C838 - Managing Cloud Security Final OA! 300 Questions With
Complete Solutions
1. drive security decisions.: business requirements
2. All of these are reasons because of which an organization may want to
consider cloud migration, except:: Elimination of risks
3. The generally accepted definition of cloud computing includes all of the
following characteristics except:: negating the need for backups
4. When a cloud customer uploads PII to a cloud provider, who becomes
ultimately responsible for the security of that PII?: cloud customer
5. We use which of the following to determine the critical paths, processes,
and assets of an organization?: BIA
6. If a service or solution does not meet all of the specified key characteristics
listed below, it is said to be not true cloud computing. Please select the valid
cloud computing characteristics out of the terms identified below.
Each correct answer represents a complete solution. Choose all that apply.: -
On-demand self-service
Broad network access
Resource pooling
measured service
7. All of these technologies have made cloud service viable except:: smart
hubs
8. The cloud deployment model that features organizational ownership of the
hardware and infrastructure, and usage only by members of that organization,
is known as:: private
9. The cloud deployment model that features ownership by a cloud provider,
with services offered to anyone who wants to subscribe, is known as::
Public
10. The cloud deployment model that features joint ownership of assets
among an affinity group is known as:: Community
11. If a cloud customer wants a secure, isolated sandbox in order to conduct
software development and testing, which cloud service model would probably
be best?: PaaS
12. If a cloud customer wants a fully-operational environment with very little
maintenance or administration necessary, which cloud service model would
probably be best?: SaaS
13. If a cloud customer wants a bare-bones environment in which to replicate
their own enterprise for BC/DR purposes, which cloud service model would
probably be best?: IaaS
, C838 - Managing Cloud Security Final OA! 300 Questions With
Complete Solutions
14. Which of the following is not a common cloud service model?: Program-
ming as a Service
, C838 - Managing Cloud Security Final OA! 300 Questions With
Complete Solutions
15. Cloud Access Security Brokers (CASBs) might offer all the following ser-
vices EXCEPT:: BC / DR / COOP
16. If a cloud customer cannot get access to the cloud provider, this affects
what portion of the CIA triad?: Availability
17. All of the following can result in vendor lock-in except:: Statutory
compli- ance
18. The risk that a cloud provider might go out of business and the cloud
customer might not be able to recover data is known as:: vendor lock-
out
19. All of these are features of cloud computing except:: Reversed charging
configuration
20. Cloud vendors are held to contractual obligations with specified metrics
by:: SLAs
21. Gathering business requirements can aid the organization in determining
all of this information about organizational assets, except:: Usefulness
22. The BIA can be used to provide information about all of the following,
except:: Secure Acquisition
23. Risk appetite for an organization is determined by which of the following?-
: Senior management
24. What is the risk left over after controls and countermeasures are put in
place?: Residual
25. All the following are ways of addressing risk, except:: Reversal
26. Which of the following best describes risk?: The likelihood that a
threat will exploit a vulnerability
27. In which cloud service model is the customer required to maintain the
OS?: IaaS
28. In which cloud service model is the customer required to maintain and
update only the applications?: PaaS
29. In which cloud service model is the customer only responsible for the
data?: SaaS
30. The cloud customer and provider negotiate their respective responsibili-
ties and rights regarding the capabilities and data of the cloud service. Where
is the eventual agreement codified?: Contract
31. In attempting to provide a layered defense, the security practitioner should
convince senior management to include security controls of which type?:
All of These
, C838 - Managing Cloud Security Final OA! 300 Questions With
Complete Solutions
(Technological, Physical, Administrative)
32. Which of the following is considered an administrative control?: Access
control process
Complete Solutions
1. drive security decisions.: business requirements
2. All of these are reasons because of which an organization may want to
consider cloud migration, except:: Elimination of risks
3. The generally accepted definition of cloud computing includes all of the
following characteristics except:: negating the need for backups
4. When a cloud customer uploads PII to a cloud provider, who becomes
ultimately responsible for the security of that PII?: cloud customer
5. We use which of the following to determine the critical paths, processes,
and assets of an organization?: BIA
6. If a service or solution does not meet all of the specified key characteristics
listed below, it is said to be not true cloud computing. Please select the valid
cloud computing characteristics out of the terms identified below.
Each correct answer represents a complete solution. Choose all that apply.: -
On-demand self-service
Broad network access
Resource pooling
measured service
7. All of these technologies have made cloud service viable except:: smart
hubs
8. The cloud deployment model that features organizational ownership of the
hardware and infrastructure, and usage only by members of that organization,
is known as:: private
9. The cloud deployment model that features ownership by a cloud provider,
with services offered to anyone who wants to subscribe, is known as::
Public
10. The cloud deployment model that features joint ownership of assets
among an affinity group is known as:: Community
11. If a cloud customer wants a secure, isolated sandbox in order to conduct
software development and testing, which cloud service model would probably
be best?: PaaS
12. If a cloud customer wants a fully-operational environment with very little
maintenance or administration necessary, which cloud service model would
probably be best?: SaaS
13. If a cloud customer wants a bare-bones environment in which to replicate
their own enterprise for BC/DR purposes, which cloud service model would
probably be best?: IaaS
, C838 - Managing Cloud Security Final OA! 300 Questions With
Complete Solutions
14. Which of the following is not a common cloud service model?: Program-
ming as a Service
, C838 - Managing Cloud Security Final OA! 300 Questions With
Complete Solutions
15. Cloud Access Security Brokers (CASBs) might offer all the following ser-
vices EXCEPT:: BC / DR / COOP
16. If a cloud customer cannot get access to the cloud provider, this affects
what portion of the CIA triad?: Availability
17. All of the following can result in vendor lock-in except:: Statutory
compli- ance
18. The risk that a cloud provider might go out of business and the cloud
customer might not be able to recover data is known as:: vendor lock-
out
19. All of these are features of cloud computing except:: Reversed charging
configuration
20. Cloud vendors are held to contractual obligations with specified metrics
by:: SLAs
21. Gathering business requirements can aid the organization in determining
all of this information about organizational assets, except:: Usefulness
22. The BIA can be used to provide information about all of the following,
except:: Secure Acquisition
23. Risk appetite for an organization is determined by which of the following?-
: Senior management
24. What is the risk left over after controls and countermeasures are put in
place?: Residual
25. All the following are ways of addressing risk, except:: Reversal
26. Which of the following best describes risk?: The likelihood that a
threat will exploit a vulnerability
27. In which cloud service model is the customer required to maintain the
OS?: IaaS
28. In which cloud service model is the customer required to maintain and
update only the applications?: PaaS
29. In which cloud service model is the customer only responsible for the
data?: SaaS
30. The cloud customer and provider negotiate their respective responsibili-
ties and rights regarding the capabilities and data of the cloud service. Where
is the eventual agreement codified?: Contract
31. In attempting to provide a layered defense, the security practitioner should
convince senior management to include security controls of which type?:
All of These
, C838 - Managing Cloud Security Final OA! 300 Questions With
Complete Solutions
(Technological, Physical, Administrative)
32. Which of the following is considered an administrative control?: Access
control process
