C838 - Managing Cloud SecurityQuestions
and Answers
1. drive security decisions.: business requirements
2. All of these are reasons because of which an organization may want
to consider cloud migration, except:: Elimination of risks
3. The generally accepted definition of cloud computing includes all of
the following characteristics except:: negating the need for backups
4. When a cloud customer uploads PII to a cloud provider, who
becomes ultimately responsible for the security of that PII?: cloud
customer
5. We use which of the following to determine the critical paths,
processes, and assets of an organization?: BIA
6. If a service or solution does not meet all of the specified key
characteris- tics listed below, it is said to be not true cloud computing.
Please select the valid cloud computing characteristics out of the terms
identified below.
Each correct answer represents a complete solution. Choose all that apply.-
: On-demand self-
service Broad
network access
Resource pooling
measured service
7. All of these technologies have made cloud service viable except::
smart hubs
8. The cloud deployment model that features organizational ownership of
the hardware and infrastructure, and usage only by members of that
organiza- tion, is known as:: private
9. The cloud deployment model that features ownership by a cloud
provider, with services offered to anyone who wants to subscribe, is
,known as:: Public
10.The cloud deployment model that features joint ownership of
assets among an affinity group is known as:: Community
11.If a cloud customer wants a secure, isolated sandbox in order to
conduct software development and testing, which cloud service model
would proba- bly be best?: PaaS
12.If a cloud customer wants a fully-operational environment with very
little maintenance or administration necessary, which cloud service model
would probably be best?: SaaS
,13.If a cloud customer wants a bare-bones environment in which to
replicate their own enterprise for BC/DR purposes, which cloud service
model would probably be best?: IaaS
14.Which of the following is not a common cloud service model?:
Program- ming as a Service
15.Cloud Access Security Brokers (CASBs) might offer all the
following services EXCEPT:: BC / DR / COOP
16.If a cloud customer cannot get access to the cloud provider, this
affects what portion of the CIA triad?: Availability
17.All of the following can result in vendor lock-in except:: Statutory
compli- ance
18.The risk that a cloud provider might go out of business and the
cloud customer might not be able to recover data is known as:: vendor
lock-out
19.All of these are features of cloud computing except:: Reversed
charging configuration
20.Cloud vendors are held to contractual obligations with specified
metrics by:: SLAs
21.Gathering business requirements can aid the organization in
determining all of this information about organizational assets, except::
Usefulness
22.The BIA can be used to provide information about all of the
following, except:: Secure Acquisition
23.Risk appetite for an organization is determined by which of the
follow- ing?: Senior management
24.What is the risk left over after controls and countermeasures are put
in place?: Residual
25.All the following are ways of addressing risk, except:: Reversal
26.Which of the following best describes risk?: The likelihood that a
threat will exploit a vulnerability
27.In which cloud service model is the customer required to maintain
the OS?: IaaS
28.In which cloud service model is the customer required to maintain
and update only the applications?: PaaS
, 29.In which cloud service model is the customer only responsible for
the data?: SaaS
and Answers
1. drive security decisions.: business requirements
2. All of these are reasons because of which an organization may want
to consider cloud migration, except:: Elimination of risks
3. The generally accepted definition of cloud computing includes all of
the following characteristics except:: negating the need for backups
4. When a cloud customer uploads PII to a cloud provider, who
becomes ultimately responsible for the security of that PII?: cloud
customer
5. We use which of the following to determine the critical paths,
processes, and assets of an organization?: BIA
6. If a service or solution does not meet all of the specified key
characteris- tics listed below, it is said to be not true cloud computing.
Please select the valid cloud computing characteristics out of the terms
identified below.
Each correct answer represents a complete solution. Choose all that apply.-
: On-demand self-
service Broad
network access
Resource pooling
measured service
7. All of these technologies have made cloud service viable except::
smart hubs
8. The cloud deployment model that features organizational ownership of
the hardware and infrastructure, and usage only by members of that
organiza- tion, is known as:: private
9. The cloud deployment model that features ownership by a cloud
provider, with services offered to anyone who wants to subscribe, is
,known as:: Public
10.The cloud deployment model that features joint ownership of
assets among an affinity group is known as:: Community
11.If a cloud customer wants a secure, isolated sandbox in order to
conduct software development and testing, which cloud service model
would proba- bly be best?: PaaS
12.If a cloud customer wants a fully-operational environment with very
little maintenance or administration necessary, which cloud service model
would probably be best?: SaaS
,13.If a cloud customer wants a bare-bones environment in which to
replicate their own enterprise for BC/DR purposes, which cloud service
model would probably be best?: IaaS
14.Which of the following is not a common cloud service model?:
Program- ming as a Service
15.Cloud Access Security Brokers (CASBs) might offer all the
following services EXCEPT:: BC / DR / COOP
16.If a cloud customer cannot get access to the cloud provider, this
affects what portion of the CIA triad?: Availability
17.All of the following can result in vendor lock-in except:: Statutory
compli- ance
18.The risk that a cloud provider might go out of business and the
cloud customer might not be able to recover data is known as:: vendor
lock-out
19.All of these are features of cloud computing except:: Reversed
charging configuration
20.Cloud vendors are held to contractual obligations with specified
metrics by:: SLAs
21.Gathering business requirements can aid the organization in
determining all of this information about organizational assets, except::
Usefulness
22.The BIA can be used to provide information about all of the
following, except:: Secure Acquisition
23.Risk appetite for an organization is determined by which of the
follow- ing?: Senior management
24.What is the risk left over after controls and countermeasures are put
in place?: Residual
25.All the following are ways of addressing risk, except:: Reversal
26.Which of the following best describes risk?: The likelihood that a
threat will exploit a vulnerability
27.In which cloud service model is the customer required to maintain
the OS?: IaaS
28.In which cloud service model is the customer required to maintain
and update only the applications?: PaaS
, 29.In which cloud service model is the customer only responsible for
the data?: SaaS
