Pocket Prep 18 Flashcards

Question

A cloud security engineer working for a financial institution needs to determine how long specific financial records must be stored and preserved. Which of the following specifies how long financial records must be preserved? A. Gramm-Leach-Bliley Act (GLBA) B. Privacy Act of 1988 C. General Data Protection Regulation (GDPR) D. Sarbanes-Oxley (SOX)

Answer 1

D. Sarbanes-Oxley (SOX) Explanation: The Sarbanes-Oxley Act (SOX) regulates how long financial records must be kept. SOX is enforced by the Securities and Exchange Commission (SEC). SOX was passed as a way to protect stakeholders and shareholders from improper practices and errors. This was passed as a result of the fraudulent reporting by Enron. GDPR is the European Union's (EU) requirement for member countries, including Germany, to protect personal data in their possession. GLBA is an extension to SOX, which requires personal data to be protected for the customers of the business that must be in compliance with SOX. The privacy act of 1988 is an Australian law that requires personal data to be protected.

Answer 2

B. Right to Audit Explanation: A contract between a customer and a vendor can have various terms. Some of the most common include: Right to Audit: CSPs rarely allow customers to perform their own audits, but contracts commonly include acceptance of a third-party audit in the form of a SOC 2 or ISO 27001 certification. Metrics: The contract may define metrics used to measure the service provided and assess compliance with service level agreements (SLAs). Definitions: Contracts will define various relevant terms (security, privacy, breach notification requirements, etc.) to ensure a common understanding between the two parties. Termination: The contract will define the terms by which it may be ended, including failure to provide service, failure to pay, a set duration, or with a certain amount of notice. Litigation: Contracts may include litigation terms such as requiring arbitration rather than a trial in court. Assurance: Assurance requirements set expectations for both parties. For example, the provider may be required to provide an annual SOC 2 audit report to demonstrate the effectiveness of its controls. Compliance: Cloud providers will need to have controls in place and undergo audits to ensure that their systems meet the compliance requirements of regulations and standards that apply to their customers. Access to Cloud/Data: Contracts may ensure access to services and data to protect a customer against vendor lock-in.

Answer 3

B. Capture the credit card details locally and wait for internet access to return Explanation: The only choice, if you do not have internet access, is to wait for that access to return to actually charge a credit card. There is a financial risk that a card may not be valid and a customer will have already left the store with the product. However, if the company wants to make sales at those times, that is the risk they have to take. They could capture local address information to be able to connect with the customer later. One of the conditions for cloud is broad network access. If you have access to the network (the internet), then you have access to the cloud. If you do not have access to the network, then there is no cloud. No internet access means no internet access. So it is not possible to use the internet through the mobile phone. There is no local cloud server since there is no internet. There could be a private cloud that has been built, but this company is not big enough in those remote locations to build a private cloud every place the internet is not reliable. VoIP is the transmission of a phone call over an IP-based network. For this remote location, the IP-based network would be the internet. In the scenario, there is no internet access at all, so this is not an option.

Answer 4

C. Column-level encryption Explanation: Column-level encryption can be performed to encrypt the few columns (fields or attributes) that are particularly sensitive. This allows for granular control where the columns that contain sensitive information such as social security numbers or credit card numbers can be encrypted. Application-level encryption could be used for this, but it does require more work to manage and maintain. This involves encrypting the data at the application layer before it is stored in the database. Transparent Data Encryption (TDE) encrypts the entirety of the database or specific columns. The application code does not need to be changed if TDE is used. So, this is a possible answer to this question, but given a choice, the closest answer to the question is usually better. Since the question mentions fields, which is another name for the column beyond attributes, it is the best answer here. Fully Homomorphic Encryption (FHE) is a new and emerging technique to keep the data encrypted while it is in use. The three techniques above are for encrypting data at rest.

Answer 5

A. Personally Identifiable Information Explanation: Private data can be classified into a few different categories, including: Personally Identifiable Information (PII): PII is data that can be used to uniquely identify an individual. Many laws, such as the GDPR and CCPA/CPRA, provide protection for PII. Protected Health Information (PHI): PHI includes sensitive medical data collected regarding patients by healthcare providers. In the United States, HIPAA regulates the collection, use, and protection of PHI. Payment Data: Payment data includes sensitive information used to make payments, including credit and debit card numbers, bank account numbers, etc. This information is protected under the Payment Card Industry Data Security Standard (PCI DSS). Contractual Private Data: Contractual private data is sensitive data that is protected under a contract rather than a law or regulation. For example, intellectual property (IP) covered under a non-disclosure agreement (NDA) is contractual private data.

Answer 6

A. 60 percent relative humidity Explanation: The recommended maximum moisture level in a data center is 60 percent relative humidity. The recommended minimum is 40 percent relative humidity. When there is too much moisture in the air, it can cause condensation to form, which may damage the systems. In addition, having the humidity levels too low may cause an excess of electrostatic discharge.

Answer 7

C. Normalization Explanation: Security information and event management (SIEM) solutions are useful tools for log analysis. Some of the key features that they provide include: Log Centralization and Aggregation: Combining logs in a single location makes them more accessible and provides additional context by drawing information from multiple log sources. Data Integrity: The SIEM is on its own system, making it more difficult for attackers to access and tamper with SIEM log files (which should be write-only). Normalization: The SIEM can ensure that all data is in a consistent format, converting things like dates that can use multiple formats. Automated Monitoring or Correlation: SIEMs can analyze the data provided to them to identify anomalies or trends that could be indicative of a cybersecurity incident. Alerting: Based on their correlation and analysis, SIEMs can alert security personnel of potential security incidents, system failures, and other events of interest. Investigative Monitoring: SIEMs support active investigations by enabling investigators to query log files or correlate events across multiple sources

Answer 8

C. Broken authentication Explanation: Broken authentication is one of the OWASP Top 10 vulnerabilities. Broken authentication occurs when an issue with a session token or cookie makes it possible for an attacker to gain unauthorized access to a web application. This can occur when session tokens are not properly validated, making it possible for an attacker to hijack the token and gain access. Another example of this can occur when cookies are not properly destroyed after a user logs out, making it possible for the next user to gain access with their cookies. Security misconfiguration occurs when someone does not understand how to configure the software, what configuration needs to be there, etc. A great resource for the OWASP top 10 can be found OWASP's website. It is good to be familiar with the top 10 and some of the solutions or fixes to prevent them from occurring. Broken access control is not top of the OWASP Top 10 list. Broken access control occurs in a variety of ways, such as failing to setup access based on the logic of least privilege or if elevation of permissions is possible for the average user when it should not be. Reference:

Answer 9

C. Software-defined networking (SDN) Explanation: In software defined networking, decisions regarding where traffic is filtered and sent are separate from the actual forwarding of the traffic. This separation allows network administrators to quickly and dynamically adjust network flows based on the needs of customers. Software defined networking is often referred to as Software Defined - Wide Area Network (SD-WAN) when it is used as the backbone network. DNSSec is an extension to DNS. DNS converts domain names, such as pocketprep.com to IP addresses. DNS is a hierarchically organized set of servers within the internet and corporate networks. DNSSec adds authentication to allow verification of the source of DNS information. DHCP is used to dynamically allocate IP addresses to devices when they join a network. VPC is a simulation of a private cloud within a public cloud environment.

