C838 DATA PROTECTION AND ENCRYPTION IN
CLOUD ENVIRONMENTS GUIDE
◉ A data center engineer is tasked with the destruction of data on
solid-state drives (SSDs). The engineer must ensure that the data is
not able to be retrieved. Which data destruction action should the
engineer take to meet this goal?
Answer: Crypto-shredding
◉ An organization wants to gather and interpret logs from its cloud
environment. Which system should the organization use for this
task?
Answer: Security Information and Event Management (SIEM)
◉ An organization with a Security Information and Event
Management (SIEM) system wants to minimize errors or missed
issues due to human log analysis. Which SIEM policy should the
organization use in this case?
Answer: Automated analysis of data sets
◉ Which software type allows multiple operating systems to run on
the same physical server in a virtualized environment?
Answer: Hypervisor
,◉ What is the name of the process of automatically provisioning,
configuring, and managing virtual machines and other resources in a
virtualized environment?
Answer: Orchestration
◉ Which cloud computing characteristic allows customers to
manage their utilization by only paying for the resources used?
Answer: Metered service
◉ Which cloud deployment model allows customers to take
advantage of service and price differences from two or more cloud
vendors?
Answer: Multi-cloud
◉ Which cloud consideration refers to the ability of the
infrastructure to withstand disruptive events?
Answer: Resiliency
◉ Which technology is used to protect the confidentiality of data
from on-path attacks?
Answer: Transport Layer Security (TLS)
, ◉ Which technology allows cryptographic secrets to be held in a
secure way so that they can be recovered by parties who have
authorization?
Answer: Key escrow
◉ Which safety control acts as a virtual firewall in cloud
environments?
Answer: Network security group
◉ An organization with a single headquarters building in New York
City wants to secure its cloud infrastructure so that only users at its
offices can administer its cloud resources.
Which architectural concept should the organization implement?
Answer: Geofencing
◉ Which business continuity/disaster recovery (BC/DR) term refers
to a secure container that contains all the necessary documentation
and resources needed to conduct a proper BC/DR response action?
Answer: Toolkit
◉ An organization is planning to store its production data in a public
cloud service. While researching the service, the organization
discovers that its data will be stored in a proprietary data format
CLOUD ENVIRONMENTS GUIDE
◉ A data center engineer is tasked with the destruction of data on
solid-state drives (SSDs). The engineer must ensure that the data is
not able to be retrieved. Which data destruction action should the
engineer take to meet this goal?
Answer: Crypto-shredding
◉ An organization wants to gather and interpret logs from its cloud
environment. Which system should the organization use for this
task?
Answer: Security Information and Event Management (SIEM)
◉ An organization with a Security Information and Event
Management (SIEM) system wants to minimize errors or missed
issues due to human log analysis. Which SIEM policy should the
organization use in this case?
Answer: Automated analysis of data sets
◉ Which software type allows multiple operating systems to run on
the same physical server in a virtualized environment?
Answer: Hypervisor
,◉ What is the name of the process of automatically provisioning,
configuring, and managing virtual machines and other resources in a
virtualized environment?
Answer: Orchestration
◉ Which cloud computing characteristic allows customers to
manage their utilization by only paying for the resources used?
Answer: Metered service
◉ Which cloud deployment model allows customers to take
advantage of service and price differences from two or more cloud
vendors?
Answer: Multi-cloud
◉ Which cloud consideration refers to the ability of the
infrastructure to withstand disruptive events?
Answer: Resiliency
◉ Which technology is used to protect the confidentiality of data
from on-path attacks?
Answer: Transport Layer Security (TLS)
, ◉ Which technology allows cryptographic secrets to be held in a
secure way so that they can be recovered by parties who have
authorization?
Answer: Key escrow
◉ Which safety control acts as a virtual firewall in cloud
environments?
Answer: Network security group
◉ An organization with a single headquarters building in New York
City wants to secure its cloud infrastructure so that only users at its
offices can administer its cloud resources.
Which architectural concept should the organization implement?
Answer: Geofencing
◉ Which business continuity/disaster recovery (BC/DR) term refers
to a secure container that contains all the necessary documentation
and resources needed to conduct a proper BC/DR response action?
Answer: Toolkit
◉ An organization is planning to store its production data in a public
cloud service. While researching the service, the organization
discovers that its data will be stored in a proprietary data format
