A cloud data encryption situation where the cloud customer retains control of the encryption
keys and the cloud provider only processes and stores the data could be considered a
____________.
Response:

A.

Threat

B.

Risk

C.

Hybrid cloud deployment model

D.

Case of infringing on the rights of the provider

What is a data custodian responsible for?Response:

A.

The safe custody, transport, storage of the data, and implementation of business rules

B.

Data content, context, and associated business rules

C.

Logging and alerts for all data

D.

Customer access and alerts for all data

You are the security manager for a company that is considering cloud migration to an IaaS
environment. You are assisting your company’s IT architects in constructing the
environment. Which of the following options do you recommend?
Response:

A.

Unrestricted public access

B.

Use of a Type I hypervisor

C.

Use of a Type II hypervisor

D.

Enhanced productivity without encryption

DLP solutions typically involve all of the following aspects except ___________.
Response:

A.

Data discovery

B.

Tokenization

C.

Monitoring

D.

Enforcement

Which of the following is not one of the types of controls?
Response:

A.

Transitional

B.

Administrative

C.

Technical

D.

Physical

The Cloud Security Alliance’s (CSA’s) Cloud Controls Matrix (CCM) addresses all the
following security architecture elements except ____________.
Response:

A.

Physical security

B.

IaaS

C.

Application security

D.

Business drivers

All of the following methods can be used to attenuate the harm caused by escalation of
privilege except:
Response:

A.

Extensive access control and authentication tools and techniques

B.

Analysis and review of all log data by trained, skilled personnel on a frequent basis

C.

 Periodic and effective use of cryptographic sanitization tools

D.

The use of automated analysis tools such as SIM, SIEM, and SEM solutions

An audit against the ________ will demonstrate that an organization has ¬adequate
security controls to meet its ISO 27001 requirements.
Response:

A.

SAS 70 standard

B.

SSAE 16 standard

C.

ISO 27002 certification criteria

D.

NIST SP 800-53

Resolving resource contentions in the cloud will most likely be the job of the
____________.
Response:

A.

Router

B.

Emulator

C.

Regulator

D.

Hypervisor

All of the following are activities that should be performed when capturing and maintaining
an accurate, secure system baseline except ____________.
Response:

A.

Remove all nonessential programs from the baseline image

B.

Exclude the target system you intend to baseline from any scheduled updates/patching
used in production systems

C.

Include the baseline image in the asset inventory/configuration management database

D.

Configure the host OS according to the baseline requirements

Which of the following is a risk associated with manual patching especially in the cloud?
Response:

A.

No notice before the impact is realized

B.

Lack of applicability to the environment

C.

Patches may or may not address the vulnerability they were designed to fix.

D.

The possibility for human error

Penetration testing is a(n) __________ form of security assessment.
Response:

A.

Active

B.

Comprehensive

C.

Total

D.

Inexpensive