Chapter 3 Domain 3: Cloud Platform and Infrastructure Security (Ben Malisow) Flashcards

Question

Typically, which form of cloud storage is used in the near term for snapshotted virtual machine (VM) images? A. Volume storage B. Object storage C. Logical unit number (LUN) D. Block storage Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 64). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 64). Wiley. Kindle Edition.

Answer 1

B. Object storage Explanation: Snapshotted VM images are usually kept in object storage, as files. All the other options are incorrect and option C is not a type of storage. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 249). Wiley. Kindle Edition.

Answer 2

C. Privileged users Explanation: Only the most trusted administrators and managers will have access to the cloud data center’s management plane. These will usually be cloud provider employees, but some cloud customer personnel may be granted limited access to arrange their organization’s cloud resources. Regulators do not operate a customer’s management plane, so option A is incorrect. Option B is ambiguous. However, a consumer of data is unlikely to have been given the elevated privileges necessary of operate the management plane in a cloud environment. Option B is incorrect. Option D is also an ambiguous answer. Only the most trusted administrators and managers have access to the cloud data center’s management plane. A privacy data subject is neither a most trusted administrator nor a trusted manager. Therefore, option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 249). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 249). Wiley. Kindle Edition.

Answer 3

D. Use favorable contract language. Explanation: The contract is probably the cloud customer’s best tool for avoiding vendor lock-in; contract terms will establish how easy it is to migrate your organization’s data to another provider in a timely, cost-effective manner. Options A and B are also important ways to avoid vendor lock-in, but D is the best answer. Option C is incorrect and will not aid in avoiding vendor lock-in. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 249). Wiley. Kindle Edition.

Answer 4

C. The regulator(s) Explanation: The regulator(s) overseeing your industry/organization will make the final determination as to whether your cloud configuration is suitable to meet their requirements. It is best to coordinate with your regulator(s) when first considering cloud migration. Cloud providers, cloud customers, and ISPs are not particularly concerned about whether an organization’s migration is satisfactory from a compliance perspective. The words, The regulator(s) overseeing your industry/organization will make the final determination as to whether your cloud configuration is suitable to meet their requirements. It is best to coordinate with your regulator(s) when first considering cloud migration. Cloud providers, cloud customers, and ISPs are not particularly concerned about whether an organization’s migration is satisfactory from a compliance perspective. The words, "compliance perspective" should automatically bring to mind regulators. Options A, B, and D are therefore incorrect answers. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition.

Answer 5

D. Use another provider for backup purposes. Explanation: Vendor lock-out occurs when the provider suddenly leaves the market, as during a bankruptcy or acquisition. The risks associated with lock-out include denial of service, because of total unavailability of your data. The best way to handle these risks is to have another, full backup of your data with another vendor and the ability to reconstitute your operating environment in a time frame that doesn’t exceed your recovery time objective (RTO). The other options do not aid in addressing vendor lock-out. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition.

Answer 6

A. The cloud provider Explanation: Because the cloud provider owns and operates the cloud data center, the provider will craft and promulgate the governance that determines the control selection and usage. This is another risk the cloud customer must consider when migrating into the cloud; the customer’s governance will no longer have direct precedence over the environment where the customer’s data is located. Both the cloud customer and the regulator(s) may have specific control mandates that might require the customer to deploy additional security controls (at the customer side, within the data, as agents on the user devices, or on the provider side or in application programming interfaces [APIs] as allowed by the service model or contract), so options B and C are also partially true, but A is a better answer as it is more general. Option D untrue because the end user does not determine which controls are selected for the cloud data center and how they are deployed. That is the responsibility of the cloud provider. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition.

Answer 7

B. Guest escape Explanation: The question describes a guest escape. Options A and C are other risks of operating in the cloud. Option D can lead to A or B, but B describes the more specific situation and therefore the correct answer. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition.

Answer 8

A. Host escape Explanation: The question describes host escape. Options B and C are other risks of operating in the cloud. Option D can lead to A or B, but A is the more specific situation and therefore the correct answer. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition.

Answer 9

D. Ease of use Explanation: D. Because most cloud users don’t see direct costs in creating new VM instances (the bills usually go to a single point of contact in the organization, not the user or the user’s office), they may tend to create additional VMs at a significant rate, without realizing the attendant cost. This is largely because it is so easy to do and has no apparent cost, from their perspective. All the other options do not cause virtualization sprawl. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 250). Wiley. Kindle Edition.

Answer 10

C. Management Explanation: Sprawl needs to be addressed from a managerial perspective because it is caused by allowed user actions (usually in a completely authorized capacity). Options A and D mean the same thing and could be considered as contributing to sprawl because the technological capabilities of virtualization create the ease of use that can cause sprawl. However, option C is a better answer. Option B is incorrect; sprawl occurs within the organization. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 251). Wiley. Kindle Edition.

Answer 11

D. Man-in-the-middle attacks Explanation: Because all cloud access is remote access, the risks to data in transit are dramatically heightened in the cloud. The other options exist in both the traditional environment and the cloud but are probably actually reduced in the cloud because cloud providers can use economies of scale to invest in means to reduce those risks in ways that individual organizations would not be able to. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 251). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 251). Wiley. Kindle Edition.

Answer 12

B. Defense in depth Explanation: Defense in depth, or layered defense, is perhaps the most fundamental characteristic of all security concepts. Options A and C are security aspects of some environments, and option A is likely to be a necessary trait of managed cloud services, but they are not fundamentals—they are specifics. Option D is specifically an administrative control; the question is looking for a fundamental aspect of security. Option B is more general (it applies to all types of security, in all industries and uses) and therefore is the correct choice for this question. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 251). Wiley. Kindle Edition.

Answer 13

B. Reducing potential attack vectors Explanation: A secure baseline configuration, applied and maintained automatically, ensures the optimum security footprint with the least attack surface. All the other options are benefits of automated configuration but are not specifically security enhancements. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 251). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 251). Wiley. Kindle Edition.

