Cloud Practice Exam 1

#1. Removing the telltale nonspecific identifiers is called? (Data must be marked as sensitive when it is created)

Obfuscation

Randomization

Masking

Anonymization

#2. ITAR is a Department of State program. EAR is a Commerce Department program, True or False?

True

False

#3. Forces executives to oversee all accounting practices, it also holds them accountable for fraudulent/deceptive activity.

Sarbanes–Oxley Act (SOX)

Payment Card industry (PCI)

Directive 95/46/EC

NIST 800-53

Gramm-Leach-Bliley Act

#4. Used for publicly high-level report by an independent CPA, a SOC engagement was performed.

Type 1

SOC 1

SOC 2

Type 2

SOC 3

#5. Protection of consumer media, such as music, publications, video, movies, and so on, is known as what.

Information Rights Management (IRM)

Media Rights Management (MDM)

Metadata Rights Management (MRM)

Data Rights Management (DRM)

#6. Includes visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document

Design patterns

Conceptual models or frameworks

Reference architectures

Controls models or frameworks

#7. Keys are maintained and controlled by the customer at their own location. This offers the highest degree of security for the customer.

Remote Key Management

External Key Management

Client-side key management

Customer key management

#8. Cloud Data Access Controls include all but the following.

Management plane

Application level controls

Private Access Controls

Public and internal sharing controls

#9. Acts as the glue that binds the technologies together and enables management and configuration remotely of a customer’s cloud environment.

Metastructure

Infostructure

Applistructure

Infastructure

#10. Legal Frameworks Governing Data Protection and Privacy are rooted primarily in location of cloud provider,cloud user, data subject and servers, True or False?

True

False

#11. Rackspace, Microsoft’s Azure, and Amazon Web Services (AWS) are examples of?

Private Cloud

PaaS

SaaS

Public Cloud

#12. A customer uses Private cloud resources for their legacy production environment, accessed remotely by their users, but also employs PaaS function for software development/testing, away from the production environment.

Hybrid Cloud

Public Cloud

Community Cloud

Private Cloud

IaaS

#13. Cryptographic erasure (cryptoshredding) should be used during this phase of the data life cycle.

Destroy

Store

Use

Create

Share

#14. A set of resources (racks, blades, software packages) owned by the single customer but located and maintained at the cloud provider’s data center is a part of?

IaaS

Private Cloud

SaaS

Public Cloud

#15. What is the second stage of the data life cycle?

Create

#16. Reusable solutions to particular problems. In security, an example is IaaS log management.

Design patterns

Controls models or frameworks

Reference architectures

Conceptual models or frameworks

#17. Cloud Data Storage Types include all but the following.

Database

Volume storage

Application/platform

File Storage

Object storage

#18. A community cloud can also be provisioned by a third party on behalf of the various members of the community. (FEDramp cloud) True or False?

True

False

#19. A standard template for cloud providers to document their security and compliance controls is known as?

Cloud Access Security Broker (CASB)

Content Delivery Network (CDN)

Consensus Assessment Initiative Questionnaire (CAIQ)

Cloud Controls Matrix (CCM

#20. Transparent Database Encryption (TDE) is used in which of the Cloud Service Models.

IaaS

Private Cloud

SaaS

PaaS

#21. Multitenant environments; multiple customers will share the underlying resources that are owned and operated by the provider.

SaaS

Public Cloud

PaaS

IaaS

Private Cloud

#22. The Act on the Protection of Personal Information (APPI), adopted as early as 2003, was one of the first data protection regulations in Asia.

Japan

Canada

Russia

Europe

United States

#23. a visual representation that helps to illustrate the expected relationship between cause and effect in a financial context

Controls model

Controls Matrix Model

Reference Model

Conceptual Model

#24. Data retention policies covers all of the following except.

Format of the Stored Data

Accessibility of Archives

Cost

Storage Technologies

Duration of Data Storage

#25. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Public Cloud

Hybrid Cloud

Private Cloud

Community Cloud

#26. Responsible for peering with other cloud services and providers, as well as overseeing and managing federations and federated services.

