Cloud Practice Exam 2

#1. Which of the following is incorrect as it pertains to SaaS cloud service responsibilities.

Provider is responsible for Application Security

Provider is responsible for Network Security

Provider is responsible for Data Governance

Provider is responsible for Operating System

Provider is responsible off-premise physical Security

#2. Relevant industry best practices, global standards, and regulations can be used to assist in building a cloud governance framework. True or False.

True

False

#3. Three layers of a SAN include all except.

Host Layer

Fabric Layer

Mac Layer

Storage Layer

#4. In which phase of the Data Lifecycle does Classifications and Entitlements occur?

Store

Use

Create

Share

Destroy

#5. The ability for system components to work together to deliver a service is called.

Data Mobility

Portability

Interoperability

Lock-In

#6. Allows for a logical grouping of ports or nodes that restricts certain hosts to accessing only specified storage devices

LUN Masking

Scaling

Zoning

Obfuscating

#7. An architectural concept that enables centralized management and emphasizes the role of software in running networks to dynamically control, change, and manage network behavior.

Content Delivery Network

Software Defined Network

VLAN

VXLAN

#8. This publicly available high-level SOC report contains a statement from an independent CPA that a SOC engagement was performed.

SOC3

SOC1

SOC2

Type1

#9. Which of the following is not one of the five Trust Services Criteria that a CSP will attest to.

Security

Availability

Confidentiality

Process Integrity

Portability

Privacy

#10. A point-in-time look at the design of the controls is known as?

Type 1

Type 2

SOC 3

SOC 2

#11. Private cloud governance depends on who owns and operates the private cloud: If you outsource a private cloud, governance changes. True or False

True

False

#12. Which of the following is not a benefit of SDN Security.

Isolation

SDN firewalls

Deny by default

Identification tags

Network attacks

They are all benefits of SDN security

#13. Providers will usually encrypt all customer data at which level.

Metastructure

Logical

Physical

Infostructure

#14. What are the two main protocols used in SAN Traffic.

Select all that apply:

TCP

UDP

FCoE

iSCSI

#15. Data classification will often rely on metadata (data about the data) such as tags and labels that define the classification level of the data and how it should be handled and controlled. True or False.

False

True

#16. Which of the following is NOT considered a part of Common Criteria?

Organization and Management

Logical and Physical Access Controls

Management Plane API's

Risk Management and Design and Implementation of Controls

Communications

Systems Operations

#17. Which of the following is not one of the four NIST/ISO/IEC deployment models.

Public

Private

Hybrid

Community

Intercloud

#18. Which Layer of the SAN does network devices include switches, routers, bridges, gateways, and even cables reside?

Storage Layer

Fabric Layer

Host Layer

Management Layer

#19. A bastion network can be defined as a network that data must go through in order to get to a destination, True or False

False

True

#20. Audits generally include some two forms of testing. Which include the following. (pick two)

Select all that apply:

compliance testing

application testing

substantive testing

encryption testing

#21. Software Defined Network consist of which three planes except.

Control

Management

Physical (Hardware)

Virtual

#22. Compute virtualization abstracts the running of code (including operating systems) from the underlying hardware. True or False

True

False

#23. Many cloud breaches attack those who maintain the cloud, not just the application running in the cloud. True or False

False

True

#24. Which of the following can be used for VA testing in larger environments and allows for replication of the production environment.

infrastructure as code (IaC)

Dynamic application security testing

Static application security testing

regression testing

#25. When using immutable servers, you should disable remote access and integrate file integrity monitoring because nothing in the running instances should change. True or False.

True

False

#26. IaaS volumes can be encrypted using different methods,except.

Instance-managed encryption

Externally managed encryption

Client-side encryption

Application layer encryption

Server-side encryption

#27. Volatile memory contains all kinds of potentially sensitive information, who responsible for ensuring strong isolation of volatile memory in the cloud.

Provider

Customer

Both

#28. Performing Vulnerability assessments with agents installed on the server is the best approach in cloud security. True or False

True

False

#29. With immutable servers, you can increase security by patching and testing images and replacing non-patched instances built off the newly patched image. True of False with new

True

False

#30. In order to implement the Immutable Workloads approach you would need the following except.

A provider that supports this approach

Determine how security testing of the images themselves will be performed

Logging and log retention

appropriate asset management

All of these will be required.

#31. Compliance testing is used to determine whether controls have been properly designed and implemented. And to determine whether the controls are operating properly. True or False

False

True

#32. The primary security responsibilities of the cloud provider in compute virtualization are to enforce isolation and maintain a secure virtualization infrastructure. True or False.

True

False

#33. The CCM and EU GDPR are best practices and/or standards that can be leveraged to create a cloud governance framework. True or False?

False

True

#34. According to the AICPA, a system comprises the following components except?

Data

Auditing

Software

Infrastructure

People

#35. By placing an encryption proxy in a trusted area between the cloud user and the cloud provider you will ensure the data transfer is secure, True or False

False

True

Refresh the Page to Try Again!!!

Results

#1. Which of the following is incorrect as it pertains to SaaS cloud service responsibilities.

#2. Relevant industry best practices, global standards, and regulations can be used to assist in building a cloud governance framework. True or False.

#3. Three layers of a SAN include all except.

#4. In which phase of the Data Lifecycle does Classifications and Entitlements occur?

#5. The ability for system components to work together to deliver a service is called.

#6. Allows for a logical grouping of ports or nodes that restricts certain hosts to accessing only specified storage devices

#7. An architectural concept that enables centralized management and emphasizes the role of software in running networks to dynamically control, change, and manage network behavior.

#8. This publicly available high-level SOC report contains a statement from an independent CPA that a SOC engagement was performed.

#9. Which of the following is not one of the five Trust Services Criteria that a CSP will attest to.

#10. A point-in-time look at the design of the controls is known as?

#11. Private cloud governance depends on who owns and operates the private cloud: If you outsource a private cloud, governance changes. True or False

#12. Which of the following is not a benefit of SDN Security.

#13. Providers will usually encrypt all customer data at which level.

#14. What are the two main protocols used in SAN Traffic.

#15. Data classification will often rely on metadata (data about the data) such as tags and labels that define the classification level of the data and how it should be handled and controlled. True or False.

#16. Which of the following is NOT considered a part of Common Criteria?

#17. Which of the following is not one of the four NIST/ISO/IEC deployment models.

#18. Which Layer of the SAN does network devices include switches, routers, bridges, gateways, and even cables reside?

#19. A bastion network can be defined as a network that data must go through in order to get to a destination, True or False

#20. Audits generally include some two forms of testing. Which include the following. (pick two)

#21. Software Defined Network consist of which three planes except.

#22. Compute virtualization abstracts the running of code (including operating systems) from the underlying hardware. True or False

#23. Many cloud breaches attack those who maintain the cloud, not just the application running in the cloud. True or False

#24. Which of the following can be used for VA testing in larger environments and allows for replication of the production environment.

#25. When using immutable servers, you should disable remote access and integrate file integrity monitoring because nothing in the running instances should change. True or False.

#26. IaaS volumes can be encrypted using different methods,except.

#27. Volatile memory contains all kinds of potentially sensitive information, who responsible for ensuring strong isolation of volatile memory in the cloud.

#28. Performing Vulnerability assessments with agents installed on the server is the best approach in cloud security. True or False

#29. With immutable servers, you can increase security by patching and testing images and replacing non-patched instances built off the newly patched image. True of False with new

#30. In order to implement the Immutable Workloads approach you would need the following except.

#31. Compliance testing is used to determine whether controls have been properly designed and implemented. And to determine whether the controls are operating properly. True or False

#32. The primary security responsibilities of the cloud provider in compute virtualization are to enforce isolation and maintain a secure virtualization infrastructure. True or False.

#33. The CCM and EU GDPR are best practices and/or standards that can be leveraged to create a cloud governance framework. True or False?

#34. According to the AICPA, a system comprises the following components except?

#35. By placing an encryption proxy in a trusted area between the cloud user and the cloud provider you will ensure the data transfer is secure, True or False

Disclaimer

Facebook

Cloud Practice Exam 2

Refresh the Page to Try Again!!!

Results

#1. Which of the following is incorrect as it pertains to SaaS cloud service responsibilities.

#2. Relevant industry best practices, global standards, and regulations can be used to assist in building a cloud governance framework. True or False.

#3. Three layers of a SAN include all except.

#4. In which phase of the Data Lifecycle does Classifications and Entitlements occur?

#5. The ability for system components to work together to deliver a service is called.

#6. Allows for a logical grouping of ports or nodes that restricts certain hosts to accessing only specified storage devices

#7. An architectural concept that enables centralized management and emphasizes the role of software in running networks to dynamically control, change, and manage network behavior.

#8. This publicly available high-level SOC report contains a statement from an independent CPA that a SOC engagement was performed.

#9. Which of the following is not one of the five Trust Services Criteria that a CSP will attest to.

#10. A point-in-time look at the design of the controls is known as?

#11. Private cloud governance depends on who owns and operates the private cloud: If you outsource a private cloud, governance changes. True or False

#12. Which of the following is not a benefit of SDN Security.

#13. Providers will usually encrypt all customer data at which level.

#14. What are the two main protocols used in SAN Traffic.

#15. Data classification will often rely on metadata (data about the data) such as tags and labels that define the classification level of the data and how it should be handled and controlled. True or False.

#16. Which of the following is NOT considered a part of Common Criteria?

#17. Which of the following is not one of the four NIST/ISO/IEC deployment models.

#18. Which Layer of the SAN does network devices include switches, routers, bridges, gateways, and even cables reside?

#19. A bastion network can be defined as a network that data must go through in order to get to a destination, True or False

#20. Audits generally include some two forms of testing. Which include the following. (pick two)

#21. Software Defined Network consist of which three planes except.

#22. Compute virtualization abstracts the running of code (including operating systems) from the underlying hardware. True or False

#23. Many cloud breaches attack those who maintain the cloud, not just the application running in the cloud. True or False

#24. Which of the following can be used for VA testing in larger environments and allows for replication of the production environment.

#25. When using immutable servers, you should disable remote access and integrate file integrity monitoring because nothing in the running instances should change. True or False.

#26. IaaS volumes can be encrypted using different methods,except.

#27. Volatile memory contains all kinds of potentially sensitive information, who responsible for ensuring strong isolation of volatile memory in the cloud.

#28. Performing Vulnerability assessments with agents installed on the server is the best approach in cloud security. True or False

#29. With immutable servers, you can increase security by patching and testing images and replacing non-patched instances built off the newly patched image. True of False with new

#30. In order to implement the Immutable Workloads approach you would need the following except.

#31. Compliance testing is used to determine whether controls have been properly designed and implemented. And to determine whether the controls are operating properly. True or False

#32. The primary security responsibilities of the cloud provider in compute virtualization are to enforce isolation and maintain a secure virtualization infrastructure. True or False.

#33. The CCM and EU GDPR are best practices and/or standards that can be leveraged to create a cloud governance framework. True or False?

#34. According to the AICPA, a system comprises the following components except?

#35. By placing an encryption proxy in a trusted area between the cloud user and the cloud provider you will ensure the data transfer is secure, True or False

Share this: