Chapter 4 All In One Flashcards
Which of the following is the correct order for some of the steps of a BCDR strategy?
A. Define, Analyze, Design, Assess Risk, Test, Implement
B. Define, Assess Risk, Analyze, Design, Implement, Test
C. Define, Design, Analyze, Assess Risk, Test, Implement
D. Define, Analyze, Assess Risk, Design, Implement, Test
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 173). McGraw Hill LLC. Kindle Edition.
D. Define, Analyze, Assess Risk, Design, Implement, Test
Explanation:
Define, Analyze, Assess Risk, Design, Implement, Test are in the correct order; the other options are all incorrect.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 173). McGraw Hill LLC. Kindle Edition.
What is the entity called that takes the response from the identity provider to allow access to an application?
A. Relaying party
B. Relying party
C. Relaying system
D. Relying system
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 173). McGraw Hill LLC. Kindle Edition.
B. Relying party
Explanation:
The relying party takes the authentication tokens from the identity provider and then grants access and authorization based on its own business rules. The other terms and entities listed are not applicable or correct in this instance.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 173). McGraw Hill LLC. Kindle Edition.
Which of the following storage methods provides a key value to call a file from rather than a directory tree structure?
A. Volume
B. Structured
C. Object
D. Unstructured
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 173). McGraw Hill LLC. Kindle Edition.
C. Object
Explanation:
Object storage is a flat storage system that resides on external services and references storage items based on a key value rather than a traditional file system and organizational structure. Volume storage is a traditional-type file system that contains directory structures and hierarchical organization as well as uses paths and filenames for access within an Infrastructure as a Service deployment. Structured storage is used with Platform as a Service and is typically a system like a database, which has a predefined structure and organization methodology. Unstructured storage is also used with Platform as a Service and relates to data that does not fit within a predefined structure, such as web files or media objects.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 173). McGraw Hill LLC. Kindle Edition.
Which of the following concepts provides evidence that an entity is in fact who they claim to be?
A. Authentication
B. Authorization
C. Federation
D. Identification
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 174). McGraw Hill LLC. Kindle Edition.
A. Authentication
Explanation:
A. Authentication provides proof of the identification of an entity to an acceptable degree of certainty based on policy or regulation. Authorization, done after successful authentication, is the process of granting a user access to data or functions within an application and is based on the role or approved needs of the user. Federation is an authentication system that uses external identity providers that will accept authentication tokens for users, without requiring the user to create an account with the actual application. Identification is part of the authentication process.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 174). McGraw Hill LLC. Kindle Edition.
Which of the following would be the least beneficial reason to consider a cloud platform as a BCDR solution?
A. Metered service costs
B. Hardware ownership
C. Broad network access
D. Virtual host replication
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 174). McGraw Hill LLC. Kindle Edition.
B. Hardware ownership
Explanation:
Hardware ownership would be the least beneficial reason because a cloud customer does not own the hardware; the cloud provider does. Metered service costs are a major benefit of using a cloud provider for BCDR, as the cloud customer would only pay for services when they are needed, unlike traditional BCDR, which typically involves idle hardware sitting in a secondary data center that will likely never be used. Virtual host replication is also a major benefit for a cloud platform and BCDR, as it enables production systems to be regularly mirrored to a secondary location and instantly used, unlike traditional backups, which would have to be recovered on top of another configured system before they can be used. Broad network access would also be highly beneficial for BCDR, as network availability would not be a concern and the ability to access the environment from anywhere on the Internet in case of a disaster would be a major factor.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 174). McGraw Hill LLC. Kindle Edition.
Which concept involves the prioritization of virtual hosts getting system resources when a cloud is experiencing high utilization and might not be able to serve all hosts?
A. Reservations
B. Limits
C. Shares
D. Quotas
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (pp. 174-175). McGraw Hill LLC. Kindle Edition.
C. Shares
Explanation:
The concept of shares is a prioritization and weighting system within a cloud environment that sets that order of specific applications or customers to receive additional resources when requested. Those with the higher prioritization number will receive resources first, and those with lower numbers will receive resources later, or not at all. Reservations involve the setting aside of resources so that cloud customers will be guaranteed a minimum level of resources to start and use their services, even if they cannot obtain additional ones. Limits are the upper bounds set on any level (host, application, customer) that constrain the amount of resources that can be allocated and consumed, in order to protect the overall environment from any entity consuming so many resources that it impacts other customers. Quotas are used by some to mean the same thing as limits, but the latter is the preferred terminology.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 175). McGraw Hill LLC. Kindle Edition.
7.Which of the following is the most important factor in defining the controls used to test an audit?
A. Regulations
B. Policies
C. Laws
D. All of the above
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 175). McGraw Hill LLC. Kindle Edition.
D. All of the above
Explanation:
All of the above are crucial to a security audit. Regulations, policies, and laws are going to be absolutes and require specific testing and validation, and none can be bypassed during a security controls audit.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 175). McGraw Hill LLC. Kindle Edition.
What do reservations define within a cloud environment?
