APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.
A. False
B. True
Use elastic servers when possible and move workloads to new instances.
A. False
B. True
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?
A. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
B. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.
C. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
E. Both B and D.
CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?
A. Submit the CCM on behalf of the CSP to CSA Security, Trust and Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs
B. Use CCM to build a detailed list of requirements and controls that they want their CSP to implement
C. Use CCM to help assess the risk associated with the CSP
D. None of the above
What of the following is NOT an essential characteristic of cloud computing?
A. Broad Network Access
B. Measured Service
C. Third Party Service
D. Rapid Elasticity
E. Resource Pooling
ENISA: Licensing Risks refer to:
A. Use of country-issued drivers licenses for user identification
B. Cloud provider employees not maintaining operating system license files
C. Risk that software company may go out of business, leading to expiration of licenses for mission critical software
D. A traditional software licensing scheme may lead to high costs or lack of compliance in cloud systems
E. Cloud provider may not have all appropriate government operating licenses
What factor(s), if any, allows for more efficient and effective containment and recovery in a cloud environment than in a non-cloud environment.
A. encrypted data files
B. no part of incident response is easier in a cloud environment
C. frequent backup routines
D. multitenancy and software as a service models
E. Virtualization technologies, and the elasticity inherent in cloud computing platforms
While the cloud consumer is responsible for implementing the security controls, the cloud provider implements the security of the workload.
A. True
B. False
You have a business relationship with a cloud provider for all sales management functionality. Through the APIs and SDKs, you have customized the interface and some functionality, but the back end service is done through the cloud provider. In this relationship, which service is completed by the cloud provider?
A. Software-as-a-service (SaaS)
B. Platform-as-a-service (PaaS)
C. Desktop-as-a-service (DaaS)
D. Infrastructure-as-a-service (IaaS)
E. Identity-as-a-service (IDaaS)
At a minimum, how often should incident response testing occur?
A. Monthly
B. Quarterly
C. Whenever an event occurs
D. Semi-annually
E. Annually and whenever a significant change occurs