Answer 14

B. Security Assertion Markup Language (SAML) Explanation: B. The Security Assertion Markup Language (SAML) is probably the most common protocol being used for identity federation at the moment. Options A and C are not identity federation protocols. Option D is a federation specification, but it also uses SAML tokens. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 251). Wiley. Kindle Edition.

Answer 15

C. Identity federation Explanation: Single sign-on (SSO) is similar to federation, but it is limited to a single organization; federation is basically SSO across multiple organizations. Option A is incorrect. Options B and D are threats listed in the Open Web Application Security Project (OWASP) Top Ten; they are incorrect.

Answer 16

A. Cross-certification Explanation: The cross-certification federation model is also known as a web of trust. Proxy is another model for federation, so option B is incorrect. Single sign-on is similar to federation, but it is limited to a single organization; option C is incorrect. Option D does not have relevance in this context and therefore incorrect as an answer.

Answer 17

B. Proxy Explanation: In the proxy federation model, the third party acts on behalf of the member organizations, reviewing each to ensure that they are all acceptable to the others. Cross-certification is another model for federation, so option A is incorrect. Single sign-on is similar to federation, but it is limited to a single organization; option C is incorrect. Option D does not have relevance in this context and is therefore incorrect as an answer.

Answer 18

A .Each organization Explanation: In a web of trust federation model, all of the participating organizations are identity providers; each organization will assign identity credentials to its own authorized users, and all the other organizations in the federation will accept those credentials. A trusted third party, regulators, and clientele are not involved in the web of trust model, so the other options are incorrect.

Answer 19

A. Each organization Explanation: In a web of trust model, each member organization usually supplies both the access/identification credentials and the resources that the users want to access, so the organizations are both the identity providers and service providers in a web of trust federation model. A trusted third party, regulators, and clientele are not involved in the web of trust model, so the other options are incorrect.

Answer 20

D. Health Information Portability and Accountability Act (HIPAA) Explanation: While it’s likely the participating organizations will be subject to other federal regulations, HIPAA covers electronic patient information, so it will definitely be applicable in this case. GLBA covers financial and insurance service providers, so option A is incorrect. FMLA dictates how employers give vacation time to employees, so option B is not correct. PCI DSS is a contractual, not regulatory, standard, so option C is incorrect.

Answer 21

C. Authorization Explanation: The question describes authorization. Options A and B are part of the overall identity and access management (IAM) process, as is option C, but they do not specifically describe granting access to resources. Federation is a means of conducting IAM across organizations; option C is more specific, so D is incorrect.

Answer 22

D. Redaction Explanation: Redacting is an editorial process of excising sensitive information from disclosed data. All the other options are elements of identity management.

Answer 23

C. Human resources (HR) Explanation: This is a complicated question and requires thinking through the portions of the identification process. Identification of personnel is usually verified during the hiring process, when HR checks identification documents (such as a passport or birth certificate) to confirm the applicant’s identity, often as part of a tax registration process. Options A and B include offices that may play a role in the identification process, but it is usually HR that does the actual verification. Option D, “Sales” is untrue. If a Sales department exists in an organization, it does not perform the verification part of the provisioning element of the identification process.

Answer 24

C. Getting physical access can be difficult. Explanation: Cloud providers may be reluctant to grant physical access, even to their customers, on the assumption that allowing access would disclose information about security controls. In some cases, cloud customers won’t even know the location(s) of the data center(s) where their data is stored. The other options are all untrue. Data in the cloud and controls in the cloud can most certainly be audited. So, options A and B are incorrect. D is untrue; there are regulators for all industries, including those that operate in the cloud.

Answer 25

D. They often rely on data the provider chooses to disclose. Explanation: In many circumstances, a cloud audit will depend on which information a cloud provider discloses, which makes auditing difficult and less trustworthy. Option A is incorrect because cryptography is sometimes present in traditional environments and audits still take place. Option B is incorrect; auditors’ opinions are not relevant. Option C is untrue; equipment does not resist auditing—it is inanimate and unfeeling.

Answer 26

A. They frequently rely on third parties. Explanation: Because cloud audits are often the result of third-party assertions, recipients of cloud audit reports may be more skeptical of the results than they would have been of traditional audits, in which the recipients may have performed firsthand. Option B is untrue. The difficulty of standards is not a hindrance to audit. Option C is untrue. Paperwork does not hinder audits. Option D is not only untrue, but also hilarious. If you have ever been involved in an audit, you know that there are plenty of auditors to go around.

Answer 27

B. Limiting access to sensitive information Explanation: B. The “sensitive information,” in this case, is whatever knowledge of the data center’s security controls and processes might be gathered by physically visiting the data center. Even though a cloud customer cannot get access to the facility, this also means that other cloud customers (some of whom may be inimical to another customer’s interests) also will not have access, so none would have advantage over the other(s). Option A is incorrect because qualified personnel are still required whether a cloud environment has limited access to their data center or not. In fact, security may be degraded by having unqualified personnel rather than qualified personnel working in the cloud data center. Option C is incorrect because reducing jurisdictional exposure does not enhance security. There may be a correlation between ensuring statutory compliance and enhancing security as it applies to limiting access to the cloud data center. However, option B is a better answer because it is certainly true. Therefore, option D is not the best answer to the question. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 253). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 253). Wiley. Kindle Edition.

Answer 28

B. Automated vulnerability scan on system startup Explanation: Because VMs don’t take updates when they are not in use (snapshotted and saved as image files) and updates may be pushed while the VMs are saved, it’s important to ensure that they receive updates when they are next instantiated. A physical tracking mechanism won’t be of much aid for virtual devices because they aren’t physically stolen like hardware boxes, so option A is incorrect. Having an ACL in the image baseline would create a situation where every user from every cloud customer could access every VM in the data center; option C is incorrect. Write protection is used in forensic analysis of machines (virtual or otherwise); it would not be useful in an operational baseline. Option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 253). Wiley. Kindle Edition.

Answer 29

A. Automatic registration with the configuration management system Explanation: Version control can be difficult in a virtual environment because saved VMs don’t receive updates. Ensuring that each VM is the correct version is a function of configuration management (CM), and CM controls can be built into the baseline. Each organization will have its own training and awareness program, and there is no one-size-fits-all solution that is appropriate; this does not belong in the baseline. Option B is incorrect. Having a baseline that cannot be copied is pointless; option C is incorrect. Keystroke loggers will create a huge volume of detailed, stored data that will pose more of a security risk (and may actually be a violation of customer privacy regulations) than any benefit it offers; option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 254). Wiley. Kindle Edition.

Answer 30

C. Log file generation Explanation: Event logging is essential for incident management and resolution; this can be set as an automated function of the CM tools. Not all systems need or can utilize biometrics; option A is incorrect. Usually, tampering refers to physical intrusion of a device; since the question is about VMs, it is probably not applicable. Option B is incorrect. Hackback is illegal in many jurisdictions; option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 254). Wiley. Kindle Edition.

Answer 31

B. Auditing Explanation: A specified configuration built to defined standards and with a controlled process can be used to demonstrate that all VMs within an environment include certain controls; this can greatly enhance the efficiency of an audit process. The VM’s image has very little to do with physical security or training; options A and C are incorrect. Baseline images are the opposite of customization; option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 254). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 254). Wiley. Kindle Edition.

Answer 32

C. Whether necessary security controls are in place and functioning properly Explanation: The baseline will contain the suite of security controls applied uniformly throughout the environment. A VM image audit is unlikely to involve any form of physical security; A is incorrect. Baselines won’t predictively show malicious activity; B is incorrect. Baselines also do not have anything to do with user training and awareness; option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 254). Wiley. Kindle Edition.

Answer 33

B. Avoiding vendor lock-in/lock-out Explanation: Having an additional backup with a different provider means that if your primary provider becomes unusable for any reason (including bankruptcy or unfavorable contract terms), your data is not held hostage or lost. Custom VMs may or may not work in a new environment; this is actually a risk when porting data out of the production environment; option A is incorrect. Performance probably will not increase if data is replicated to another cloud provider; in fact, you will probably lose some load balancing capability you might have had if you kept the data and backups together. Option C is incorrect. Having two providers will always be more costly than a Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 254). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 254). Wiley. Kindle Edition.

Answer 34

D. Recover quickly from minor incidents Explanation: Having the backup within the same environment can allow easy rollback to a last known good state or to reinstantiate clean VM images after minor incidents (e.g., a malware infection in certain VMs). Ease of compliance will not be determined by the location of the backup, so option A is incorrect. Traveling should not be a major cost for cloud usage; option B is incorrect. The location of the backups won’t have any effect on user training; option C is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition.

Answer 35

D. Need for a physical hot site/warm site Explanation: Having your data backed up and accessible in the cloud eliminates any need for having a distinct hot site/warm site separate from your primary operating environment; instead, your personnel can recover operations from anywhere with a good broadband connection. Cloud BC/DR capability does not remove the necessity of security personnel and appropriate policies; both options A and B are incorrect. Option C makes no sense as an answer to the question. It is unclear how you can cut costs by eliminating your old access credentials. In fact, it is difficult to imagine how that is a true statement. Therefore, option C is a poor choice and option D is the best choice. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition.

Answer 36

D. ISP connectivity Explanation: Without ISP connectivity, nobody will be able to use the Internet and, thus, the cloud. Of course, realistically, without Internet connectivity not much business will get done anyway, for most organizations, regardless of whether they were operating in the cloud or on-premise. Option A is incorrect because the loss of any, single, cloud administrator is unlikely to gravely affect your organization’s RTO. The loss of a specific VM will probably not gravely affect your organization’s RTO. VMs can be reinstantiated with ease. Option B is incorrect. The loss of your policy and contract documentation cannot gravely affect your organizations RTO. Option C is untrue Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition.

Answer 37

C. Personnel Explanation: Health and human safety is always paramount in all security activity. All the other options are assets that should be protected, but nothing is as important as option C, so they are incorrect answers for this question. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition.

Answer 38

B. Recovery point objective Explanation: The recovery point objective (RPO) is a measure of data that can be lost in an outage without irreparably damaging the organization. Data replication strategies will most affect this metric, as the choice of strategy will determine how much recent data is available for recovery purposes. Recovery time objective (RTO) is a measure of how long an organization can endure an outage without irreparable harm. This may be affected by the replication strategy, but not as much as the RPO. Option A is incorrect. The maximum allowable downtime (MAD) is how long an organization can suffer an outage before ceasing to be an organization. This is not dependent on the RPO, and the data replication strategy won’t have much effect on it at all. Option C is incorrect. The mean time to failure (MTTF) is a measure of how long an asset is expected to last (usually hardware), as determined by the manufacturer/vendor. The data replication strategy will have no bearing on this whatsoever. Option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition. Malisow, Be n. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 255). Wiley. Kindle Edition.

