Certificate of Cloud Security Knowledge v1.0

Page:    1 / 15   
Exam contains 230 questions
Expand All

Sending data to a provider's storage over an API is likely as much more reliable and secure than setting up your own SFTP server on a VM in the same provider

  • A. False
  • B. True


Answer : B

What is true of searching data across cloud environments?

  • A. You might not have the ability or administrative rights to search or access all hosted data.
  • B. The cloud provider must conduct the search with the full administrative controls.
  • C. All cloud-hosted email accounts are easily searchable.
  • D. Search and discovery time is always factored into a contract between the consumer and provider.
  • E. You can easily search across your environment using any E-Discovery tool.


Answer : A

How does running applications on distinct virtual networks and only connecting networks as needed help?

  • A. It reduces hardware costs
  • B. It provides dynamic and granular policies with less management overhead
  • C. It locks down access and provides stronger data security
  • D. It reduces the blast radius of a compromised system
  • E. It enables you to configure applications around business groups


Answer : D

How can virtual machine communications bypass network security controls?

  • A. VM communications may use a virtual network on the same hardware host
  • B. The guest OS can invoke stealth mode
  • C. Hypervisors depend upon multiple network interfaces
  • D. VM images can contain rootkits programmed to bypass firewalls
  • E. Most network security systems do not recognize encrypted VM traffic


Answer : A

ENISA: `VM hopping` is:

  • A. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.
  • B. Looping within virtualized routing systems.
  • C. Lack of vulnerability management standards.
  • D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
  • E. Instability in VM patch management causing VM routing errors.


Answer : D

Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?

  • A. Access control
  • B. Federated Identity Management
  • C. Authoritative source
  • D. Entitlement
  • E. Authentication


Answer : D

Which concept provides the abstraction needed for resource pools?

  • A. Virtualization
  • B. Applistructure
  • C. Hypervisor
  • D. Metastructure
  • E. Orchestration


Answer : A

Network logs from cloud providers are typically flow records, not full packet captures.

  • A. False
  • B. True


Answer : B

Select the best definition of `compliance` from the options below.

  • A. The development of a routine that covers all necessary security measures.
  • B. The diligent habits of good security practices and recording of the same.
  • C. The timely and efficient filing of security reports.
  • D. The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate.
  • E. The process of completing all forms and paperwork necessary to develop a defensible paper trail.


Answer : D

CCM: In the CCM tool, `Encryption and Key Management` is an example of which of the following?

  • A. Risk Impact
  • B. Domain
  • C. Control Specification


Answer : B

In volume storage, what method is often used to support resiliency and security?

  • A. proxy encryption
  • B. data rights management
  • C. hypervisor agents
  • D. data dispersion
  • E. random placement


Answer : D

What is true of security as it relates to cloud network infrastructure?

  • A. You should apply cloud firewalls on a per-network basis.
  • B. You should deploy your cloud firewalls identical to the existing firewalls.
  • C. You should always open traffic between workloads in the same virtual subnet for better visibility.
  • D. You should implement a default allow with cloud firewalls and then restrict as necessary.
  • E. You should implement a default deny with cloud firewalls.


Answer : E

Which statement best describes the impact of Cloud Computing on business continuity management?

  • A. A general lack of interoperability standards means that extra focus must be placed on the security aspects of migration between Cloud providers.
  • B. The size of data sets hosted at a Cloud provider can present challenges if migration to another provider becomes necessary.
  • C. Customers of SaaS providers in particular need to mitigate the risks of application lock-in.
  • D. Clients need to do business continuity planning due diligence in case they suddenly need to switch providers.
  • E. Geographic redundancy ensures that Cloud Providers provide highly available services.


Answer : E

What is known as a code execution environment running within an operating system that shares and uses the resources of the operating system?

  • A. Platform-based Workload
  • B. Pod
  • C. Abstraction
  • D. Container
  • E. Virtual machine


Answer : D

Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

  • A. Planned Outages
  • B. Resiliency Planning
  • C. Expected Engineering
  • D. Chaos Engineering
  • E. Organized Downtime


Answer : D

Page:    1 / 15   
Exam contains 230 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy