Managing Cloud Security – Pre-Assessment || 100% Detailed
Answers.
To get a full assessment of the readiness of an organization, auditing should be performed during
peak processing and user loads. correct answers False
Logging levels can be negotiated and are usually listed in the SLA. correct answers True
Which of the following technologies encapsulates application software from the underlying
operating system on which it is executed to test applications? correct answers Application
virtualization
Classification uses this to mark the level of classification: correct answers Labels
Which of the following layers of CSA STAR requires the release and publication of available
results of an assessment carried out by an independent third party based on CSA CCM? correct
answers Attestation
Which framework ensures customers that the products they are buying have been evaluated and
that the vendor's claims have been verified by a vendor-neutral third party? correct answers
Common criteria assurance
Physical Environment Security is the sole responsibility of the cloud customer. correct answers
False
Which of the following defines the ease of moving and reusing application components
regardless of the provider, platform, and so on? correct answers Interoperability
What is developed to create, expand, and manage cloud services easily by providing complete
list of features and components for cloud environments? correct answers Apache CloudStack
,What are the phases of cloud data lifecycle?
Each correct answer represents a complete solution. Choose all that apply. correct answers Use
Store
Destroy
Archive
What types of risks are typically associated with virtualization? correct answers Guest breakout,
snapshot and image security, and sprawl
Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site
Infrastructure Tier Standard Topology? correct answers Redundant Site Infrastructure Capacity
Components
What order to the SDLC steps fall into? correct answers 1. Planning and Requirement Analysis
2. Defining
3. Designing
4. Developing
5. Testing
Which is not a method of protection for data in transit? correct answers SLA
Which report was created to replace SAS70? correct answers SSAE
Which kind of threat can cause higher than usual billing based on resources consumed? correct
answers Denial of Service
The key areas of a physical cloud environment are: correct answers CPU, Memory, Disk, and
Network
, Which of the following metrics reports on the time required to perform the requested operation
or tasks? correct answers Response time
Which of the following statements are true of CSP (cloud service provider)?
Each correct answer represents a complete solution. Choose all that apply. correct answers
Outsources activities and functions
Provides services and resources for use
A risk can be considered fully mitigated when? correct answers A risk cannot be fully mitigated
Which of the following software vulnerabilities occurs when an application takes untrusted data
and sends it to a web browser without proper validation? correct answers XSS
Which of the following laws is defined as the right of an individual to determine when, how, and
to what extent they will release personal information? correct answers Privacy
Which cloud deployment model is managed by an organization it serves? correct answers Private
The use of a generator eliminates the need for a Battery Backup system in a data center. correct
answers False
Which two documents contain rules which must be followed when collecting and preserving
evidence? correct answers FRE (Federal Rules of Evidence)
FRCP (Federal Rules of Civil Procedure)
Answers.
To get a full assessment of the readiness of an organization, auditing should be performed during
peak processing and user loads. correct answers False
Logging levels can be negotiated and are usually listed in the SLA. correct answers True
Which of the following technologies encapsulates application software from the underlying
operating system on which it is executed to test applications? correct answers Application
virtualization
Classification uses this to mark the level of classification: correct answers Labels
Which of the following layers of CSA STAR requires the release and publication of available
results of an assessment carried out by an independent third party based on CSA CCM? correct
answers Attestation
Which framework ensures customers that the products they are buying have been evaluated and
that the vendor's claims have been verified by a vendor-neutral third party? correct answers
Common criteria assurance
Physical Environment Security is the sole responsibility of the cloud customer. correct answers
False
Which of the following defines the ease of moving and reusing application components
regardless of the provider, platform, and so on? correct answers Interoperability
What is developed to create, expand, and manage cloud services easily by providing complete
list of features and components for cloud environments? correct answers Apache CloudStack
,What are the phases of cloud data lifecycle?
Each correct answer represents a complete solution. Choose all that apply. correct answers Use
Store
Destroy
Archive
What types of risks are typically associated with virtualization? correct answers Guest breakout,
snapshot and image security, and sprawl
Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site
Infrastructure Tier Standard Topology? correct answers Redundant Site Infrastructure Capacity
Components
What order to the SDLC steps fall into? correct answers 1. Planning and Requirement Analysis
2. Defining
3. Designing
4. Developing
5. Testing
Which is not a method of protection for data in transit? correct answers SLA
Which report was created to replace SAS70? correct answers SSAE
Which kind of threat can cause higher than usual billing based on resources consumed? correct
answers Denial of Service
The key areas of a physical cloud environment are: correct answers CPU, Memory, Disk, and
Network
, Which of the following metrics reports on the time required to perform the requested operation
or tasks? correct answers Response time
Which of the following statements are true of CSP (cloud service provider)?
Each correct answer represents a complete solution. Choose all that apply. correct answers
Outsources activities and functions
Provides services and resources for use
A risk can be considered fully mitigated when? correct answers A risk cannot be fully mitigated
Which of the following software vulnerabilities occurs when an application takes untrusted data
and sends it to a web browser without proper validation? correct answers XSS
Which of the following laws is defined as the right of an individual to determine when, how, and
to what extent they will release personal information? correct answers Privacy
Which cloud deployment model is managed by an organization it serves? correct answers Private
The use of a generator eliminates the need for a Battery Backup system in a data center. correct
answers False
Which two documents contain rules which must be followed when collecting and preserving
evidence? correct answers FRE (Federal Rules of Evidence)
FRCP (Federal Rules of Civil Procedure)