Answer 10

A. Hybrid Cloud Explanation: Cloud services are available under a few different deployment models, including: Private Cloud: In private clouds, the cloud customer builds their own cloud in-house or has a provider do so for them. Private clouds have dedicated servers, making them more secure but also more expensive. Public Cloud: Public clouds are multi-tenant environments where multiple cloud customers share the same infrastructure managed by a third-party provider. Hybrid Cloud: Hybrid cloud deployments mix both public and private cloud infrastructure. This allows data and applications to be hosted on the cloud that makes the most sense for them. For example, sensitive data can be stored on the private cloud, while less-sensitive applications can take advantage of the benefits of the public cloud. Multi-Cloud: Multi-cloud environments use cloud services from multiple different cloud providers. This enables customers to take advantage of price differences or optimizations offered by different providers. Community Cloud: A community cloud is essentially a private cloud used by a group of related organizations rather than a single organization. It could be operated by that group or a third party, such as FedRAMP-compliant cloud environments operated by cloud service providers.

Answer 11

D. Resource pooling Explanation: Cloud providers may choose to do resource pooling, which is the process of aggregating all the cloud resources together and allocating them to their cloud customers. There is pooling of physical equipment into the datacenter. Then there is a pool of resources within a server that are allocated to running virtual machines. That is the Central Processing Unity (CPU), the Random Access Memory (RAM), and the network bandwidth that is available. Reversibility is the ability to get all the company's artifacts out of the cloud provider's equipment, and what is on the provider's equipment is appropriately deleted. Portability is the ability to move data from one provider to another without having to reenter the data. On-demand self-service is the ability for the customer/tenant to use a portal to purchase and provision cloud resources without having much, if any, interaction with the cloud provider.

Answer 12

B. International Standards Organization/International Electrotechnical Commission (ISO/IEC) 27018 Explanation: ISO/IEC 27018 is a standard for providing security and privacy within cloud computing. The ISO/IEC 27018 focuses on five key principles, which include communication (relaying information to cloud customers), consent (receiving permission before using customer data for any reason), control (cloud customers retain full control over their own data in the cloud), transparency (cloud providers inform customers of any potential exposure to support staff and contractors), and independent and yearly audits (cloud providers must undergo yearly audits performed by a third party). ISO/IEC 27001 is information security, cybersecurity, and privacy protection - Information Security Management System (ISMS). This is good for building and auditing a corporation's ISMS. ISO/IEC 27050 is information technology - electronic discovery (e-discovery). ISO/IEC 31000 is risk management guidelines.

Answer 13

A. Purge Explanation: When data is no longer needed, it should be disposed of using an approved and appropriate mechanism. NIST SP 800-88, Guidelines for Media Sanitization, defines three levels of data destruction: Clear: Clearing is the least secure method of data destruction and involves using mechanisms like deleting files from the system and the Recycle Bin. These files still exist on the system but are not visible to the computer. This form of data destruction is inappropriate for sensitive information. Purge: Purging destroys data by overwriting it with random or dummy data or performing cryptographic erasure (cryptoshredding). Often, purging is the only available option for sensitive data stored in the cloud, since an organization doesn’t have the ability to physically destroy the disks where their data is stored. However, in some cases, data can be recovered from media where sensitive data has just been overwritten with other data. Destroy: Destroying damages the physical media in a way that makes it unusable and the data on it unreadable. The media could be pulverized, incinerated, shredded, dipped in acid, or undergo similar methods. Wipe is not a NIST-defined method of media sanitization.

Answer 14

B. True negative ExplanatioTo understand true negatives, it is essential to grasp the concept of a confusion matrix, which is a table that summarizes the performance of a classification model. The confusion matrix consists of four elements: True Positives (TP): The model correctly predicts positive outcomes when the actual outcomes are indeed positive. True Negatives (TN): The model correctly predicts negative outcomes when the actual outcomes are indeed negative. False Positives (FP): The model incorrectly predicts positive outcomes when the actual outcomes are negative. False Negatives (FN): The model incorrectly predicts negative outcomes when the actual outcomes are positive. Because there is nothing that the analyst sees about the smart appliances and there is a compromise between the virtual desktop and the database, there is no problem with the smart appliances. Therefore, it is true that there are no (negative) IoCs regarding the smart appliances being attacked.n:

Answer 15

D. Protected Health Information (PHI) Explanation: Protected Health Information (PHI) is a subset of Personally Identifiable Information (PII). PHI applies to any entity defined under the U.S. Health Information Portability and Accountability Act (HIPAA) laws. Any information that can be tied to a unique individual as it relates to their past, current, or future health status is considered PHI. The payment card industry defines the Data Security Standard (DSS) that we fully know as PCI-DSS. It demands that payment card information be protected. GLBA is a U.S. act that ensures that personal data belonging to the customers of financial institutions must be protected. It is tied to Sarbanes Oxley (SOX). Reference:

Answer 16

A. ISO/IEC 27037 Explanation: ISO/IEC 27037 provides guidelines for handling digital evidence. It has specific activity guidance for identification, collection, acquisition, and preservation of digital evidence that could be valuable as proof of bad activities. ISO/IEC 27041 provides guidance for methods and processes used in investigations to make sure they are "fit for purpose." ISO/IEC 27042 provides guidance on analysis and interpretation of digital evidence. ISO/IEC 27036 provides guidance on cybersecurity and supplier relationships. It is an overview intended to assist corporations in securing their information and systems when working with suppliers.

Answer 17

A. Unstructured Explanation: The complexity of data discovery depends on the type of data being analyzed. Data is commonly classified into one of three categories: Structured: Structured data has a clear, consistent format. Data in a database is a classic example of structured data where all data is labeled using columns. Data discovery is easiest with structured data because the data discovery tool just needs to understand the structure of the database and the context to identify sensitive data. Unstructured Data: Unstructured data is at the other extreme from structured data and includes data where no underlying structure exists. Documents, emails, photos, and similar files are examples of unstructured data. Data discovery in unstructured data is more complex because the tool needs to identify data of interest completely on its own. Semi-Structured Data: Semi-structured data falls between structured and unstructured data, having some internal structure but not to the same degree as a database. HTML, XML, and JSON are examples of semi-structured data formats that use tags to define the function of a particular piece of data. Mostly structured is not a common classification for data.

Answer 18

A. Containers Explanation: Cloud computing is closely related to many emerging technologies. Some examples include: Containers: Containerization packages an application along with all of the dependencies that it needs to run in a single package. This container can then be moved to any platform running the container software, including cloud platforms. Edge and Fog Computing: Edge and fog computing move computations from centralized servers to devices at the network edge, enabling faster responses and less usage of bandwidth and computational power by cloud servers. Edge computing performs computing on IoT devices, while fog computing uses gateways at the edge to collect data from these devices and perform computation there. Confidential Computing: While data is commonly encrypted at rest and in transit, it is often decrypted while in use, which creates security concerns. Confidential computing involves the use of trusted execution environments (TEEs) that protect and isolate sensitive data from potential threats while in use. DevSecOps: DevSecOps is the practice of building security into automated DevOps workflows. DevSecOps can be used to secure cloud-hosted applications. Also, infrastructure as code (IaC) involves automating the configuration of cloud-based systems and servers to reduce errors and improve scalability.