A. Maximum level of resources available for allocation
B.Guaranteed minimum level of resources available for allocation
C.Maximum resources available for allocation to all customers
D.A reserved pool of resources held for emergency load spikes
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 175). McGraw Hill LLC. Kindle Edition.
B.Guaranteed minimum level of resources available for allocation
Explanation:
Reservations define a guaranteed minimum level of resources available to allocate to a host to power on and perform tasks. The maximum level of resources available for allocation would refer to limits, and the maximum resources available for allocation to all customers for the entire cloud environment would be the concern of the cloud provider and play into its overall resource pooling model.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 175). McGraw Hill LLC. Kindle Edition.
What is the main objective of software-defined networking (SDN)?
A.Make networking dependent on the operating system of the host and leverage its utilities.
B.Separate the filtering of network traffic and administration from the actual transport of network traffic.
C.Allow different operating systems to seamlessly communicate with each other. D.Use software to create virtual networks instead of relying on physical network cabling.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 176). McGraw Hill LLC. Kindle Edition.
B.Separate the filtering of network traffic and administration from the actual transport of network traffic.
Explanation:
B. The main objective of SDN is to separate the filtering of network traffic and administration from the actual transport of network traffic. This allows management to be performed from portals and API calls rather than by networking specialists. Toolsets and provisioning systems can access and modify network capabilities that are specific to customer needs, without impacting the underlying actual routing and network transport of packets.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 176). McGraw Hill LLC. Kindle Edition. `
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 175). McGraw Hill LLC. Kindle Edition.
What is a major security risk with Type 2 hypervisors that does not exist with Type 1 hypervisors?
A. Slower release of security patches
B. Proprietary platform controlled by a single vendor
C.Reliance on a small number of coding platforms
D. Runs on top of another operating system
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 176). McGraw Hill LLC. Kindle Edition.
D. Runs on top of another operating system
Explanation:
Running on top of another operating system versus being tied directly to the hardware is a major security risk with Type 2 hypervisors. This makes the hypervisor potentially subject to any security exploits or issues the underlying operating system may have, as opposed to Type 1 hypervisors, which are tied directly to the hardware and do not rely on security patching and configurations of an external software package.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 176). McGraw Hill LLC. Kindle Edition.
What is the main method for doing patching in a cloud environment?
A. Scripts
B. Host management software
C. Reimaging
D. Customers applying patches on affected hosts
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 176). McGraw Hill LLC. Kindle Edition.
C. Reimaging
Explanation:
Patching in a cloud environment is typically performed by reimaging hosts from the new, fully patched baseline image, rather than deploying patches and doing validations across all the various virtual machines. This allows for consistent and uniform management of patches against a tested and validated image rather than having to validate on a host-by-host basis to ensure patches are properly received and applied.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 176). McGraw Hill LLC. Kindle Edition.
Apart from annual testing, when would it be most crucial for a BCDR plan to undergo additional testing?
A. During a change in senior management
B. During major configuration changes to an application
C. When new staff is hired
D. During a change in encryption keys
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 177). McGraw Hill LLC. Kindle Edition.
B. During major configuration changes to an application
Explanation:
B. Major configuration changes with an application should entail new BCDR testing. Any major configuration change or update represents a significant shift in an environment, and, as such, proper testing is needed to ensure that all BCDR implementations and procedures are both still valid and still work as intended. The changes mentioned in the other answer choices are either minor or personnel changes that would not require new comprehensive testing.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 177). McGraw Hill LLC. Kindle Edition.
13.What type of storage is the most likely to be used for virtual images?
A. Structured
B. Unstructured
C. Volume
D. Object
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 177). McGraw Hill LLC. Kindle Edition.
D. Object
Explanation:
Object storage is the most likely type of storage used for virtual images. Object storage is external from specific systems and references each storage object through a key value, which is ideal for system images. System images also do not need any organization structure to them, such as what volume storage would offer. Structured and unstructured would not be appropriate choices, as they are geared toward Platform as a Service and are not appropriate for storing system images.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 177). McGraw Hill LLC. Kindle Edition.
Which of the following issues would be the greatest concern from a regulatory standpoint of using a cloud provider for a BCDR solution?
A. Location of stored data
B. Scalability
C. Self-service
D. Interoperability
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 177). McGraw Hill LLC. Kindle Edition.
A. Location of stored data
Explanation:
The location of stored data would be the most important concern from a regulatory standpoint due to different jurisdictions and requirements. The other choices are all technological or cloud concepts that would not have any bearing on specific regulatory requirements.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 177). McGraw Hill LLC. Kindle Edition.
What is the process of taking logs from many different applications, servers, and appliances throughout an enterprise and using them to trace a full session or transaction?
A. Consolidation
B. Correlation
C. Collection
D. Concatenation
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 178). McGraw Hill LLC. Kindle Edition.
B. Correlation
Explanation:
Correlation is the process of taking logs from many different systems and putting them together based on a commonality to fully track a session or transaction.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 178). McGraw Hill LLC. Kindle Edition.
