142 If an organization wants to retain the most control of their assets in the cloud, which service and deployment model combination should they choose?Platform as a service (PaaS), communityInfrastructure as a service (IaaS), hybridSoftware as a service (SaaS), publicInfrastructure as a service (IaaS), private
143 If an organization wants to realize the most cost savings by reducing administrative overhead, which service and deployment model combination should they choose?Platform as a service (PaaS), communityInfrastructure as a service (IaaS), hybridSoftware as a service (SaaS), publicInfrastructure as a service (IaaS), private
CHAPTER 2 Domain 2: Cloud Data Security
In Domain 2, the exam outline focuses on the data owned by the cloud customer, hosted in the cloud. The domain discusses methods for securing the data, including specific tools and techniques.
1 In which of these options does the encryption engine reside within the application accessing the database?Transparent encryptionSymmetric-key encryptionApplication-level encryptionHomomorphic encryption
2 You are the security team leader for an organization that has an infrastructure as a service (IaaS) production environment hosted by a cloud provider. You want to implement an event monitoring (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) solution in your production environment in order to acquire better data for security defenses and decisions. Which of the following is probably your most significant concern about implementing this solution in the cloud?The solution should give you better analysis capability by automating a great deal of the associated tasks.Dashboards produced by the tool are a flawless management benefit.You will have to coordinate with the cloud provider to ensure that the tool is acceptable and functioning properly.Senior management will be required to approve the acquisition and implementation of the tool.
3 Which of the following is not a step in the crypto-shredding process?Encrypt data with a particular encryption engine.Encrypt first resulting keys with another encryption engine.Save backup of second resulting keys.Destroy original second resulting keys.
4 Which of the following sanitization methods is feasible for use in the cloud?Crypto-shreddingDegaussingPhysical destructionOverwriting
5 Which of the following is not a method for enhancing data portability?Crypto-shreddingUsing standard data formatsAvoiding proprietary servicesFavorable contract terms
6 When implementing a digital rights management (DRM) solution in a cloud environment, which of the following does not pose an additional challenge for the cloud customer?Users might be required to install a DRM agent on their local devices.DRM solutions might have difficulty interfacing with multiple different operating systems and services.DRM solutions might have difficulty interacting with virtualized instances.Ownership of intellectual property might be difficult to ascertain.
7 When implementing cryptography in a cloud environment, where is the worst place to store the keys?With the cloud providerOff the cloud, with the data ownerWith a third-party provider, in key escrowAnywhere but with the cloud provider
8 Which of the following is not a security concern related to archiving data for long-term storage?Long-term storage of the related cryptographic keysFormat of the dataMedia the data resides onUnderground depth of the storage facility
9 Data dispersion is a cloud data security technique that is most similar to which legacy implementation?Business continuity and disaster recovery (BC/DR)Redundant Array of Inexpensive Disks (RAID)Software-defined networking (SDN)Content delivery network (CDN)
10 Data dispersion uses _______________, where the traditional implementation is called “striping.”ChunkingVaultingLumpingGrouping
11 Data dispersion uses _______________, where the traditional implementation is called “parity bits.”SmurfingSnarfingErasure codingReal-time bitlinking
12 Data dispersion provides protection for all the following security aspects except _______________.Protecting confidentiality against external attack on the storage areaLoss of availability due to single-storage-device failureLoss due to seizure by law enforcement in a multitenant environmentProtecting against loss due to user error
13 Your organization is migrating the production environment to an infrastructure as a service (IaaS) cloud implementation. Your users will need to be able to get access to their data, install programs, and partition memory space for their own purposes. You should configure the cloud memory as _______________.ObjectVolumeSyntheticDatabase
14 Your organization is migrating the production environment to an infrastructure as a service (IaaS) cloud implementation. Your users will need to be able to get access to their data and share data with other users in a defined way, according to a hierarchy. You should configure the cloud memory as _______________.Object storageVolume storageSynthetic storageDatabases
15 What is one of the benefits of implementing an egress monitoring solution?Preventing distributed denial of service (DDoS) attacksInventorying data assetsInterviewing data ownersProtecting against natural disasters
16 Egress monitoring solutions usually include a function that _______________.Arbitrates contract breachesPerforms personnel evaluation reviewsDiscovers data assets according to classification/categorizationApplies another level of access control
17 Egress monitoring solutions usually include a function that _______________.Uses biometrics to scan usersInspects incoming packetsResides on client machinesUses stateful inspection
18 Digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM) can be used to protect all sorts of sensitive data but are usually particularly designed to secure ____________.Personally identifiable information (PII)Intellectual propertyPlans and policiesMarketing material
19 Digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM) often protect unauthorized distribution of what type of intellectual property?PatentsTrademarksPersonally identifiable information (PII)Copyright
20 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?PersistenceInfluenceResistanceTrepidation
21 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?Automatic expirationMultilevel aggregationEnhanced detailBroad spectrum
22 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?Transparent encryption modificationBilateral enhancementContinuous audit trailEncompassing flow
23 Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?Mapping to existing access control lists (ACLs)Delineating biometric catalogsPreventing multifactor authenticationProhibiting unauthorized transposition
24 According to the (ISC)2 Cloud Secure Data Lifecycle, which phase comes soon after (or at the same time as) the Create phase?StoreUseDeployArchive
25 According to the (ISC)2 Cloud Secure Data Lifecycle, which phase comes immediately before the Share phase?CreateDestroyUseEncrypt
26 Why is the term (ISC)2 Cloud Secure Data Lifecycle actually somewhat inaccurate?The term is not used only by (ISC)2.Not all phases are secure.Not all phases take place in the cloud.It’s not actually a cycle.
27 According to the (ISC)2 Cloud Secure Data Lifecycle, in which phase should the process of categorization/classification of data occur?CreateStoreDefineUse
28 Which of the following should occur during the final phase of the Cloud Secure Data Lifecycle?Data