Answer 19

A. Cold air aisles have the cold air coming into the front of the server racks Explanation: Cold air aisles have the cold air coming into the front of the server racks, and hot air exits the back of the server racks. That means that two answers are true but only one is correct. The correct answer is the one that answers the question. The question is about where the cold air flows in, which is into the front. The other two answers are backward. If you say cold air aisle, the cold air comes into the front. If you say hot air, the hot air exits the front. The temperature (hot or cold) describes what happens at the front of the server. Based on the direction, the cold air can be directed to that area to ensure that the servers pull in cold air rather than hot air. Depending on the overall design of the data center and location on the planet (in a mountain or near a desert), the data center can be constructed as efficiently as possible. Either configuration could be the right configuration.

Answer 20

A. Micro-segmentation Explanation: Micro-segmentation is a method of isolating a very small number of machines, possibly even one, behind a custom firewall. This is one solution for the corporation. Another would have been a security group, but that is not an option in the answers listed. Hypersegmentation isolates a traffic flow from end to end, which is similar to the concept of a Virtual Private Network (VPN), but the traffic flow would not be visible to anyone due to the capability of the hypervisors to isolate tenants. Virtualized networking involves many different types of options from Virtualized Local Area Networks (VLAN) to the virtualization of a data center and its network in an Infrastructure as a Service (IaaS) deployment. Containers are a way to create a virtualized environment that contains specific applications. Containers use Kubernetes (K8S) for deployment and management. It isolates an application, not a server as the question requires.

Answer 21

B. Demographic information Explanation: Protected Health Information (PHI) covers items such as demographic information, medical history, physical and mental health information, lab results, physician notes, and other health related items. Passport numbers, political views, and current street addresses would be considered Personally Identifiable Information (PII) rather than PHI.

Answer 22

C. Redirecting legitimate users to compromised or spoofed systems Explanation: Correct answer: Redirecting legitimate users to compromised or spoofed systems DNS servers provide information that converts domain names, such as PocketPrep.com, to Internet Protocol (IP) addresses. If poisoned, the wrong information would then be provided to the users. This would allow them to redirect legitimate users to compromised or spoofed systems. Stealing PII would be a data breach. This is when information ends up in the wrong hands. Flooding the systems on the network with traffic so that they can't reply to legitimate traffic is a Denial of Service (DoS) attack. It could also be a Distributed DoS (DDoS). In a DDoS, the attack comes from many sources simultaneously. If all files on the network are encrypted by an attacker, that would likely be a ransomware attack.

Answer 23

B. There is never an appropriate scenario in which to accept a risk Explanation: There are times when a company may choose to simply accept a risk rather than do anything to deal with it. This is often done when the cost of mitigating the risk outweighs the cost of simply dealing with the consequences if the risk was to occur. A company can opt to implement procedures and controls to ensure that a specific risk is never realized. Nothing is ever perfect, but that can certainly be their goal. Insurance policies are a common risk transference option. It has the intention of covering the financial costs of successful exploits. It is necessary to ensure that the conditions of the policy are understood. It can easily be stated that if the company does not implement the appropriate controls, it will not cover the costs of the exploitation. Performing a risk assessment allows a corporation to understand the likelihood and expected impact of specific scenarios. Based on that, an appropriate risk mitigation can be chosen based on a cost-benefit analysis.

Answer 24

D. Abuse Testing Explanation: Abuse testing is when software is tested to see that it properly handles unexpected, malformed, or malicious inputs. It verifies that software not only performs correctly when used correctly but also is secure and robust when something unexpected happens. Unit, integration, and regression testing verify that the software meets requirements and exhibits desirable behavior when used correctly.

Answer 25

B. Micro segmentation Explanation: Micro segmentation allows very small network segments to be constructed—as small as one virtual machine. That one virtual machine would be protected by a firewall tailored to the network and software on that virtual machine. Hyper segmentation is utilizing the capability of hypervisors to isolate virtual machines to ensure that the transmission of a specific traffic flow cannot be seen by anyone who should not be able to see it. Virtual segmentation and virtual extensible segmentation are methods of building virtual Local Area Networks (LAN).

Answer 26

D. Federated Identity Management (FIM) Explanation: Federated Identity Management (FIM), also known as Federated Identity, allows for single sign on across disparate organizations. FIM can use SAML, OAuth, and OpenID, among other technologies in the cloud. Because the question involves a company and its contractors, who work for other businesses, FIM is a better answer than SSO. If FIM was not here, SSO would be a good answer. SAML or OpenID could be a good answer to this since it is a technology used for FIM in the cloud. However, we do not have any data in the question that would point us to SAML versus OpenID. So the more generic answer of FIM works better. FIM does not mean that the user will not have other accounts though. It can be used as SSO. Single Sign-On (SSO) allows an individual to authenticate once using a single set of authentication credentials and be given access to other independent systems.

Answer 27

B. Continual service improvement management Explanation: Continual Service Improvement (CSI) is the practice within the ITIL framework that focuses on continually improving the quality of IT services delivered to customers. It is an iterative process that aims to enhance service performance, efficiency, and effectiveness over time. CSI involves monitoring, analyzing, and making changes to IT services, processes, and strategies to align them with changing business needs and goals. Service Level Management (SLM) is a process within the ITIL framework that focuses on establishing and maintaining appropriate service levels to meet the needs of customers and align with business objectives. SLM aims to define, negotiate, and manage Service-Level Agreements (SLAs) between the service provider and the customer. Availability management is a process within the ITIL framework that focuses on ensuring that IT services meet agreed-upon availability targets to support business operations. The primary goal of Availability management is to optimize the availability of IT services by identifying and addressing potential vulnerabilities and risks that may affect service availability. Capacity management is a process within the ITIL framework that focuses on ensuring that IT resources are effectively and efficiently utilized to meet current and future business requirements. It involves the proactive management of resources to ensure that they are available when needed without underutilization or overutilization. Reference:

Answer 28

D. Non-repudiation Explanation: Non-repudiation refers to a person’s inability to deny that they took a particular action. Chain of custody helps to enforce non-repudiation because it demonstrates that the evidence has not been tampered with in a way that could enable someone to deny their actions. Confidentiality, integrity, and availability are the "CIA triad" that describes the main goals of security.

Answer 29

B. Data breach Explanation: A data breach occurs when data is leaked or stolen, either intentionally or unintentionally. This is not an Advanced Persistent Threat (APT). An APT requires an advanced level of skill from bad actors who usually will be attacking for one nation state against another. Account hijacking is a step along the way when the bad actor assumed the role that the firewall had to access the database. The whole attack was for the purpose of stealing the data, which is a data breach. Command injection occurs when a bad actor types a command into a field that is interpreted by the server. This is similar to an SQL injection. Reference:

Answer 30

A. Orchestration Explanation: Orchestration enables the automation of patch management tasks. It can automatically scan cloud environments for vulnerabilities, identify systems that require patches, and initiate the patching process based on predefined rules or policies. This reduces manual effort, minimizes human errors, and ensures consistent patch deployment across the cloud infrastructure. Live migration is a technique used in virtualization environments that allows a running Virtual Machine (VM) to be moved from one physical host to another without interrupting its operation or impacting the services running on the VM. It enables administrators to dynamically migrate VMs across different physical hosts for various purposes, such as load balancing, hardware maintenance, energy optimization, or improving resource utilization. Cloud message queues are a type of asynchronous communication service provided by cloud platforms that enable the decoupling of components within distributed systems or microservice architectures. They provide a reliable and scalable way to send, store, and retrieve messages between different parts of an application or between different applications running in the cloud. Security Information and Event Management (SIEM) correlation is a process of analyzing and correlating security events and log data from various sources within a network or system to identify patterns, relationships, and potential security incidents. SIEM correlation helps organizations gain better visibility into their security posture, detect threats, and respond effectively to security incidents.

Answer 31

B. Prescriptive analytics Explanation: Prescriptive analytics uses mathematical models and optimization techniques to recommend actions or decisions based on a given set of constraints, objectives, and possible outcomes (such as how to gain a competitive advantage, reduce costs, and improve performance). Predictive analytics focuses on analyzing historical data and predicting future outcomes. Descriptive analytics works to describe the data. It looks to analyze the information and provide details regarding that data. Machine learning is designed to apply the principles of data science to uncover hidden knowledge in our data. These three possible answer options only begin to help the corporation. Prescriptive takes it a step further with information on what they should do about this knowledge.

Answer 32

D. Shares Explanation; The concept of shares is that CPU and memory resources are available for virtual machines that need them. The flexibility of the shared environment that is the cloud makes it possible for virtual machines to expand to meet the user's needs or shrink back. This is the elasticity of the cloud. It is the shared space that it expands into. It generally works on a first-come first-serve basis. Reservations set aside some of that CPU and memory for a specific virtual machine. A limit restricts a virtual machine's ability to expand past a certain point. An object is a file of some type. It could be a virtual machine image, video, document, spreadsheet, and so on.

Answer 33

C. No special requirements are needed Explanation: This is an IaaS deployment. The edge router in the cloud is virtual within the IaaS deployment. The physical edge router that is in the cloud provider's network is not visible to the customer. The virtual router belongs to the customer. It is their operating system. They are the only ones who have traffic passing through that router, unless, of course, there is a bad actor sending data through it. In both Platform as a Service (PaaS) and Software as a Service (SaaS) deployments, the routers, virtual or physical, are not visible to the cloud customer. If they do want to see that traffic, they would need to work with the cloud provider. This is because the routers belong to the cloud provider and would have traffic from other cloud customers passing through it. For this reason, the "permission from all cloud customers," "a written contract and written permission" and the "input and involvement from the cloud provider" are not correct.

Answer 34

C. Advanced Persistent Threat (APT) Explanation: Advanced Persistent Threat (APT) is an attack, which aims to gain access to the network and systems while staying undetected. APTs will try not to do anything that could be disruptive, as their goal is to maintain access for as long as possible without raising any red flags. The fundamental goal of the attack in the question is to shut down the power grid. However, DoS is not the best answer because of the description of who is attacking and how it is much more aggressive than just a DoS attack. Since this is nation state against nation state and the attack is slow, combined with the goal of not being detected, APT is the best answer. A command injection is when an Operating System (OS) command is entered into a field that is used by users during normal application activity. This is not a malicious insider. If that were the subject of this question, it would be necessary to obtain a government agent hired by the opposition government with the intention of remaining there and causing damage from within the government.

Answer 35

A. Hybrid cloud Explanation: A hybrid cloud deployment model is a combination of two of the three options: public, private, and community. It could be public and private, private and community, or public and community as in the question. A public cloud example is Amazon Web Service (AWS). A private cloud is built for a single company. Fundamentally, it means that all the tenants on a single server are from the same company. A community example is the National Institute of Health (NIH), which built a community cloud to advance science, diagnosis, and patient care. A Storage Area Network (SAN) is the physical and virtual structure that holds data at rest. SAN protocols include Fibre Channel and iSCSI.

Answer 36

C. Reservations Explanation: Reservations refer to the minimum guaranteed amount of resources that a cloud customer will receive, regardless of the resources being used by other cloud customers. This guarantees that the cloud customer will always have, at the very least, the minimum amount of resources needed to power and operate their services. Because of ideas such as multitenancy, in which many cloud customers are utilizing the same pool of resources, reservations protect cloud customers in the event that a neighboring cloud customer experiences an attack that causes them to overuse resources, making them limited. A limit is the maximum amount of resources a Virtual Machine (VM), application, container, etc. is allowed to use. This is actually a good thing to do so that something like this attack would not cause a serious financial strain on Organization B. Pooling is the collection of the resources that a VM, application, container, etc. can pull resources from. These pools would be inside of a single server. It is the CPU, the memory, the storage, and the network capacity that must be divided among the current tenants. Shares is whatever is left over of the pool after the reservations are assigned.

Answer 37

C. Legal hold Explanation: Organizations or individuals may need to archive and retain data that meets specific requirements to be used in legal court proceedings. This type of data retention is known as legal hold. A legal hold occurs because law enforcement, a lawyer, or the regulators issue a document that says that the data must be protected and not destroyed. A subpoena is defined in the Oxford dictionary as "a writ ordering a person to attend a court." A warrant is defined in the Oxford dictionary as "a document issued by a legal or government official authorizing the police or some other body to make an arrest, search premises, or carry out some other action relating to the administration of justice." The stored communication act is a U.S. law that compels third parties to turn over "stored wire and electronic communications and transactional records." This applies to phone companies, service providers, and the like.

Answer 38

Explanation: The Cloud Security Alliance (CSA) lists four main categories of system vulnerabilities. They are as follows: Zero-day vulnerabilities Missing security patches Configuration-based vulnerabilities Weak or default credentials Vulnerabilities are flaws. They can exist in any architecture and any service model and could be the responsibility of the customer or the cloud provider. If the bad actors did access the data, it could be an accidental cloud data disclosure issue. But the team is reporting that the bad actor could gain access, not that they did gain access. This is a small detail, but that is what you need to look for in this test. Since the bad actor did not get the data, the cloud storage data exfiltration option is also incorrect. It is plausible that the system vulnerability is in the API. The question does not specify that, so the more generic system vulnerabilities is a better answer. More details can be found in the CSA Pandemic 11 document, which is recommended reading for this test.

Answer 39

B. Log Centralization and Aggregation Explanation: Correct answer: Log Centralization and Aggregation Security information and event management (SIEM) solutions are useful tools for log analysis. Some of the key features that they provide include: Log Centralization and Aggregation: Combining logs in a single location makes them more accessible and provides additional context by drawing information from multiple log sources. Data Integrity: The SIEM is on its own system, making it more difficult for attackers to access and tamper with SIEM log files (which should be write-only). Normalization: The SIEM can ensure that all data is in a consistent format, converting things like dates that can use multiple formats. Automated Monitoring or Correlation: SIEMs can analyze the data provided to them to identify anomalies or trends that could be indicative of a cybersecurity incident. Alerting: Based on their correlation and analysis, SIEMs can alert security personnel of potential security incidents, system failures, and other events of interest. Investigative Monitoring: SIEMs support active investigations by enabling investigators to query log files or correlate events across multiple sources.

