Cloud Practice Exam 1

#1. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns. It may be managed by the organizations or by a third party and may be located on-premises or off-premises.

Hybrid Cloud

Private Cloud

Public Cloud

Community Cloud

#2. Widely considered to be the gold standard when it comes to security of information systems and their data.

NIST 800-53

ISO 27001, (27001:2013)

FIPS 140-2

Directive 95/46/EC of the European (Data Protection Directive)

#3. Provides development or application platforms, such as databases, application platforms (e.g. a place to run Python, PHP, or other code),

Community Cloud

Private Cloud

SaaS

Paas

IaaS

#4. The cloud infrastructure is a composition of two or more clouds (private,community, or public) enables data and application portability.

Community Cloud

Hybrid Cloud

IaaS

Private Cloud

Public Cloud

#5. Which of the following is not one of the five Cloud Characteristics?

Rapid elasticity

They are all Cloud Characteristics

On-demand self-service

Measured or “metered” service

Resource pooling

Broad network access

#6. Experiences Data lock-in, in the same way as in SaaS, but in this case the onus is completely on the customer to create compatible export routines.

Community Cloud

IaaS

PaaS

SaaS

#7. Establishes a framework to enable networks and information systems to resist, at a given level of confidence, actions that compromise the availability, authenticity, integrity, or confidentiality of stored data.

Network Information Security Directive (NIS Directive)

Directive 95/46/EC of the European (Data Protection Directive)

Sarbanes–Oxley Act (SOX)

The Gramm-Leach-Bliley Act

#8. A guidance document with the primary goal of ensuring that appropriate security requirements and controls are applied to all US federal government information in information management systems

NIST 800-53

Payment Card industry (PCI)

Sarbanes–Oxley Act (SOX)

SOC 1

Gramm-Leach-Bliley Act

#9. The key difference between cloud and traditional computing is the metastructure. True or False.

True

False

#10. The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.

Infrastructure

Infostructure

Metastructure:

Applistructure

#11. What is the fourth stage of the data life cycle?

Share

Store

Destroy

#12. Detects application vulnerabilities by scanning the source code and binaries to detect problems before the code is loaded into memory and run

Encrypting Application security testing (EAST)

Dynamic Application Security Testing (DAST)

Static application security testing (SAST)

#13. Uses templates for implementing cloud security, typically generalized (e.g. an IaaS security reference architecture). They can be very abstract, bordering on conceptual, or quite detailed, down to specific controls and functions.

Design patterns

Reference architectures

Conceptual models or frameworks

Controls models or frameworks

#14. A standard template for cloud providers to document their security and compliance controls is known as?

Consensus Assessment Initiative Questionnaire (CAIQ)

Cloud Controls Matrix (CCM

Cloud Access Security Broker (CASB)

Content Delivery Network (CDN)

#15. Includes visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document

Reference architectures

Design patterns

Controls models or frameworks

Conceptual models or frameworks

#16. Targets US financial and insurance institutions and requires them to protect account holders’ private information.

Sarbanes–Oxley Act (SOX)

Gramm-Leach-Bliley Act

NIST 800-53

FIPS 140-5

FIPS 140-2

#17. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Public Cloud

Community Cloud

Hybrid Cloud

Private Cloud

#18. Privacy laws are either Omnibus-covers all categories of personal data or sectoral;covers only specific categories of personal data. True or False

True

False

#19. Allows customers to maintain separation between data at rest and encryption keys while still leveraging the power of cloud for compute and analytics.

External key management

Client-side key management

Customer key management

Remote key management

#20. Legal Frameworks Governing Data Protection and Privacy are rooted primarily in location of cloud provider,cloud user, data subject and servers, True or False?

True

False

#21. Forces executives to oversee all accounting practices, it also holds them accountable for fraudulent/deceptive activity.

Sarbanes–Oxley Act (SOX)

Payment Card industry (PCI)

NIST 800-53

Gramm-Leach-Bliley Act

Directive 95/46/EC

#22. General Data Protection Regulation (GDPR) includes the following except.

Cross-border Data Transfer Restrictions

Accountability Obligations

Sanctions

Discrepancies among Member States:

Encryption Standards

Data Subjects’ Rights:

Breaches of Security

#23. A content delivery network (CDN) is a form of data caching, usually near geophysical locations of high use/demand, for copies of data commonly requested by user. True or False

False

True

#24. Acts as the glue that binds the technologies together and enables management and configuration remotely of a customer’s cloud environment.

Infastructure

Applistructure

Metastructure

Infostructure

#25. The amount of data a company would need to maintain and recover in order to function at a level acceptable to management.

Acceptable Use Policy

recovery point objective (RPO)

recovery file assessment

recovery service level (RSL)

#26. Outsourcing Key Management Keys should be stored with the data they’re protecting. True or False

True

False

#27. What are the six stages of the Data Life Cycle?

Create,Archive,Destroy,Use,Store,Share

Archive,Destroy,Use,Store,Share,Create

Create,Store,Use,Share,Archive,Destroy

Store,Share,Create,Archive,Destroy,Use

#28. Includes cloud-based database engines and services such as data warehousing and datamining. (Big data)

IaaS

PaaS

SaaS

Public Cloud

#29. The five main phases in secure application design and development include the following except.

Develop

Define

Assign

Training

Test

Design

#30. Which of the following is NOT a Cloud security model?

Design patterns

Controls models or frameworks

Cloud Management Plane Framework

Conceptual models or frameworks

Reference architectures

#31. Cloud Data Storage Types include all but the following.

Application/platform

Volume storage

File Storage

Object storage

Database

#32. The core components of a computing system: compute, network, and storage is known as?

Infostructure

Applistructure

Infrastructure

Metastructure

#33. The three methods of data discovery are the following.

Dynamic. Transactional and Static

metadata, labels, and content analysis.

Data distribution, labels and e-discovery

preservation, dispersion and replication

#34. You must create and manage your own encryption keys, and you must use your own tools to encrypt data prior to sending it to Cloud Storage.

External key management

Client-side key management

Cloud key management

Remote key management

#35. ITAR is a Department of State program. EAR is a Commerce Department program, True or False?

True

False

Torque Bleu Media

Refresh The Page to Try Again!!!

#1. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns. It may be managed by the organizations or by a third party and may be located on-premises or off-premises.

#2. Widely considered to be the gold standard when it comes to security of information systems and their data.

#3. Provides development or application platforms, such as databases, application platforms (e.g. a place to run Python, PHP, or other code),

#4. The cloud infrastructure is a composition of two or more clouds (private,community, or public) enables data and application portability.

#5. Which of the following is not one of the five Cloud Characteristics?

#6. Experiences Data lock-in, in the same way as in SaaS, but in this case the onus is completely on the customer to create compatible export routines.

#7. Establishes a framework to enable networks and information systems to resist, at a given level of confidence, actions that compromise the availability, authenticity, integrity, or confidentiality of stored data.

#8. A guidance document with the primary goal of ensuring that appropriate security requirements and controls are applied to all US federal government information in information management systems

#9. The key difference between cloud and traditional computing is the metastructure. True or False.

#10. The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.

#11. What is the fourth stage of the data life cycle?

#12. Detects application vulnerabilities by scanning the source code and binaries to detect problems before the code is loaded into memory and run

#13. Uses templates for implementing cloud security, typically generalized (e.g. an IaaS security reference architecture). They can be very abstract, bordering on conceptual, or quite detailed, down to specific controls and functions.

#14. A standard template for cloud providers to document their security and compliance controls is known as?

#15. Includes visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document

#16. Targets US financial and insurance institutions and requires them to protect account holders’ private information.

#17. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

#18. Privacy laws are either Omnibus-covers all categories of personal data or sectoral;covers only specific categories of personal data. True or False

#19. Allows customers to maintain separation between data at rest and encryption keys while still leveraging the power of cloud for compute and analytics.

#20. Legal Frameworks Governing Data Protection and Privacy are rooted primarily in location of cloud provider,cloud user, data subject and servers, True or False?

#21. Forces executives to oversee all accounting practices, it also holds them accountable for fraudulent/deceptive activity.

#22. General Data Protection Regulation (GDPR) includes the following except.

#23. A content delivery network (CDN) is a form of data caching, usually near geophysical locations of high use/demand, for copies of data commonly requested by user. True or False

#24. Acts as the glue that binds the technologies together and enables management and configuration remotely of a customer’s cloud environment.

#25. The amount of data a company would need to maintain and recover in order to function at a level acceptable to management.

#26. Outsourcing Key Management Keys should be stored with the data they’re protecting. True or False

#27. What are the six stages of the Data Life Cycle?

#28. Includes cloud-based database engines and services such as data warehousing and datamining. (Big data)

#29. The five main phases in secure application design and development include the following except.

#30. Which of the following is NOT a Cloud security model?

#31. Cloud Data Storage Types include all but the following.

#32. The core components of a computing system: compute, network, and storage is known as?

#33. The three methods of data discovery are the following.

#34. You must create and manage your own encryption keys, and you must use your own tools to encrypt data prior to sending it to Cloud Storage.

#35. ITAR is a Department of State program. EAR is a Commerce Department program, True or False?

Results

Facebook

Cloud Practice Exam 1

Refresh The Page to Try Again!!!

#1. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns. It may be managed by the organizations or by a third party and may be located on-premises or off-premises.

#2. Widely considered to be the gold standard when it comes to security of information systems and their data.

#3. Provides development or application platforms, such as databases, application platforms (e.g. a place to run Python, PHP, or other code),

#4. The cloud infrastructure is a composition of two or more clouds (private,community, or public) enables data and application portability.

#5. Which of the following is not one of the five Cloud Characteristics?

#6. Experiences Data lock-in, in the same way as in SaaS, but in this case the onus is completely on the customer to create compatible export routines.

#7. Establishes a framework to enable networks and information systems to resist, at a given level of confidence, actions that compromise the availability, authenticity, integrity, or confidentiality of stored data.

#8. A guidance document with the primary goal of ensuring that appropriate security requirements and controls are applied to all US federal government information in information management systems

#9. The key difference between cloud and traditional computing is the metastructure. True or False.

#10. The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.

#11. What is the fourth stage of the data life cycle?

#12. Detects application vulnerabilities by scanning the source code and binaries to detect problems before the code is loaded into memory and run

#13. Uses templates for implementing cloud security, typically generalized (e.g. an IaaS security reference architecture). They can be very abstract, bordering on conceptual, or quite detailed, down to specific controls and functions.

#14. A standard template for cloud providers to document their security and compliance controls is known as?

#15. Includes visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document

#16. Targets US financial and insurance institutions and requires them to protect account holders’ private information.

#17. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

#18. Privacy laws are either Omnibus-covers all categories of personal data or sectoral;covers only specific categories of personal data. True or False

#19. Allows customers to maintain separation between data at rest and encryption keys while still leveraging the power of cloud for compute and analytics.

#20. Legal Frameworks Governing Data Protection and Privacy are rooted primarily in location of cloud provider,cloud user, data subject and servers, True or False?

#21. Forces executives to oversee all accounting practices, it also holds them accountable for fraudulent/deceptive activity.

#22. General Data Protection Regulation (GDPR) includes the following except.

#23. A content delivery network (CDN) is a form of data caching, usually near geophysical locations of high use/demand, for copies of data commonly requested by user. True or False

#24. Acts as the glue that binds the technologies together and enables management and configuration remotely of a customer’s cloud environment.

#25. The amount of data a company would need to maintain and recover in order to function at a level acceptable to management.

#26. Outsourcing Key Management Keys should be stored with the data they’re protecting. True or False

#27. What are the six stages of the Data Life Cycle?

#28. Includes cloud-based database engines and services such as data warehousing and datamining. (Big data)

#29. The five main phases in secure application design and development include the following except.

#30. Which of the following is NOT a Cloud security model?

#31. Cloud Data Storage Types include all but the following.

#32. The core components of a computing system: compute, network, and storage is known as?

#33. The three methods of data discovery are the following.

#34. You must create and manage your own encryption keys, and you must use your own tools to encrypt data prior to sending it to Cloud Storage.

#35. ITAR is a Department of State program. EAR is a Commerce Department program, True or False?

Results

Share this: