LearnZapp Practice 8

Question 1

Which of the following is the least challenging with regard to eDiscovery in the cloud?

A. Decentralization of data storage
B. Complexities of international law
C. Identifying roles such as data owner, controller and processor
D. Forensic analysis

Answer 1

D. Forensic analysis

Explanation:
Forensic analysis is the least challenging answer provided as it refers to the analysis of data once it is obtained

Question 2

The difference between KPIs and KRIs is which of the following?

A. KPIs no longer exist, having been replaced by KRIs
B. KRIs no longer exist, having been replaced by KPIs
C. KRIs are looking forward while KPIs are backward looking
D. There is no different between KPIs and KRIs

Answer 2

C. KRIs are looking forward while KPIs are backward looking

Explanation:
Key risk indicators (KRIs) try to predict future risk, while key performance indicators (KPIs) examine eevents that have already happened.

Question 3

Which of the following is not a typicaly physical access control mechanism in the cloud data center?

A. Cage locks
B. Video surveillance
C. Rack locks
D. Fire suppression

Answer 3

D. Fire suppression

Explanation:
Fire suppression systems are physical controls mechanisms commonly found in cloud data centers but are not an element of access control

Question 4

Which of the following can enhance application portability?

A. Using the same cloud provider for the production environment and archiving
B. Conducting service trials in an alternate cloud provider environment
C. Providing cloud usage training for all users
D. Tuning WAFs to detect anomalous activity in inbound connections

Answer 4

B. Conducting service trials in an alternate cloud provider environment

Explanation:
Testing is a great way to enhance assurance that applications will work in the new environment. None of the other options are relevant to the issue of application portability

Question 5

Each of the following are dependencies that must be considered when reviewing the Business Impact Analysis (BIA) after cloud migration except:

A. The cloud provider’s suppliers
B. The cloud provider’s vendors
C. The cloud provider’s utilities
D. The cloud provider’s resellers

Answer 5

D. The cloud provider’s resellers

Explanation:
The cloud provider’s resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer

Question 6

You are the data manager for a retail company; you anticipate a much higher volume of sales activity in the final quarter of each calendar year than the other quarters. In order to handle these increased transactions, and to accommodate the temporary sales personnel you will hire for only that period, you consider augmenting your internal, on premises production environment, with a cloud capability for a specific duration, and will return to operating fully on premises after the period of increased activity. Which deployment model best describes this type of arrangement?

A. Private cloud
B. Community cloud
C. Public cloud
D. Hybrid

Answer 6

D. Hybrid

Explanation:
This is an excellent description of the hybrid model, where the customer owns elements of the infrastructure and the cloud provider owns other parts

Question 7

What kind of SSAE audit reviews controls dealing with the organizations controls for assuring the confidentiality, integrity and availability of data?

A. SOC 1
B. SOC 2
C. SOC 3
D. SOC 4

Answer 7

B. SOC 2

Explanation:
SOC 2 deals with the CIA triad. SOC 1 is for financial reporting. SOC 3 is only an attestation.

Question 8

The physical layout of a cloud data center campus should include redundancies of all the following except:

A. Generators
B. HVAC Units
C. Generator fuel storage
D. Points of personnel ingress

Answer 8

D. Points of personnel ingress

Explanation:
People entering the facility can be vectored through a single security checkpoint as a means of enhancing access control; multiple lines of ingress are not necessary.

Question 9

In deciding which cloud provider to use, one of the characteristics you may want to determine about the provider is their leevel of professionalism. Which of the following tools could be use d to determine the thoroughness, detail and repeatability of the processes and procedures offered by a cloud provider?

A. The Cloud Star Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) and certification program
B. The Risk Management Framework (RMF)
C. The Capability Maturity Model (CMM)
D. The EuroCloud Star Audit Certification

Answer 9

C. The Capability Maturity Model (CMM)

Explanation:
The CMM is a way of determining a targets maturity in terms of process documentation and repeatability.
The CSA STAR and EuroCloud Star Pprograms are certifications based on applicable control sets and compliance with standards and regulations

Question 10

If you use the cloud for BCDR purposes, even if you do not operate your production environment in the cloud, you can cut costs by eliminating your:

A. Security personnel
B. BCDR Policy
C. Old access credentials
D. Need for physical hotsite/warm site

Answer 10

D. Need for physical hotsite/warm site

Explanation:
Having your data backed up and accessible in the cloud eliminates any need for having a distinct hot site/warm site separate from your primary operating environment; instead, your personnel can recover operations from somewhere with a good broadband connection

Question 11

Which of the following risks exists in the traditional environment but is dramatically increased by moving into the cloud?

A. Physical security breaches
B. Loss of utility power
C. Financial upheaval
D. Man in the middle attacks

Answer 11

D. Man in the middle attacks

Explanation:
Because all of cloud access is remote, the risks to the data in transit are dramaticallyt heightened in the cloud

Question 12

According to the CSA, what is one reason the threat of insecure interfaces and APIs are so prevalent in cloud computing?

A. APIs are always used for administrative access
B. Customers perform many high value tasks via APIs
C. APIs are cursed
D. It is impossible to securely code APIs

Answer 12

B. Customers perform many high value tasks via APIs

Explanation:
APIs will be used for many8 tasks that could have a significant negative impact on the organization, so any vulnerabilities are of great concern

Question 13

You are designing a Tier 4 data center for a large hospital. In order to plan for the possibility of losing utility power, in addition to having sufficient generators, you should plan to locate the data center ____________

A. In an urban setting
B. In a rural environment
C. Near a coast
D. At the border of different counties, regions or states

Answer 13

D. At the border of different counties, regions or states

Explanation:
Usually, different political regions are served by different utility providers; placing your data center on such a boundary may make it feasible to have redundant, overlapping power providers

Question 14

Which of the following is not an enforceable governmental request?

A. Warrant
B. Subpoena
C. Court order
D. Affidavit

Answer 14

D. Affidavit

Explanation:
An affidavit is only a form of formal testimony presented to the court. All the other options are enforceable governmental requests

Question 15

ISO 31000 is most similar to which of the following regulations

Question 16

A cloud customer that does not perform sufficient due dilligence can suffer harm if the cloud provider they have selected goes out of business. What do we call this problem?

A. Vendor lock in
B. Vendor lock out
C. Vendor incapacity
D. Unscaled

Answer 16

B. Vendor lock out

Explanation:
This is the definition of vendor lockout. Vendor lock in is when data portability is limited either through unfavorable contract language or technical limitations