Answer 40

A. Tier 2 Explanation: The Uptime Institute publishes the most widely used standard for data center topologies. The standard is based on a series of four tiers. The standard also incorporates compliance tests. A tier 2 data center has generators, UPS devices, pumps, and fuel tanks to ensure continued operations within the datacenter. A tier 1 data center has exactly what it needs: a space dedicated to IT operations with its own dedicated cooling systems. A tier 3 data center adds a redundant distribution path, the path the power takes. It also moves up to concurrently maintainable infrastructure. The servers and other equipment have the capacity to be hot swappable. It is not necessary to shut down equipment to swap out, for example, a power supply or line card. It is also often described as 2n, meaning it has double the equipment that it needs. A tier 4 data center adds critical fault tolerance to the IT infrastructure. It is also often described as 2n+1. It has more than double the equipment needed for normal operations.

Answer 41

A. Direct and indirect identifiers Explanation: Anonymization is removing both direct and indirect identifiers. If only the direct identifiers are removed, it is called de-identification. Removing all the identifiers is basically what is being done, but the answer with direct and indirect identifiers is more technically accurate. Direct identifiers in the context of Personally Identifiable Information (PII) refer to specific pieces of information that can be used to directly identify an individual. These identifiers are unique to an individual and can be linked directly to their identity without any further information. Indirect identifiers in the context of PII refer to pieces of information that, on their own, may not directly identify an individual but can still be used to indirectly identify or link to an individual when combined with other data or in conjunction with additional information. What is direct versus indirect is a bit debatable. It depends on, many times, the laws and regulations and how they have been written. But some examples of direct identifiers are full name, Social Security Number (SSN), and passport number. Some examples that are probably considered indirect are Vehicle Identification Number (VIN), religious beliefs, gender, and educational background.`

Answer 42

B. Identification and authentication failures Explanation: Identification and authentication failures (formerly Broken authentication) occur when applications do not have the proper controls or processes in place to secure their authentication and session tokens. This type of vulnerability allows for attackers to hijack session tokens and use them for their own nefarious purposes. Injection refers to a class of vulnerabilities that occur when untrusted data is sent to an interpreter or a command execution component without proper validation or sanitization. This includes Structured Query Language (SQL) and Operating System (OS) command injections. Software and data integrity failures occur when the integrity of software or data is compromised, leading to unauthorized modifications, data corruption, or the introduction of malicious code. Security misconfiguration, which now includes XML External Entitites (XXE), refers to the improper configuration or implementation of security controls and mechanisms, leaving vulnerabilities that can be exploited by attackers. This includes things like leaving the default passwords and configurations in place in production.

Answer 43

B. Detect Explanation: An incident response plan (IRP) should lay out the steps that the incident response team (IRT) should carry out during each step of the incident management process. This process is commonly broken up into several steps, including: Prepare: During the preparation stage, the organization develops and tests the IRP and forms the IRT. Detect: Often, detection is performed by the security operations center (SOC), which performs ongoing security monitoring and alerts the IRT if an issue is discovered. Issues may also be raised by users, security researchers, or other third parties. Respond: At this point, the IRT investigates the incident and develops a remediation strategy. This phase will also involve containing the incident and notifying relevant stakeholders. Recover: During the recovery phase, the IRT takes steps to restore the organization to a secure state. This could include changing compromised passwords and similar steps. Additionally, the IRT works to address and remediate the underlying cause of the incident to ensure that it is completely fixed. Post-Incident: After the incident, the IRT should document everything and perform a retrospective to identify potential room for improvement and try to identify and remediate the root cause to stop future incidents from happening.

Answer 44

C. Functional and nonfunctional testing Explanation: As each portion of code is created and completed, functional testing is done on it by the development team. This testing is done to ensure that it compiles correctly and operates as intended. DAST requires the application to be functional. At this point, the code is still being written, so it is too early. The same would be true for quality assurance testing and IAST. DAST is a method of testing to look for any possible attack that can be done from the user's interface. IAST is a method of testing that analyzes the code as the program is run. Quality assurance really is a combination of all these methods of testing and more.

Answer 45

C. Metered Service Explanation: The six common characteristics of cloud computing include: Broad Network Access: Cloud services are widely available over the network, whether using web browsers, secure shell (SSH), or other protocols. On-Demand Self-Service: Cloud customers can redesign their cloud infrastructure at need, leasing additional storage or processing power or specialized components and gaining access to them on-demand. Resource Pooling: Cloud customers lease resources from a shared pool maintained by the cloud provider at need. This enables the cloud provider to take advantage of economies of scale by spreading infrastructure costs over multiple cloud customers. Rapid Elasticity and Scalability: Cloud customers can expand or contract their cloud footprint at need, much faster than would be possible if they were using physical infrastructure. Measured or Metered Service: Cloud providers measure their customers’ usage of the cloud and bill them for the resources that they use. Multitenancy: Public cloud environments are multitenant, meaning that multiple different cloud customers share the same underlying infrastructure. Reference:

Answer 46

D. Vendor management is done Explanation: The widespread use of open-source software has caused us to start focusing more on vendor management. Log4j is an example of not managing it. Integrating the OSS code properly is certainly something that needs to be done. A bigger security concern is the source of the OSS, the updates to that code, and other concerns of that nature. Having trained software developers who test the open-source code would be ideal, but you cannot rely on that being done. The work must be done by Chantria and the software developers and testers.

Answer 47

D. Interoperability Explanation: Interoperability is defined, in ISO/IEC 17788, as “the ability of two or more systems or applications to exchange information and to mutually use the information that has been exchanged." If a specific cloud provider has some specific format that the virtual machine image [for Infrastructure as a Service (IaaS)] or how the data is stored in Platform and Software as a Service (PaaS and SaaS), then it will be difficult to take those images or that data to another cloud provider. That is a vendor lock-in problem. Portability is the ability to transfer data from one system to another without having to re-enter the data. That is very close to an answer to the question. However, interoperability is the immediate problem for vendor lock in. Portability is about moving the data. Reversibility is defined in ISO/IEC 17788 as the "process for cloud service customers to retrieve their cloud service customer data and application artifacts and for the cloud service provider to delete all cloud service customer data as well as contractually specified cloud service derived data after an agreed period." So reversibility is about getting out. Resiliency is about maintaining a specific level of service. That is furthest from vendor lock in. Reference:

Answer 48

B. Cloud Service Provider (CSP) Explanation: In both the server-based and the server-less deployment options within PaaS, the CSP is responsible for the network controls. This is also true for Software as a Service (SaaS). In Infrastructure as a Service (IaaS), it would be shared. The CSP is responsible for the physical network controls. The CC is responsible for the virtual network controls. Cloud regulators are not responsible. They may assess controls. They may assess fines. But they are not responsible.

Answer 49

D. North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Explanation: Correct answer: North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) is a not-for-profit organization that collaborates with industry stakeholders to set standards for the operations and monitoring of the power system and its enforcement. The national infrastructure, power, water, etc. is heavily regulated because the country relies on infrastructure. GLBA is a U.S. regulation that requires the protection of personal information held by financial institutions. It is related to Sarbanes Oxley (SOX), which requires the protection of financial data. PIPEDA is a Canadian regulation that requires the protection of personal information.

Answer 50

C. Legal hold Explanation: Organizations or individuals may need to archive and retain data that meets specific requirements to be used in legal court proceedings. This type of data retention is known as legal hold. A legal hold occurs because law enforcement, a lawyer, or the regulators issue a document that says that the data must be protected and not destroyed. A subpoena is defined in the Oxford dictionary as "a writ ordering a person to attend a court." A warrant is defined in the Oxford dictionary as "a document issued by a legal or government official authorizing the police or some other body to make an arrest, search premises, or carry out some other action relating to the administration of justice." The stored communication act is a U.S. law that compels third parties to turn over "stored wire and electronic communications and transactional records." This applies to phone companies, service providers, and the like.

