Chapter 3 All In One Flashcards
Which type of technology can be used within a cloud environment to quickly verify the integrity of data objects that are likely to exist in many places?
A. Hashing
B. Tokenization
C. Mapping
D. Labeling
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 131). McGraw Hill LLC. Kindle Edition.
A. Hashing
Explanation:
Hashing allows for taking any type of data structure and quickly producing a fingerprint or checksum value of fixed size, regardless of the size, type, or content of the original source. Due to the speed and efficiency of hashing, it is very useful for ensuring the integrity of data objects that exist in many places or across many types of storage.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 131). McGraw Hill LLC. Kindle Edition.
What term pertains to the manner in which data is stored throughout a cloud environment and dependent, in many cases, on the type of service requested or required?
A. Data distribution
B. Data dispersion
C. Data replication
D. Data redundancy
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 131). McGraw Hill LLC. Kindle Edition.
B. Data dispersion
Explanation:
Data dispersion is the term related to the distributed nature of data storage, within a cloud environment, that may span individual data centers or geographic regions, typically related to the level of service requested by the cloud customer.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 131). McGraw Hill LLC. Kindle Edition.
Which of the following is not a type of storage used within a cloud environment?
A. Structured
B. Volume
C. Container
D. Object
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 132). McGraw Hill LLC. Kindle Edition.
C. Container
Explanation:
Container is not a storage type used in a cloud environment. Both the volume and object storage types are used within Infrastructure as a Service, and the structured storage type is used as part of a Platform as a Service offering.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 132). McGraw Hill LLC. Kindle Edition.
4.Which of the following is not part of the CCM domains?
A. Environmental
B. Human resources
C. Threat and vulnerability management
D. Mobile security
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 132). McGraw Hill LLC. Kindle Edition.
A. Environmental
Explanation:
Environmental is not an explicit domain under the CCM. The other three options, human resources, threat and vulnerability management, and mobile security, are all actual domains explicitly named in the CCM.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 132). McGraw Hill LLC. Kindle Edition.
Which of the following logs could be exposed to a cloud customer in a Software as a Service environment, if the contract allows it?
A. Billing records
B. Management plane logs
C. Network captures
D. Operating system logs
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 132). McGraw Hill LLC. Kindle Edition.
A. Billing records
Explanation:
Billing records would most likely be available in a Software as a Service environment if allowed or required by the contract. The other choices, management plane logs, network captures, and operating system logs, would all be solely accessible and used by the cloud provider in a SaaS environment, as none of the systems that generate those logs falls within the responsibility of or access allowed to the cloud customer.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 132). McGraw Hill LLC. Kindle Edition.
Which of the following storage types are used in a Platform as a Service model?
A. Volume and object
B. Structured and unstructured
C. Content and database
D. Volume and labeled
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 132). McGraw Hill LLC. Kindle Edition.
B. Structured and unstructured
Explanation:
Structured and unstructured storage types are used in the Platform as a Service model. The volume and object storage types are used within the Infrastructure as a Service model. The other two options, content and database as well as volume and labeled, are not used as a pair with any cloud service category, although volume is part of Infrastructure as a Service, and the use of databases would be a major component of the structured storage type offered under Platform as a Service.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 133). McGraw Hill LLC. Kindle Edition.
Where would the DLP solution be located for data-in-use monitoring?
A. On the application server
B. On the user’s device
C. On the network boundary
D. Integrated with the database server
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 133). McGraw Hill LLC. Kindle Edition.
B. On the user’s device
Explanation:
On the user’s device is the correct choice for data-in-use monitoring. Integrated with the database server would provide coverage for data at rest, while on the network boundary would provide coverage for data in transit. On the application server is also not appropriate because the actual use and viewing of data would occur through the client, as well as being outside the immediate security enclave of the application.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 133). McGraw Hill LLC. Kindle Edition.
8.Which of the following data destruction methods would be available in a public cloud model?
A. Degaussing
B. Shredding
C. Encryption
D. Recycling
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 133). McGraw Hill LLC. Kindle Edition.
C. Encryption
Explanation:
Encryption is a data destruction method available in a public cloud model. Cryptographic erasure, in which the encryption keys are deleted as a means to protect and destroy data, is a software process that is always available in any environment. Degaussing, shredding, and recycling are all physically destructive methods that would not be available with a cloud hosting arrangement, and most certainly not with a public cloud environment.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 133). McGraw Hill LLC. Kindle Edition.
9.Which of the following is not a feature of an SIEM solution?
A. Monitoring
B. Aggregation
C. Alerting
D. Dashboards
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (pp. 133-134). McGraw Hill LLC. Kindle Edition.
A. Monitoring
Explanation:
Monitoring is not a feature of an SIEM solution. SIEM solutions work by aggregating data, which can then be used for alerting on specific conditions, but not used in the sense of system monitoring. Dashboards are also a common feature of SIEM solutions to present reporting and alerting outputs to users or management.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 134). McGraw Hill LLC. Kindle Edition.
Which of the following is not a key component of a data archiving strategy?
A. Format
B. Technologies
C. Testing
D. Size
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 134). McGraw Hill LLC. Kindle Edition.
D. Size
Explanation:
The size of archives is not a key component of a data archiving strategy. The main driving components of a data archiving strategy deal with the format of the archives, the technologies used with the archiving, and the ongoing and successful testing of restoration capabilities.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 134). McGraw Hill LLC. Kindle Edition.
Which of the following laws in the United States governs the protection of health data?
A. SOX
B. HIPAA
C. Dodd–Frank
D. ACA
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 134). McGraw Hill LLC. Kindle Edition.
B. HIPAA
Explanation:
HIPAA governs the protection of healthcare-related data. While the ACA is related to healthcare as well, it is focused on the delivery of healthcare and health insurance coverage, not the specific security and privacy concerns with the data. SOX is focused on financial systems and the security controls and reporting necessary for them, while Dodd–Frank is focused on corporate reforms and consumer protection.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 134). McGraw Hill LLC. Kindle Edition.
12.Which of the following is the sole responsibility of the cloud customer in a PaaS environment?
A. Physical security
B. Data
C. Infrastructure
D. Platform
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 134). McGraw Hill LLC. Kindle Edition.
B. Data
Explanation:
B. Data is the sole responsibility of the cloud customer in all environments. Physical security is always the responsibility of the cloud provider. With PaaS, the cloud provider is also responsible for both the infrastructure and platform aspects of the environment.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 135). McGraw Hill LLC. Kindle Edition.
Which of the following is not a key feature of an IRM solution?
A. Expiration
B. Policy control
C. Chain of custody
D. Auditing
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 135). McGraw Hill LLC. Kindle Edition.
C. Chain of custody
Explanation:
Chain of custody is not part of an IRM solution, as it is central to eDiscovery and other legal mechanisms. With an IRM solution, and the protection of data assets, the concepts of expiration, policy control, and the auditing of acceptable and authorized use are all key components.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 135). McGraw Hill LLC. Kindle Edition.
14.Encryption that is part of a database and not noticeable by the user is called what?
A. Transparent
B. Embedded
C. Passive
D. Active
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 135). McGraw Hill LLC. Kindle Edition.
A. Transparent
Explanation:
A. Transparent encryption is part of the database and not known to the user; it is integrated with the actual database processes and works as part of the ongoing workflow. The other choices—embedded, passive, and active—are general IT terms that are not applicable to this specific question.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 135). McGraw Hill LLC. Kindle Edition.
What are the three methods of data discovery?
A. Metadata, labels, content analysis
B. Metadata, categories, content analysis
C. Categories, labels, structure
D. Volumes, labels, metadata
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 135). McGraw Hill LLC. Kindle Edition.
A. Metadata, labels, content analysis
Explanation:
Metadata, labels, and content analysis are the three methods of data discovery. Metadata is looking at the “data on data” aspects, such as the creator, timestamps, software used, column headers, field names, and so on. Labels are subjective and applied to the data by systems or actual staff members, and they are only good if they are consistently and correctly applied. Content analysis involves making subjective determinations about the data from the actual content of it, either through technological or personnel efforts. The other terms used with the other responses are either not parts of data discovery or are not applicable here.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 135). McGraw Hill LLC. Kindle Edition.
