloud service category would having a vendor-neutral encryption scheme for data-at-rest by the most important?
Public
Hybrid
Private
Community
Answer: Hybrid
“Hybrid” is correct because with a hybrid cloud category, a vendor-neutral solution for encryption would be the most important since the application and data would be spanning more than one cloud provider.
What is a key benefit of using a cloud laaS solution versus a data center?
Less use of energy to run resources
Ability to scale up infrastructure based on future usage
Costs are measured and prices based on actual usage
Transfer in the cost of ownership
Answer: Costs are measured and prices are based on actual usage
“Costs are measured and prices based on actual usage” is correct because the key benefit with laaS is only paying for the infrastructure that you use and not incurring costs for idle hardware.
Which of the following statements about data policies within a SaaS implementation is most true?
Software policies are set for the entire system and adapted to each customer.
Software policies are focused on each customer to meet their needs.
Software policies are negotiated by customers to reach an agreement for the overall system.
Software policies are set for the entire system, and users are expected to conform to them.
**Answer: Software policies are set for the entire system, and users are expected to conform to them. **
“Software policies are set for the entire system and users are expected to conform to them” is correct because within a Saas implementation, because the cloud provider develops, implements, and maintains the entire application, software policies are set for the entire system and individual customers are expected to adapt to them. It is not feasible for a SaaS provider to adapt their applications and policies to each individual customer.
Which concept of cloud computing pertains to the ability to reuse components and services of an application for other purposes?
Resource pooling
Elasticity
Portability
Interoperability
Answer: Interoperability
“Interoperability” is correct as interoperability is the ease with which one can move or reuse components of an application or service
The NIST Cloud Technology Roadmap contains a component focused on the minimum requirements to meet satisfactory contractual obligations between the cloud provider and cloud customer. Which of the following encapsulates this concept?
SLA
Accountability
Auditing
Governance
**Answer: SLA **
“SLA” is correct as the service level agreement (SLA) forms the basis for evaluating control compliance between the cloud customer and cloud provider. It documents and articulates specific requirements for availability, processes, customer service, support, security controls, auditing, reporting, and any other areas deemed important by company policy or regulation from the cloud customer.
What is one potential adverse effect of a DDoS attack in a cloud environment that would likely be different from a traditional data center?
Data breach
Latency
Costs
Availability
**Answer: Costs **
“Costs” is correct because cloud services are based entirely upon metered usage, where customers are billed for the number of resources they consume. A DDoS attack can potentially be very expensive for a cloud customer. With the increase in network resources, resources, as well as the possible effects of auto-scaling, this would be different than a traditional data center in most instances.
Cloud systems serve as the host and backbone for the rapidly expanding world of loT devices. What does loT stand for?
Internet of Technologies
Item of Technology
Internet of Things
Items of Things
Answer: Internet of Things
“Internet of Things” is correct as loT stands for Internet of Things.
Which of the following is not a type of artificial intelligence as it pertains to cloud-computing?
Regression-adaptive
Humanized
Analytical
Human-inspired
**Answer: Regression-adaptive **
“Regression-adaptive” is correct. The types of Al that are utilized within a cloud-computing environment are analytical, human-inspired, and humanized.
What aspect of security certification does the FIPS 140-2 standards pertain too?
Encryption keys
Security certificates
Non-repudiation
Cryptographic modules
Answer: Cryptographic modules
“Cryptographic modules” is correct because FIPS 140-2 is established by NIST of the US Federal Government to pertains to the certification of cryptographic modules. It contains 4 levels of certification, increasing in the level of requirements and scrutiny necessary for compliance.
Which cloud service category offers the most customization options and control to the cloud customer?
SaaS
DaaS
laaS
PaaS
Answer: laaS
“laaS” is correct as the infrastructure as a service (laaS) category allows the most customization and control for the cloud customer, as the cloud provider merely provides the virtualized environment to deploy virtual machines and virtual network devices within, but then leaves it to the cloud customer to deploy and configure those specific items.
Which of the cloud cross-cutting aspects relates to the oversight of processes and systems as well as to ensuring their compliance with specific policies and regulations?
Auditability
Regulatory requirements
Service level agreements
Governance
Answer: Auditability
“Auditability” is correct. Auditing involves reports and evidence that show user activity, compliance with controls and regulations, the systems and processes that run and what they do, as well as information and data access and modification records. A cloud environment adds additional complexity to traditional audits because the cloud customer will not have the same level of access to systems and data as they would in a traditional data center.
What are the four types of cloud deployment models?
External, Internal, hybrid, community
Public, private, hybrid, community
Public, internal, hybrid, community
Public, private, joint, community
**Answer: Public, private, hybrid, community **
“Public, private, hybrid, community” is correct because the four cloud deployment models are public, private, hybrid, and community.
Which cloud deployment model is most likely to offer free, or very cheap services, to customers?
Private
Community
Hybrid
Public
Answer: Public
“Public” is correct as public clouds offer services to anyone, regardless of affiliation, and are the most likely to offer free services to users. Examples of public clouds with free services include iCloud, Dropbox, and OneDrive.
Which of the following is not considered a building block technology for cloud computing?
CPU
Servers
Memory
Storage
Answer: Servers
“Servers” is correct as servers are not a key building block technology of a cloud environment, as the focus is on computing resources, not the number of actual servers being used.
Which of the following statements is most true pertaining to the cost of operations versus infrastructure between a cloud and a traditional data center?
The costs of operations will be higher with a traditional data center, while the costs of infrastructure will be lower.
The costs of operations and infrastructure will be about the same between a cloud and a traditional data center.
The costs of operations in a cloud will be higher and the costs of infrastructure lower than a traditional data center.
The costs of both will be lower with a cloud environment than with a traditional data center.
Answer: The costs of operations in a cloud will be higher and the costs of infrastructure lower than a traditional data center.
“The costs of operations in a cloud will be higher and the costs of infrastructure lower than a traditional data center” is correct because the costs of infrastructure will be much lower in a cloud environment than a traditional data center. However, the costs of operations and managing the environment in the cloud will be higher.