Answer 51

A. Representational State Transfer (REST) Explanation: REpresentational State Transfer (REST) is a software architectural scheme that supports multiple data types, including both JSON and XML. SOAP supports only the use of XML-formatted data types, so it would not work for the organization. RPC can be considered an API. It is for commands where REST makes Create, Read, Update, Delete (CRUD) available to your application. JSON-RPC uses just JSON, not XML, which is what the question is asking for. The website for Smashing Magazine had a good write-up about some API implementations since there is very little in the ISC2 books. Reference:

Answer 52

B. Insecure interfaces and Application Programming Interfaces (API) Explanation; The Cloud Security Alliances (CSA) Pandemic 11 includes Insecure interfaces and Application Programming Interfaces (API) as the number two threat today. The API was not authenticating; it was simply performing lookups as the login name was being typed. This is a scenario that was played out by an ethical hacker against John Deer's web-based login site that allowed customers to manage their million dollar machinery. For more information refer to the Pandemic 11 anecdotes and examples section. Lack of cloud security architecture and strategy may be partly to blame for this failure, but this is more of an example of lack of planning as opposed to a specific software-based problem. Misconfigurations and inadequate change control are the setups of the computing assets (for example, giving excessive permissions, using default credentials, or not patching systems). Again, the scenario is a code-level problem. Misconfiguration and exploitation of serverless and container workloads refer to issues with the Cloud Service Provider (CSP) failing to secure the virtual environments that functions and containers are executed in.

Answer 53

B. Requirement gathering and feasibility Explanation: Cloud information security specialists should be a part of every single phase of the SSDLC, including the first stage: requirement gathering and feasibility. It is much more efficient to add in security to an application as it's being developed than to attempt to add in security features later (after it's in production). During the requirement gather and feasibility stage of the SSDLC, cloud information security specialists look at the risks associated with the project. The addition to the question of the PaaS environment does not affect this decision.

Answer 54

D. VMware Explanation: Virtual Update Manager (VUM) was developed by VMware. It is used to update both the vSphere hosts and the virtual machines that are running under them. (You don't need to know anything vendor specific for the exam, but this information might be useful at your work.)

Answer 55

C. Governance, Risk management, and Complicance (GRC) Explanation: In any cloud deployment model, IaaS, PaaS, or SaaS, the cloud consumer will be responsible for any control over the data they store in the cloud. This requires that they do their Governance, Risk management, and Compliance (GRC). Application security is shared between the customer and the cloud provider and includes setting up and managing identity and access management. Platform security is the responsibility of the provider in SaaS. It is a shared responsibility in PaaS and the customer's responsibility in IaaS.

Answer 56

D. Input validation Explanation: Input validation is a crucial aspect of secure software development and refers to the process of validating and sanitizing user input to ensure its integrity, reliability, and security. The goal of input validation is to prevent malicious or unintended data from being processed or executed by a system, thereby reducing the risk of various vulnerabilities, such as injection attacks (e.g., SQL injection, XSS). Proper logging is an essential practice in software development and system administration that involves recording relevant events, activities, and errors in a structured and systematic manner. Logging serves several important purposes, including troubleshooting, debugging, performance analysis, security monitoring, and compliance auditing. But it cannot prevent an injection attack. Security patching, also known as software patching or patch management, is the process of applying updates or fixes to software systems, applications, and devices to address identified security vulnerabilities. It is a critical practice for maintaining the security and integrity of systems and protecting them from potential exploits and attacks. Antimalware programs, also known as antivirus software or security software, are designed to detect, prevent, and remove malicious software, commonly referred to as malware, from computers and other devices. These programs play a crucial role in safeguarding systems and networks against various types of malware, such as viruses, worms, Trojans, ransomware, spyware, and adware.

Answer 57

B. Fault tolerance Explanation: Virtualization technologies play a crucial role in cloud environments, enabling the creation and management of Virtual Machines (VMs) or containers. Fault tolerance mechanisms like live migration and high availability clusters are implemented in the virtualization layer. Live migration allows VMs to be moved to another physical host without disruption, ensuring continuity of service during hardware maintenance or failures. High availability clusters involve replicating VMs across multiple hosts, so if one host fails, the workload automatically fails over to another host. TPM stands for Trusted Platform Module. It is a specialized hardware component that provides secure storage and processing capabilities for cryptographic keys, measurements, and other security-related functions. TPMs are typically integrated into computer systems, including desktops, laptops, servers, and IoT devices, to enhance their security and enable trusted computing features. But they do not provide a backup or alternative chip. Data replication and backup strategies are implemented to create multiple copies of data across geographically distributed storage systems, providing resilience against hardware failures and disasters. This is not what live migration provides. Redundant hardware is the physical server (for example, when you configure the live migration that allows a VM to be moved dynamically to another physical server, but you build the physical servers first). Live migration does not provide redundant hardware, but it uses it.

Answer 58

D. Application Programming Interfaces (API) Explanation: In a cloud environment, the key functionality of applications and the management of the cloud are based on APIs. It's very important that APIs are implemented in a secure and appropriate manner. When possible, encryption should be used for API communication. One of the API options is REpresentation State Transfer (REST). There is also SOAP, RPC, and GraphQL. Trusted Platform Modules (TPMs) are a specialized hardware component that provides secure storage and cryptographic functions to enhance the security of computing systems. TPMs are typically integrated into the motherboard or added as a separate chip. Hypervisors, also known as a Virtual Machine Monitor (VMM), is a software, firmware, or hardware layer that enables the virtualization of computer hardware resources, allowing multiple Operating Systems (OS) or Virtual Machines (VMs) to run simultaneously on a single physical machine.

Answer 59

C. It requires the organization to cease all data destruction efforts Explanation: Correct answer: It requires the organization to cease all data destruction efforts A legal hold can be initiated by an investigation by law enforcement or a regulator or a lawsuit brought by a private entity. It requires the organization to retain all data relevant to the investigation or lawsuit, but the organization can continue to delete any unrelated data.

Answer 60

C. Downtime Explanation: Cloud computing risks can depend on the cloud service model used. Some risks common to all cloud services include: CSP Data Center Location: The location of a CSP’s data center may impact its exposure to natural disasters or the risk of regulatory issues. Cloud customers should verify that a CSP’s locations are resilient against applicable natural disasters and consider potential regulatory issues. Downtime: If a CSP’s network provider is down, then its services are unavailable to its customers. CSPs should use multivendor network connectivity to improve network resiliency. Compliance: Certain types of data are protected by law and may have mandatory security controls or jurisdictional limitations. These restrictions may affect the choice of a cloud service model or CSP. General Technology Risks: CSPs are a big target for attackers, who might exploit vulnerabilities or design flaws to attack CSPs and their customers. Reference:

Answer 61

B. Enhanced analysis capabilities Explanation: The main benefit is its ability to correlate and analyze the volume of logs that come from all the IT technology—from firewalls to Intrusion Detection System (IDS). As the cloud amplifies the number of devices (they become virtual as well), the number of logs will only increase, and it is not possible to humanly read them. Having technology that analyses the logs to find Indications of Compromise (IoC) so that alerts can be sent to administrators is essential today. A SIEM is a device that devices send their logs to. It cannot block traffic. A firewall of Intrusion Prevention System (IPS) is needed for that. A SIEM cannot encrypt traffic. The logs should be encrypted for transmission to the SIEM. Once the logs arrive at the SIEM, they are decrypted. This would normally be done with Transport Layer Security (TLS). TLS only protects the transmission of the data, not the storage

Answer 62

D. Cross-site scripting Explanation: This is a Cross-Site Scripting attack (XSS). XSS was merged into the injection category in the OWASP 2021 list of threats. Cross-site scripting is a type of injection attack in which a malicious actor can send data to a user's browser without going through proper validation. There are three different types of XSS attacks. This is specifically a reflected XSS. The three types are: Reflected XSS: The injected script is embedded in a URL or input field and then reflected back in the response from the server. The attacker typically tricks the victim into clicking a malicious link containing the injected script. DOM-based XSS: This type of XSS occurs when the vulnerability exists in the client-side code (typically JavaScript) that manipulates the Document Object Model (DOM) of the webpage. The attack targets the client-side code directly, modifying the DOM to execute malicious actions. Stored XSS: The injected malicious script is permanently stored on the target server and served to multiple users when they access the affected page or view the compromised content. Insecure design is from the beginning of the software development lifecycle. It involves performing threat modeling and other actions, not an actual attack as described in the question. Security misconfiguration is when the software has insecure configurations or is left with the default configuration—not the attack itself such as in the question but rather how the developers or operations configured the software. Identification and authentication failures include things like not adhering to the least privilege principle or leaving default account and default passwords on the systems.

Answer 63

D. The cloud service customer retains ultimate responsibility for the data's security regardless of whether cloud or non-cloud services are employed Explanation: Regardless of whether cloud or non-cloud services are utilized, the data controller [the Cloud Service Customer (CSC)] is ultimately responsible for the data's security. Cloud security encompasses more than data protection; it also encompasses applications and infrastructure. According to the European Union (EU) General Data Protection Regulation (GDPR) requirements, the cloud provider is responsible for the data in its protection. The reason the answer that says “both” is not correct is the correct answer contains the word ultimate. Ultimately, the cloud customer is always responsible for their data. This question also does not mention GDPR, so it is difficult to determine if there is a legal responsibility for the data while it is in the cloud provider's care, as we do not actually know where on the planet the question is referring to.

Answer 64

A. Object storage Explanation: Object storage utilizes a flat system and assigns files and objects a key value (ID) that can be used to retrieve the files later. This differs from traditional storage, which uses a directory and tree structure. Volume storage appears to the user of a virtual machine as a virtual drive. It is very similar in presentation to the hard drive on your personal computer. You can create folders to store your files/objects within them. Software-defined storage is exactly that. There is software that defines the use of the actual storage. It decouples the storage software from the hardware. You can then add more drives quickly and easily without having to redesign. The software just adds that space to the available storage space. A data lake is similar to a data warehouse. They are both created to facilitate the analysis of data to make business decisions. A data lake is unstructured, like big data. A data warehouse is structured, like databases.

Answer 65

A. Pattern Matching Explanation: When working with unstructured data, there are a few different techniques that a data discovery tool can use: Pattern Matching: Pattern matching looks for data formats common to sensitive data, often using regular expressions. For example, the tool might look for 16-digit credit card numbers or numbers structured as XXX-XX-XXXX, which are likely US Social Security Numbers (SSNs). Lexical Analysis: Lexical analysis uses natural language processing (NLP) to analyze the meaning and context of text and identify sensitive data. For example, a discussion of “payment details” or “card numbers” could include a credit card number. Hashing: Hashing can be used to identify known-sensitive files that change infrequently. For example, a DLP solution may have a database of hashes for files containing corporate trade secrets or company applications. Schema analysis can’t be used with unstructured data because only structured databases have schemas.

Answer 66

C. Private cloud Explanation: Private clouds can be located at the service provider's location or the customer's. It can be owned by either the cloud provider or the customer. It can be managed by either the cloud provider or the customer. It could be with an MSP or a CSP. If it is with a CSP, it could be public, private, or community. If it is with an MSP, it could be either private or community. As it is just one company in the question, it is not a community, so it must be a private cloud. For more data on this, the Cloud Security Alliance (CSA) guidance 4.0 (or 5 if it has been released) would be a great read. A hybrid cloud is usually a combination of public and private clouds. The question is specifically about the private cloud though, so this is not the best answer.q

Answer 67

D. RSL Explanation: A business continuity and disaster recovery (BC/DR) plan uses various business requirements and metrics, including: Recovery Time Objective (RTO): The RTO is the amount of time that an organization is willing to have a particular system be down. This should be less than the maximum tolerable downtime (MTD), which is the maximum amount of time that a system can be down before causing significant harm to the business. Recovery Point Objective (RPO): The RPO measures the maximum amount of data that the company is willing to lose due to an event. Typically, this is based on the age of the last backup when the system is restored to normal operations. Recovery Service Level (RSL): The RSL measures the percentage of compute resources needed to keep production environments running while shutting down development, testing, etc. Reference:

Answer 68

C. Private cloud, cloud service backup Explanation: The organization is using their own private data center for their cloud, which is a private cloud. It is not necessary to have the private cloud within their own data center, but that is what's mentioned in the question. They are then backing up their cloud using a public provider, which is the cloud service backup answer option. Therefore, answers that have private backup are not correct. The answers that have cloud service backup and/or third-party backup are not correct because there is only the cloud service backup in the question.

Answer 69

C. Persistent Backdoors Explanation: Platform as a Service (PaaS) environments inherit all the risks associated with IaaS models, including personnel threats, external threats, and a lack of relevant expertise. Some additional risks added to the PaaS model include: Interoperability Issues: With PaaS, the cloud customer develops and deploys software in an environment managed by the provider. This creates the potential that the customer’s software may not be compatible with the provider’s environment or that updates to the environment may break compatibility and functionality. Persistent Backdoors: PaaS is commonly used for development purposes since it removes the need to manage the development environment. When software moves from development to production, security settings and tools designed to provide easy access during testing (i.e. backdoors) may remain enabled and leave the software vulnerable to attack in production. Virtualization: PaaS environments use virtualized OSs to provide an operating environment for hosted applications. This creates virtualization-related security risks such as hypervisor attacks, information bleed, and VM escapes. Resource Sharing: PaaS environments are multitenant environments where multiple customers may use the same provider-supplied resources. This creates the potential for side-channel attacks, breakouts, information bleed, and other issues with maintaining tenant separation.

Answer 70

C. Bastion host Explanation: A bastion host is a hardened and fortified device. To harden, you change the default password, close unnecessary ports, disable unnecessary services, etc. A VPC is a virtualized environment that is isolated to make it harder for bad actors to interfere with business processes. Micro-segmentation is when a virtual network is created that has one or just a few virtual machines behind its own firewall. A firewall is a security device that blocks or allows traffic. It should be a hardened device as well, hopefully by design.

Answer 71

A. Agile software development Explanation: Agile software development is an iterative and flexible approach to software development that prioritizes customer collaboration, adaptability, and the delivery of working software in shorter timeframes. It emerged as a response to the limitations of traditional waterfall development methods, which often struggled to meet changing requirements and deliver value in a timely manner. Waterfall software development is a linear and sequential approach to software development that follows a predefined set of phases in a rigid manner. It is characterized by distinct and well-defined phases, with each phase typically dependent on the completion of the previous one. The waterfall model is often used in projects with stable requirements and predictable outcomes. So, this is going to take too long for this customer. eXtreme Programming (XP) is an agile software development methodology that emphasizes close collaboration, continuous feedback, and a focus on delivering high-quality software. It aims to provide a flexible and adaptive approach to development while maintaining a strong emphasis on customer satisfaction. This is more than the customer needs. The customer is fine with the consequences of rushing a project, so there is not a focus on high-quality software. Iterative software development is an approach that involves breaking down the software development process into smaller, incremental iterations. It is an alternative to the traditional waterfall model where the entire development process is planned and executed sequentially. this is also close to what the customer needs, but the planning and executing sequentially is not the focus for this customer.

Answer 72

B. Service Level Management Explanation: Standards such as the Information Technology Infrastructure Library (ITIL) and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1 define operational controls and standards, including: Change Management: Change management defines a process for changes to software, processes, etc., reducing the risk that systems will break due to poorly managed changes. A formal change request should be submitted and approved or denied by a change control board after a cost-benefit analysis. If approved, the change will be implemented and tested. The team should also have a plan for how to roll back the change if something goes wrong. Continuity Management: Continuity management involves managing events that disrupt availability. After a business impact assessment (BIA) is performed, the organization should develop and document processes for prioritizing the recovery of affected systems and maintaining operations throughout the incident. Information Security Management: Information security management systems (ISMSs) define a consistent, company-wide method for managing cybersecurity risks and ensuring the confidentiality, integrity, and availability of corporate data and systems. Relevant frameworks include the ISO 27000 series, the NIST Risk Management Framework (RMF), and AICPA SOC 2. Continual Service Improvement Management: Continual service improvement management involves monitoring and measuring an organization’s security and IT services. This practice should be focused on continuous improvement, and an important aspect is ensuring that metrics accurately reflect the current state and potential process. Incident Management: Incident management refers to addressing unexpected events that have a harmful impact on the organization. Most incidents are managed by a corporate security team, which should have a defined and documented process in place for identifying and prioritizing incidents, notifying stakeholders, and remediating the incident. Problem Management: Problems are the root causes of incidents, and problem management involves identifying and addressing these issues to prevent or reduce the impact of future incidents. The organization should track known incidents and have steps documented to fix them or workarounds to provide a temporary fix. Release Management: Agile methodologies speed up the development cycle and leverage automated CI/CD pipelines to enable frequent releases. Release management processes ensure that software has passed required tests and manages the logistics of the release (scheduling, post-release testing, etc.). Deployment Management: Deployment management involves managing the process from code being committed to a repository to it being deployed to users. In automated CI/CD pipelines, the focus is on automating testing, integration, and deployment processes. Otherwise, an organization may have processes in place to perform periodic, manual deployments. Configuration Management: Configuration errors can render software insecure and place the organization at risk. Configuration management processes formalize the process of defining and updating the approved configuration to ensure that systems are configured to a secure state. Infrastructure as Code (IaC) provides a way to automate and standardize configuration management by building and configuring systems based on provided definition files. Service Level Management: Service level management deals with IT’s ability to provide services and meet service level agreements (SLAs). For example, IT may have SLAs for availability, performance, number of concurrent users, customer support response times, etc. Availability Management: Availability management ensures that services will be up and usable. Redundancy and resiliency are crucial to availability. Additionally, cloud customers will be partially responsible for the availability of their services (depending on the service model). Capacity Management: Capacity management refers to ensuring that a service provider has the necessary resources available to meet demand. With resource pooling, a cloud provider will have fewer resources than all of its users will use but relies on them not using all of the resources at once. Often, capacity guarantees are mandated in SLAs.

Answer 73

D. Application Programming Interface Explanation: a related to the usage and performance of their SaaS applications. This can include information such as user activity, resource utilization, system health, response times, and other relevant performance indicators. By accessing these APIs, customers can monitor the behavior and performance of the SaaS product in real time or collect historical data for analysis and reporting. A supply chain manager is responsible for overseeing and managing the entire process of the supply chain within an organization. They play a critical role in ensuring the smooth flow of goods, services, and information from the point of origin to the point of consumption or delivery. Open source software refers to software whose source code is freely available and can be accessed, modified, and distributed by anyone. Open source software is typically developed in a collaborative manner, with a community of developers contributing to its creation and improvement. The API could be created with open source software, but it is the API that is needed in the question. An API gateway is a server or software component that acts as an intermediary between clients (such as mobile apps, web applications, or other services) and backend services (such as databases, microservices, or legacy systems). It serves as a centralized entry point for API requests, providing various features and functionalities to enhance security, scalability, and manageability. The metrics needed come from within the application, not what passes through the gateway. Although this would be the second best answer to the question.

Answer 74

C. Hashing Explanation: When working with unstructured data, there are a few different techniques that a data discovery tool can use: Pattern Matching: Pattern matching looks for data formats common to sensitive data, often using regular expressions. For example, the tool might look for 16-digit credit card numbers or numbers structured as XXX-XX-XXXX, which are likely US Social Security Numbers (SSNs). Lexical Analysis: Lexical analysis uses natural language processing (NLP) to analyze the meaning and context of text and identify sensitive data. For example, a discussion of “payment details” or “card numbers” could include a credit card number. Hashing: Hashing can be used to identify known-sensitive files that change infrequently. For example, a DLP solution may have a database of hashes for files containing corporate trade secrets or company applications. Schema analysis can’t be used with unstructured data because only structured databases have schemas.

Answer 75

D. Project management and initiation Explanation: The Business Continuity Institute (BCI) has the following steps to plan for disasters or business continuity issues: Policy Project management and initiation Business Impact Analysis (BIA) Recovery strategies Develop the documents Implementation, Test, Update Embed the plan in the user community Since policy is not an option within this question, the first step that they can take from the four answer options listed is the project management and initiation step. This is when the team is created, and the team leader is selected. The anticipated budget is identified along with the steering committee. This is a step steeped in the project management.

Answer 76

C. Internet Protocol (IP), Transmission Control Protocol (TCP) port Explanation: iSCSI uses a combination of pieces of information to locate users' data. IP addresses and TCP port numbers are the beginning. There is also an iSCSI Qualified Name (IQN) and an Extended Unique Identifier (EUI). Fibre Channel uses WWPN and WWNN addresses as well as Logical Unit Numbers (LUN). MAC addresses are used by the layer 2 protocols that include IEEE 802.3 Ethernet. Port numbers could be physical addresses or TCP/UDP port numbers. This is not the right answer because iSCSI does not use MAC addresses. Reference:

Answer 77

C. Enforcement Explanation: DLP is made up of three major components. They include discovery, monitoring, and enforcement. Enforcement is the final stage of DLP implementation. It is the enforcement component that applies policies and then takes actions, such as deleting data. Identification is the first piece of IAAA and is the statement of who you claim to be, such as a user ID. The CSA SecaaS Category 2 document is a good read on the topic of DLP and the cloud and is highly recommended.

Pocket Prep 18 Flashcards

(102 cards)