Cloud Service Provider (CSP)

Cloud Access Security Broker (CASB

Inter-Cloud Provider

Cloud Broker

#27. The amount of data a company would need to maintain and recover in order to function at a level acceptable to management is known as.

recovery point objective (RPO)

recovery service level (RSL)

data recovery implementation

recovery point level (RPL)

#28. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns. It may be managed by the organizations or by a third party and may be located on-premises or off-premises.

Public Cloud

Hybrid Cloud

Community Cloud

Private Cloud

#29. Privacy laws are either Omnibus-covers all categories of personal data or sectoral;covers only specific categories of personal data. True or False

True

False

#30. Used for an inspection of the operating effectiveness of the controls.

SOC 2

Type 2

Type 1

SOC 3

SOC 1

#31. General Data Protection Regulation (GDPR) includes the following except.

Encryption Standards

Data Subjects’ Rights:

Accountability Obligations

Cross-border Data Transfer Restrictions

Breaches of Security

Discrepancies among Member States:

Sanctions

#32. General Data Protection Regulation (GDPR)

Applies to the processing of personal data in the EU/EEA

Applies to the processing of personal data in the Japan

Applies to the processing of personal data in the Canada

Applies to the processing of personal data in the Australia

#33. The cloud infrastructure is a composition of two or more clouds (private,community, or public) enables data and application portability.

Private Cloud

IaaS

Community Cloud

Hybrid Cloud

Public Cloud

#34. Widely considered to be the gold standard when it comes to security of information systems and their data.

FIPS 140-2

ISO 27001, (27001:2013)

NIST 800-53

Directive 95/46/EC of the European (Data Protection Directive)

#35. Targets US financial and insurance institutions and requires them to protect account holders’ private information.

FIPS 140-5

Gramm-Leach-Bliley Act

NIST 800-53

Sarbanes–Oxley Act (SOX)

FIPS 140-2

Refresh The Page to Try Again!!!

#1. Removing the telltale nonspecific identifiers is called? (Data must be marked as sensitive when it is created)

#2. ITAR is a Department of State program. EAR is a Commerce Department program, True or False?

#3. Forces executives to oversee all accounting practices, it also holds them accountable for fraudulent/deceptive activity.

#4. Used for publicly high-level report by an independent CPA, a SOC engagement was performed.

#5. Protection of consumer media, such as music, publications, video, movies, and so on, is known as what.

#6. Includes visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document

#7. Keys are maintained and controlled by the customer at their own location. This offers the highest degree of security for the customer.

#8. Cloud Data Access Controls include all but the following.

#9. Acts as the glue that binds the technologies together and enables management and configuration remotely of a customer’s cloud environment.

#10. Legal Frameworks Governing Data Protection and Privacy are rooted primarily in location of cloud provider,cloud user, data subject and servers, True or False?

#11. Rackspace, Microsoft’s Azure, and Amazon Web Services (AWS) are examples of?

#12. A customer uses Private cloud resources for their legacy production environment, accessed remotely by their users, but also employs PaaS function for software development/testing, away from the production environment.

#13. Cryptographic erasure (cryptoshredding) should be used during this phase of the data life cycle.

#14. A set of resources (racks, blades, software packages) owned by the single customer but located and maintained at the cloud provider’s data center is a part of?

#15. What is the second stage of the data life cycle?

#16. Reusable solutions to particular problems. In security, an example is IaaS log management.

#17. Cloud Data Storage Types include all but the following.

#18. A community cloud can also be provisioned by a third party on behalf of the various members of the community. (FEDramp cloud) True or False?

#19. A standard template for cloud providers to document their security and compliance controls is known as?

#20. Transparent Database Encryption (TDE) is used in which of the Cloud Service Models.

#21. Multitenant environments; multiple customers will share the underlying resources that are owned and operated by the provider.

#22. The Act on the Protection of Personal Information (APPI), adopted as early as 2003, was one of the first data protection regulations in Asia.

#23. a visual representation that helps to illustrate the expected relationship between cause and effect in a financial context

#24. Data retention policies covers all of the following except.