Answer 39

D.Availability for data lost accidentally Explanation: A data backup/archive can offer your organization an operational “reachback” capability, where admins can assist users in recovering data lost by accident or carelessness. The backup/archive does not aid in any of the areas in the other options. So, options A, B, and C are incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 40

B. Proprietary formats/lack of interoperability Explanation: When using two different cloud providers, a cloud customer runs the risk that data/software formats used in the operational environment can’t be readily adapted to the other provider’s service, thus causing delays during an actual failover. Risks of physical intrusion are neither obviated nor enhanced by choosing to use two cloud providers; option A is incorrect. Using a different cloud provider for backup/archiving actually reduces the risks of outages due to vendor lock-in/lock-out and natural disasters, so options C and D are not correct. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 41

B. The BC/DR provider becomes the new normal production environment. Explanation: Theoretically, all the options are possibly true. However, option B is the most likely to occur and is fairly common in practice; the cost and risk of moving operations from one environment/provider to another is sizable, so staying with the secondary provider (making them the new primary) is a good way to reduce some of the risk involved in returning to normal. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 42

A. Business drivers Explanation: The business requirements will determine the crucial aspects of BC/DR. All the other options may constitute some input that will influence the BC/DR, but they are not the prevailing factors, so are incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 43

C. Business impact analysis Explanation: The business impact analysis (BIA) is designed for this purpose: to determine the critical path of assets/resources/data within the organization. It is a perfect tool to use in shaping the BC/DR plan. The risk analyses options and the risk appetite option may provide input for the BIA, but they are not what is used to determine the critical assets necessary to protect in the BC/DR activity. So, options A, B, and D are incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 44

D. Can the backup provider meet the same SLA requirements as the primary? Explanation: If the contingency operation will last for any extended period of time, it is important to know whether all the same service expectations can be met by the backup provider as were available in the production environment. All the other questions are important, but not as crucial as option D, so they are incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 45

C. Depends on the contract Explanation: BC/DR responsibilities must be negotiated and codified in the contract; initiation could be something performed by provider or customer, depending on circumstances, so the parties must agree before those circumstances are realized. It is exceedingly unlikely that “any user” in a managed cloud services arrangement can invoke a BC/DR action. Option D is therefore a poor choice for the answer to the question. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 46

C. Perform a full-scale test. Explanation: Without a full test, you can’t be sure the BC/DR plan/process will work the way it is intended. Audits are good, but they will not demonstrate actual performance the way a test will, so options A and B are incorrect. It is important that the BC/DR capacity and performance be included in the contract, but that will not truly ensure that the functionality exists; a test is required, so option D is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 256). Wiley. Kindle Edition.

Answer 47

A. Regularly update the BC/DR plan/process. Explanation: All of these are important, but without regular updates, the information will soon become outdated and a lot less useful. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 257). Wiley. Kindle Edition.

Answer 48

C. Copies of the laws/regulations/standards governing specific elements of the plan Explanation: This is not an easy question, because every plan/policy should include mention of the governance documents that drive the formation of the plan/policy; however, these can be included by reference only—you don’t need to include full copies of these governance documents. All the other options should be included in the BC/DR plan/policy. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 257). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 257). Wiley. Kindle Edition.

Answer 49

D. Someone with requisite skills Explanation: This question is difficult. You want your BC/DR plan/process to include sufficient detail such that it could be followed by someone with the right background (perhaps IT for certain roles, security for others, etc.) but without any experience or specific training in that role. This is because a contingency of the scope that would require initiation of BC/DR activities might involve dramatic, significant external forces to the point where the personnel normally tasked with BC/DR actions are not available (for instance, natural disasters, fire, civil disruption, etc.), so the tasks may need to be completed by whoever is available at the time. The BC/DR plan/process should be written and documented in such a way that someone with the requisite skills can use it. It is unlikely that typical users or regulators have the requisite skills to perform many of the BC/DR activities. Therefore options A and C are poor choices for answers to the question. It is tempting to choose option B, however, option D is a better answer because it ensures that someone with the requisite skills will be able to read the BC/DR plan and perform the activities they document. Having to rely on essential BC/DR team members being present and available to follow the plan is risky. So option B is incorrect. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 257). Wiley. Kindle Edition. Malisow, Ben. (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests (p. 257). Wiley. Kindle Edition.

Answer 50

C. Returning to normal operations too soon Explanation: A premature return to normal operations can jeopardize not only production, but personnel; if the contingency that caused the BC/DR action is not fully complete/addressed, there may still be danger remaining. The BC/DR plan/process should take into account both the absence of essential personnel and telecommunications capabilities, so options A and D are incorrect. Option B does present a serious problem for the organization, but C is still a greater risk, so B is incorrect.

Answer 51

C. Returning to normal operations too late Explanation: Not returning to normal operations in a timely fashion can cause you to exceed the RTO and the MAD. During a contingency, some of the requirements your organization faces may relax somewhat; for instance, if a life-threatening natural disaster occurs, regulators will likely understand if some of the normal compliance activities/controls are not fully incorporated while personnel and assets are moved to safety (depending on the nature of the industry, of course). Options A and B are therefore incorrect; option C poses a greater risk.

Answer 52

D. It doesn’t matter. Data can be saved anywhere without consequence. Explanation: Depending on your industry and the nature of your data, moving information into another jurisdiction may affect or invalidate your regulatory compliance. Cloud providers, wherever they are located, should compensate for environmental and physical security factors, so this should have no impact on your potential risk; options B and C are incorrect. Option D is incorrect because it is blanket statement that is not always true. In fact, for some organizations, the physical location where

Answer 53

C. Reduce the risk of regulatory noncompliance Explanation: ENISA’s approach to cloud risk assessments does not specifically address this type of assurance, probably because of the wide variety of possible regulators and the difficulty in crafting a risk assessment that would address them all. All the other options are assurance efforts that ENISA’s cloud risk assessment is meant to enhance, so they are incorrect answers for this question.

Answer 54

D. Programmatic management Explanation: ENISA includes “programmatic management” as a defining trait of cloud computing, even specifying “through WS API.” This is not included in the definition published by (ISC)2 (or by NIST). All the other characteristics are included in the (ISC)2 (and NIST) definitions.

Answer 55

D .Opportunity Explanation: The only reason organizations accept any level of risk is because of the potential benefit also afforded by a risky activity. Profit is not the hallmark of every opportunity (or every organization—many organizations are nonprofit or government-based), so option A is incorrect. Likewise, not all risky activities offer a chance to enhance performance, so option B is incorrect. Cost is not a benefit, so that doesn’t even make sense in the context of the question; option C is not correct and a distractor.

Answer 56

D. Sending the data outside the traditional environment for collaborative purposes Explanation: The cloud greatly enhances opportunities for collaboration between organizations, mostly by giving external parties some limited access to the owner’s data in the cloud. While there is risk in this situation, the truly comparable risk in the traditional environment would result from sending data outside the organization to external collaborators. (Furthermore, the organization has to balance this risk against the cost of business of not being able to collaborate, if data is never shared with third parties.) Option A is ridiculous; data should be secured whether it is in an on-premise environment or in the cloud. Option B does not create a true equivalence; disclosing data under controlled conditions is not the same as public disclosure. Option C is not equivalent to the costs/benefits of the other forms of collaboration; it would be too cumbersome for the organization to truly benefit from collaboration in a modern business environment.

Answer 57

C. Some risks cannot be transferred to a cloud provider Explanation: Under current legal frameworks, some risks (such as legal liability for privacy data breaches) cannot be transferred to a contracted party, so the data owners (that is, cloud customers) will still retain those risks. Option A is ridiculous; risks can and should be mitigated, even in the cloud. Option B is not correct; cloud migration will require some risk acceptance, but that is true for everything except avoided risk. Option D is incorrect; cloud providers can choose not to offer services or not to accept certain clients.

Answer 58

C. Software as a service (SaaS) Explanation: As the models increase in level of abstraction and service, the customer’s control over the environment decreases.

Answer 59

B. Multitenancy Explanation: Sharing resources with other, unknown customers (some of whom may be competitors of or even hostile to the organization) is a risk not faced by organizations that maintain their own, on-premise data centers. All the other answers are threats that exist in both environments and are therefore incorrect.

Answer 60

C. Any vendor the cloud customer previously used in the on-premise environment Explanation: Because supply chain dependencies can affect service, the cloud customer will need assurance that any third-party reliance is secure. Regulators and end users do not provide security to the enterprise, so options A and B are incorrect. The vendors used for on-premise security will no longer affect the data, so option C is incorrect.

Answer 61

D. Resource exhaustion Explanation: It is possible that a cloud provider will be unable to handle an increased load during contingency situations where all its customers are demanding additional resources far beyond their usual contracted rate. While this is unlikely (many cloud providers, especially the major operators in the market, have resources that greatly exceed any possible demand by their customers), it could conceivably occur if a significant number of customers experience an immediate and dramatic need for capacity, such as during a major BC/DR event (a region-wide natural disaster or a physical attack on a city). This is not something that would affect an on-premise solution; your organization’s data center is not affected by others’ demand for resources (although the on-premise environment may be affected by the same contingency that causes cloud resource exhaustion, of course). All the other options portray risks faced by both cloud and on-premise environments.

Answer 62

B. Private cloud ``` Explanation: Guest escape (a malicious user leaving the confines of a VM and able to access other VMs on the same machine) is less likely to occur and to have a significant impact in an environment provisioned for and used by a single customer. In a public cloud, this is more likely and would be more significant, so option A is incorrect. The service model doesn’t specifically dictate the likelihood of occurrence or impact (both PaaS and IaaS could be in a private or public cloud, which is the more important factor), so both options C and D are incorrect. ```

Answer 63

B. Legal seizure of another firm’s assets Explanation: Because of multitenancy and shared resources in the cloud, law enforcement may seize a cloud customer’s assets (a physical device, a data set, etc.) and inadvertently capture assets belonging to another, unsuspected/innocent organization. This could not happen in a situation where all individual organizations only kept their own assets on their own premises. All the other options include risks that exist in the traditional, on-premise environment, as well as the cloud, so they are incorrect.

Answer 64

C. Strong contractual clauses Explanation: This is not an easy question; the simple answer seems to be option A, which is true for data stored/saved/migrated to the cloud (and property that already has been created in the cloud), but for new intellectual property created in the cloud, strong contract language in favor of the customer’s rights is very necessary. Without clear-language support about the customer’s ownership of all intellectual property created in the cloud data center, the cloud provider could, ostensibly, make a claim on such property, as the provider’s resources were used in a collaborative effort to create that property. Options B and D are security controls used to protect all sorts of assets, including intellectual property, but they are not as specifically addressing the creation of new intellectual property in the cloud the way explicit contract clauses would, so option C is still the better answer.

Answer 65

B. Inference attacks Explanation: While it is possible that one guest VM seeing the resource calls of another VM could possibly allow one guest to see the other’s data, it’s much more likely that a user seeing another user’s use of resources, rather than raw data, would allow the viewer to infer something about the victim’s behavior/usage/assets. Likewise, it may be possible for the viewer to leverage knowledge of this usage as part of a social engineering attack, but that would be subsequent to the inference itself; option B is still better than C. Lack of resource isolation does not affect physical intrusions, which is just a distractor here

Answer 66

B. No social factors Explanation: Social factors should not/don’t affect the level of entropy in a random number generator. However, all the other factors listed in the other answers do, and that means that a malicious user in the cloud would be more likely (statistically) to guess/predict the random number used to create/seed an encryption key made in that same cloud environment. Cloud customers should take this into account when designing/planning their cloud configuration

Answer 67

C. vendor lock-in Explanation: Without uniformity of data formats and service mechanisms, there is no assurance that a customer would be able to easily move their cloud operation from one provider to another; this can result in lock-in. All the other options are not affected by lack of standards.

Answer 68

A. Prohibitions on port scanning and penetration testing Explanation: Many cloud providers prohibit activities that are common for administrative and security purposes but can also be construed/used for hacking; this includes port scanning and penetration testing. These restrictions can reduce the customer’s ability to perform basic security functions. While geographical dispersion of cloud assets might make securing those assets more difficult in the notional sense (customer administrators can’t physically visit the devices that host their data), remoteness does not necessarily inhibit good security practices, which can be performed at a remove. This is not as detrimental as rules against port scanning/pen testing, so option B is incorrect. There are no rules against user training or laws against securing your own assets, in the cloud or otherwise; options C and D are incorrect.

Answer 69

A. Brewer-Nash (Chinese Wall) Explanation: Brewer-Nash was specifically created for managed services arrangements, where an administrator for a given customer might also have access to a competitor’s data/environment; the model requires that administrators not be assigned to competing customers. In the modern cloud provider model, a cloud data center administrator will almost definitely have access to many customers from the same industry (i.e., competitors) but probably won’t even know it. All the other options are access control security models; cloud administrators will not (or should not) be assigning access rights, so all these options are wrong.

Answer 70

B. The administration/support staff building Explanation: Administrative and support staff are usually not part of the critical path of a data center; they are nonfunctional-requirement elements, not functional requirements. All the other options are mission-critical elements of the cloud data center and must have redundancy capabilities.

Answer 71

B. Ensuring that any cabling/connectivity enters the facility from different sides of the building/property Explanation: To avoid a situation where severing a given physical connection results in severing its backup as well (such as construction/landscaping, etc.), have redundant lines enter on different sides of the building. For health and human safety, multiple egress points from each facility is preferred (and often required by law); option A is incorrect. Emergency lighting should receive power regardless of their proximity to the power source, and parking vehicles near generators is a bad idea from a safety perspective; option C is incorrect. Not all facilities need to withstand earthquakes; this may be true of data centers in California, but not in Sydney, so it is not an industry-wide best practice. Option D is incorrect.

Answer 72

D. Points of personnel ingress Explanation: People entering the facility can be vectored through a single security checkpoint as a means of enhancing access control; multiple lines of ingress are not necessary (although multiple lines of egress are essential to ensure health and human safety). All other options are facility elements that require redundancy

Answer 73

C. The risk of negative impact to both production and backup is too high. Explanation: A recovery from backup into the production environment carries the risk of failure of both data sets—the production set and the backup set. This can cause cataclysmic harm to the organization. Recovering in the primary facility would probably be cheaper than having a different test facility, so option A is incorrect. A proper test is worth the financial expenditure, so option B is incorrect. Option D is incorrect because any BCDR plan would account for sufficient personnel workspace.

Answer 74

B. You want to approximate contingency conditions, which includes not operating in the primary location. Explanation: Assuming your facility is not available during contingency operations allows you to better approximate an emergency situation, which adds realism to the test. Though option A is an act of benevolence on the part of the organization towards the community, option B is still a better answer for the question. Option C is an act of benevolence on the part of the organization towards the employee, option B is still a better answer for the question. Option D is incorrect because it makes assumptions that cannot be counted upon. Regulatory oversight should not be avoided, and should always be assumed.

Answer 75

B. The cloud customer Explanation: In an infrastructure as a service (IaaS) model, the provider is only responsible for provisioning the devices and computing/storage capacity; the customer is responsible for everything else, including the security of the applications. All the other answers are incorrect because those individuals/organizations do not accept responsibility for securing cloud-based applications.

Answer 76

A. Create their own identity and access management (IAM) solution Explanation: According to ENISA, custom IAM builds can become weak if not properly implemented. Strong contract language in favor of the customer is always desirable for the customer, so option B is incorrect. Training for specific conditions is always advisable, so option C is incorrect. There is nothing wrong with having encryption take place before data is sent to the cloud, so option D is incorrect.

Answer 77

D. Financial Explanation: With strong contract terms, the cloud customer may be able to recover monetary damages (and even penalties) from the cloud provider as a result of a loss suffered by the customer; however, legal liability remains with the cloud customer. The other answers are not relevant in this context.

Answer 78

B. Credential revocation Explanation: Revoking credentials that might be lost when a device goes missing is a way to mitigate the possibility of those credentials being used by an unauthorized person. Punishing a user and notifying law enforcement does not prevent data from being disclosed; options A and C are incorrect. Tracking devices may assist recovery efforts, but it won’t protect against data disclosures during the period the device is not under the organization’s control; option D is incorrect.

Answer 79

B. Transactions completed successfully Explanation: Of all these options, only B is not something that will reveal untoward behavior.

Answer 80

D. Multifactor authentication Explanation: Multifactor authentication offers additional protections for assets that are critical to the organization. All logins should utilize strong passwords, whether they are critical or not, so option A is incorrect. Some form of physical perimeter security is useful, but not necessarily chain-link fences, and not only for critical assets (perimeter security will protect all assets on the campus), so option B is incorrect. Homomorphic encryption is a theoretical technology; option C is incorrect.

Answer 81

A. Prevent unknown, unpatched assets from being used as back doors to the environment Explanation: An asset that is not tracked will not be maintained properly, and an improperly maintained asset provides an avenue for attack. Options B and D are management issues, not security issues; option A is preferable to both of them. Option C is incorrect; users don’t care if their devices are catalogued and annotated. Option C is a poor choice for an answer to the question.

Answer 82

A. Interoperable export formats Explanation: Data formatted in a manner that allows its reuse in other environments is essential for portability. None of the other options are relevant to the issue of data portability.

Answer 83

B. Conducting service trials in an alternate cloud provider environment Explanation: Testing is a great way to enhance assurance that applications will work in the new environment. None of the other options are relevant to the issue of application portability.

Answer 84

C. Select an appropriate recovery time objective (RTO). Explanation: The RTO must always be less than the MAD. It is good to know that services will operate in the alternate environment and that first response contact info is current, but neither determines the speed with which services and data will be available during contingency operations; options A and B are incorrect. Regulators will usually not dictate MAD/RTO for a given organization; option D is incorrect

Answer 85

D. SLA satisfaction surveys from other (current and past) cloud customers Explanation: Of the listed options, knowing how other customers feel about a provider may be the most valuable data point; it is the most realistic depiction of whether an organization realized projected/anticipated benefits after a migration. Options A and B are just marketing materials and should not, by themselves, be all that convincing for making a migration decision. Option C is a good factor to consider, but it is only a very small piece of what migration entails; D is still a much better option.

Answer 86

C. Physical location of the launch point Explanation: Because cloud access is remote access, pen tests will be remote tests; it doesn’t really matter what the physical origin of the simulated attack is. All the other options are items the provider will want to know before the customer launches the test.

Answer 87

D. Social engineering Explanation: Performing live deception and trickery against employees of the cloud provider (or its suppliers/vendors) could be construed as unethical and possibly illegal, especially without their knowledge and/or consent. Social engineering probably won’t be involved in penetration tests run by customers. All the other options are legitimate activities a customer might perform during a penetration test (with provider permission).

Answer 88

D. Prosecution Explanation: In most jurisdictions, the activity involved in penetration testing would be considered criminal, and quite serious, and the provider would be justified in seeking law enforcement involvement and prosecution. None of the other answers make sense with respect to the question.

Answer 89

B. Advanced notice removes the element of surprise. Explanation: Because all penetration tests launched by the customer require notifying the provider beforehand (and getting permission), the simulation loses quite a bit of realism. In the traditional environment, where the organization had full control over its own assets, penetration tests could involve double-blind status, which was much more realistic. Everyone uses remote access for cloud activity, so option A is incorrect. Cloud customers will not be able to deploy malware as part of a test because that is a crime, so option C is wrong. Regulators are not involved in penetration tests, so option D is incorrect.

Answer 90

D. Virtualization Explanation: Virtualization allows for the scalability and cost reduction available in managed cloud services. All the other options are incorrect because they do not cite the technology that creates most of the cost saving in the cloud environment. Only virtualization provides this cost savings.

Answer 91

D. Sunk capital investment Explanation: In the traditional environment, the cloud customer must pay for a device for every user, which requires additional capacity that is almost never fully used; this represents a cost with no associated benefit. Moving into a virtualized environment allows the organization to only pay for resources that are utilized and not for underutilized or unused capacity. The risks and regulatory requirements for an organization do not go away when the organization moves into the cloud, so there is no cost savings associated with these elements. Therefore, all of the other options are incorrect.

Answer 92

C. Personnel Explanation: An organization operating in the cloud should not need as many IT personnel as would be required to operate a traditional enterprise with the same level of services for users; this can represent a significant cost savings. Moving into the cloud reduces neither risk nor data; options A and D are incorrect. Arguably, the cloud customer may realize some cost savings through cloud migration because the customer will not be solely responsible for acquiring, deploying, and managing security controls. However, security controls still exist—they are, instead, the responsibility of the cloud provider, and the price of applying them is enclosed in the cost of the cloud service. Moreover, this savings is not nearly as significant as the savings realized through reduction in personnel, so option C is still preferable.

Answer 93

B. The ease of transporting stolen virtual machine images Explanation: Because virtual machine images are stored as imaged files, an attacker able to access the stored files would have a much easier time transporting those files than transporting actual drives/machines. Option A actually represents a risk in the physical environment that is reduced by the use of virtual machines and is incorrect. VMs are not any more or less susceptible to malware or EMP, so options C and D are incorrect.

Answer 94

C. Operating system (OS) Explanation: Both the hypervisor and the OS orchestrate access to resources (the hypervisor coordinates requests from VMs, and the OS coordinates requests from applications). Option A is incorrect because the CPU in a traditional environment performs calculations, while the operating system manages resources and performs process scheduling. The security team in a traditional environment has a narrow and focused role, not like the operating system that manages the entire system and its resources. Pretty Good Privacy is an application that performs a specific, limited role. Option D is incorrect.

Answer 95

D. Solid-state drives (SSDs) Explanation: Solid-state drives (SSDs) are currently the most efficient and durable storage technology, so cloud providers will favor them. All the other options are older technologies that employ magnetic media in one form or another, while SSD employs electronic circuitry to store data.

Answer 96

C. Object Explanation: In object storage, data objects/files are saved in the storage space along with relevant metadata such as content type and creation date. Options A and B are different names for the same type of storage arrangement and incorrect. Option D has no meaning in this context.

Answer 97

C. Verizon Explanation: NIST’s definition of cloud carrier is “an intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers.” Of the choices, option C best represents this definition.

Answer 98

D. Hypervisor Explanation: The hypervisor orchestrates assignment of resources and is responsible for avoiding and resolving contention. The router manages traffic flow, which might be considered as resolving contention issues for resource requests outside the local device (for example, from a given device to the storage cluster) but wouldn’t handle resource requests inside a given device (such as a VM on the device making a request to the device CPU), so option D is a better answer. An emulator virtualizes programs, not machines, and is not responsible for orchestrating resource calls, so option B is incorrect. Regulators do not manage resources, so option C is incorrect.

Answer 99

D. The VM is not active while in storage Explanation: Security controls operating on a guest VM OS are only active while the VM is active; when the VM is stored, it is snapshotted and saved as a file, so those controls won’t be active either. All user access to the VMs will be done remotely; option A is simply incorrect. Security controls on OSs that are not scanned or subject to version control may be out of date or not optimized, but they will still function (just not as well), so option D is still preferable to B and C.

Answer 100

A. More expensive than spinning platters Explanation: Solid-state drives (SSDs) are usually more expensive, per drive, than their counterparts. However, as the industry matures, this is changing rapidly. Moreover, cloud providers are usually buying devices at such a scale and under such a budget that individual price differentials for device types is not the main criteria for making purchase decisions. Size and shape are not defining criteria of SSDs or tapes; options B and C are irrelevant (and also somewhat wrong). The physical nature of the drive does not affect its vulnerability to malware; option D is incorrect.

Answer 101

B. Faster than magnetic drives Explanation: SSD technology offers a great increase in speed and efficiency. SSDs are not typically more difficult to install or administer than traditional technology, nor are they more likely to fail than other storage devices, so all the other options are incorrect.

Answer 102

B. Not vulnerable to degaussing Explanation: Because SSDs do not use magnetic properties to store data, degaussing is not a suitable means of sanitizing SSDs. All the other options are untrue and are therefore inappropriate answers.

Answer 103

C. Data dispersion/encryption Explanation: Theoretically, all combinations of security controls are preferable to any one security control used by itself (this is the principle of layered defense). All of the potential responses are therefore true. However, of this list, the pairing that makes the most sense is option C, because encrypting the data while also spreading it across multiple storage devices/locations increases the protection each one offers against certain common threats (in this case, physical theft of a storage device, failure of a device, legal seizure of a device in a multitenant environment, etc.).

Answer 104

C. DLP/DRM Explanation: Theoretically, all combinations of security controls are preferable to any one security control used by itself (this is the principle of layered defense). All of the potential responses are therefore true. However, of this list, the pairing that makes the most sense is option C, because adding another layer of access control on objects while also detecting outbound motion of objects increases the protection each one offers against certain common threats (in this case, internal threats, escalation of privilege, unauthorized or inadvertent dissemination of data, etc.).

Answer 105

C. Every organization Explanation: Every organization is responsible for performing its own risk assessment for its own particular business needs. Cloud providers will not perform risk assessments on behalf of their customers. Regulatory bodies and legislative entities do not perform risk assessments.

Answer 106

C. General counsel Explanation: The best method for avoiding vendor lock-in is to have strong contract language favorable to the customer; the entity best equipped to craft contracts is the office of the general counsel. Senior management can assist the organization to avoid vendor lock-in by tasking the correct resources (offices/personnel) to perform vendor selection activities, but option A is not as accurate as C. Security personnel will have the technical skills and knowledge to properly determine the organization’s IT needs and can inform general counsel as to what services/resources will best meet the organization’s needs, but these entities are not as adept and trained at crafting contract language as the attorneys. Options B and D are not preferable to C.

Answer 107

B. Using one cloud provider for primary production and another for backup purposes Explanation: Using distinct cloud providers for production and backup ensures that the loss of one provider, for any reason, will not result in a total loss of the organization’s data. None of the other options address vendor lock-out and are therefore unsuitable as answers.

Answer 108

C. Sprawl Explanation: Users in a cloud environment may not realize the attendant costs that come along with creating many new virtual instances, and the ease with which new instances are created allows users to do so without much effort. While DDoS and phishing may include an element of user gullibility and ignorance, at least one party (the attacker) is not engaged in inadvertent activity—their behavior is very purposeful. Options A and B are incorrect. While inadvertent action can often result in incidents, disasters are usually at a much greater scale and aren’t as likely to be the result of unknowing action; option D is incorrect.

Answer 109

B.Management plane breach Explanation: Management plane breach allows an attacker to gain full control of the environment and can affect all aspects of the CIA triad. DDoS and physically attacking the utility lines, options A and D, only affect availability, which is a significant negative impact but not as bad as option B, which can affect integrity and confidentiality as well. Guest escape is a breach limited to a specific device and the virtual machines on that device; this is not as much impact as breaching the management plane, which gives full access to the entire environment.

Answer 110

A. One Explanation: Controlling access is optimized by minimizing access. All the other options are incorrect.

Answer 111

D. Mantrap structures Explanation: Usually, mantrap areas control access to sensitive locations within a facility, not an entrance to the facility. None of the other options address vendor lock-out and are therefore unsuitable as answers.

Answer 112

C. In every building on the campus Explanation: Health and human safety is a paramount goal of security; all facilities must have multiple emergency egress points. All the other options are distractors as they are included in option C.

Answer 113

B. Isolation failure Explanation: In the traditional environment, when all resources are owned, controlled, and used by the organization’s personnel, loss of isolation will only expose data to other members of the organization; isolation failure in the cloud environment may expose data to people outside the organization, a more significant impact. All the other options are risks that have similar likelihoods and impacts in the cloud and traditional environments and are therefore incorrect.

Answer 114

B. Degrade performance Explanation: Security and productivity/operations are always trade-offs. Option A is a generalization that may or may not be true depending on several variables. Some security controls are inexpensive to implement. Senior management approval may be required before security controls can be implemented, however, some may not need prior approval. It depends on the organization and how it is managed. Option C is incorrect. Option D is another generalization that may or may not be true. Whether a security control will work in the cloud environment as well as they worked in the traditional environment depends on the control and how it is implemented. Option B is a better choice.

Answer 115

A. Legal liability in multiple jurisdictions Explanation: Because cloud providers may use data centers that span state (or even national) borders, new legal risks may be introduced to the customer’s organization after cloud migration. All the other options are risks faced by organizations in both the cloud and traditional environments and are therefore incorrect.

Answer 116

A. Loss of availability due to DDoS Explanation: In the traditional environment, if DDoS prevented the organization’s connectivity with the Internet or other organizations, users still had access to their own data but simply could not share it or use it in external transactions; this hampered productivity, but not availability. In the cloud, without connectivity outside the organization, users cannot reach their data, which is an availability issue. DDoS does not affect value, confidentiality, or liability; all the other options are incorrect.

Answer 117

D. Integrity Explanation: DDoS prevents all these things except for data integrity. DDoS only prevents communication; it does not usually result in modified data.

Answer 118

C. Software licensing Explanation: In some instances, more virtualized machines will entail a relative increase in the number of software seat licenses, which can be a significant expense. Typically, cloud customers do not pay extra for additional consumption of floor space or power usage for the number of virtual machines; these costs are rolled into the per-instance price, so options A and B are incorrect. Option D is incorrect; users don’t require more training if they have more virtual assets.

Answer 119

D. BC/DR tests Explanation: When performing BC/DR tests, it is useful to create scenarios that are unpredictable and vary from previous tests so as to better approximate conditions of an actual disaster. All the other answers represent elements that should avoid variables as much as possible and are incorrect.