#25. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

#26. Responsible for peering with other cloud services and providers, as well as overseeing and managing federations and federated services.

#27. The amount of data a company would need to maintain and recover in order to function at a level acceptable to management is known as.

#28. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns. It may be managed by the organizations or by a third party and may be located on-premises or off-premises.

#29. Privacy laws are either Omnibus-covers all categories of personal data or sectoral;covers only specific categories of personal data. True or False

#30. Used for an inspection of the operating effectiveness of the controls.

#31. General Data Protection Regulation (GDPR) includes the following except.

#32. General Data Protection Regulation (GDPR)

#33. The cloud infrastructure is a composition of two or more clouds (private,community, or public) enables data and application portability.

#34. Widely considered to be the gold standard when it comes to security of information systems and their data.

#35. Targets US financial and insurance institutions and requires them to protect account holders’ private information.

Results

Disclaimer

Facebook

Cloud Practice Exam 1

Refresh The Page to Try Again!!!

#1. Removing the telltale nonspecific identifiers is called? (Data must be marked as sensitive when it is created)

#2. ITAR is a Department of State program. EAR is a Commerce Department program, True or False?

#3. Forces executives to oversee all accounting practices, it also holds them accountable for fraudulent/deceptive activity.

#4. Used for publicly high-level report by an independent CPA, a SOC engagement was performed.

#5. Protection of consumer media, such as music, publications, video, movies, and so on, is known as what.

#6. Includes visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document

#7. Keys are maintained and controlled by the customer at their own location. This offers the highest degree of security for the customer.

#8. Cloud Data Access Controls include all but the following.

#9. Acts as the glue that binds the technologies together and enables management and configuration remotely of a customer’s cloud environment.

#10. Legal Frameworks Governing Data Protection and Privacy are rooted primarily in location of cloud provider,cloud user, data subject and servers, True or False?

#11. Rackspace, Microsoft’s Azure, and Amazon Web Services (AWS) are examples of?

#12. A customer uses Private cloud resources for their legacy production environment, accessed remotely by their users, but also employs PaaS function for software development/testing, away from the production environment.

#13. Cryptographic erasure (cryptoshredding) should be used during this phase of the data life cycle.

#14. A set of resources (racks, blades, software packages) owned by the single customer but located and maintained at the cloud provider’s data center is a part of?

#15. What is the second stage of the data life cycle?

#16. Reusable solutions to particular problems. In security, an example is IaaS log management.

#17. Cloud Data Storage Types include all but the following.

#18. A community cloud can also be provisioned by a third party on behalf of the various members of the community. (FEDramp cloud) True or False?

#19. A standard template for cloud providers to document their security and compliance controls is known as?

#20. Transparent Database Encryption (TDE) is used in which of the Cloud Service Models.

#21. Multitenant environments; multiple customers will share the underlying resources that are owned and operated by the provider.

#22. The Act on the Protection of Personal Information (APPI), adopted as early as 2003, was one of the first data protection regulations in Asia.

#23. a visual representation that helps to illustrate the expected relationship between cause and effect in a financial context

#24. Data retention policies covers all of the following except.

#25. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

#26. Responsible for peering with other cloud services and providers, as well as overseeing and managing federations and federated services.

#27. The amount of data a company would need to maintain and recover in order to function at a level acceptable to management is known as.

#28. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns. It may be managed by the organizations or by a third party and may be located on-premises or off-premises.

#29. Privacy laws are either Omnibus-covers all categories of personal data or sectoral;covers only specific categories of personal data. True or False

#30. Used for an inspection of the operating effectiveness of the controls.

#31. General Data Protection Regulation (GDPR) includes the following except.

#32. General Data Protection Regulation (GDPR)

#33. The cloud infrastructure is a composition of two or more clouds (private,community, or public) enables data and application portability.

#34. Widely considered to be the gold standard when it comes to security of information systems and their data.

#35. Targets US financial and insurance institutions and requires them to protect account holders’ private information.

Results

Share this: