131 The goals of secure sanitization (or “data destruction”) include all of the following except _______________.Removing data objects or filesMinimizing or eliminating data remanenceRemoving pointers and metadata about specific files or objectsCreating a secure, archived copy for business continuity and disaster recovery (BC/DR) purposes
132 Why is deleting a file or object insufficient for secure sanitization purposes?Drives and disks must be demagnetized for true secure destruction.Physical destruction is the only acceptable method of secure sanitization.Deletion usually only removes pointers or indicators of file location.Only administrators should be allowed to delete files or objects.
133 Data destruction in the cloud is difficult because ____________.Cloud data doesn’t have substanceRegulations prevent itThe hardware belongs to the providerMost of the data is subterranean
134 Data destruction in the cloud is difficult because ____________.Data in the cloud is constantly being replicated and backed upDelete commands are prohibited in the cloudInternet service providers (ISPs) will not allow destruction of data stored in the cloudThe end clients may prevent it
135 Data destruction in the cloud is difficult because ____________.Only law enforcement is permitted to destroy cloud dataThe largest cloud vendors have prevented customers from destroying dataCloud data renews itself automaticallyThe cloud is often a multitenant environment
136 Which of the following is the best and only completely secure method of data destruction?DegaussingCrypto-shreddingPhysical destruction of resources that store the dataLegal order issued by the prevailing jurisdiction where the data is geographically situated
137 Aside from the fact that the cloud customer probably cannot reach the physical storage assets of the cloud provider and that wiping an entire storage space would impact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud?All the data storage space in the cloud is already gaussed.Cloud data storage may not be affected by degaussing.Federal law prohibits it in the United States.The blast radius is too wide.
138 Is overwriting a feasible secure sanitization method in the cloud?Yes, but only if you use multiple passes.No, because you can’t get physical access to cloud storage resources.Yes, but it requires a final pass with all zeros or ones.No, because the logical location of the stored data is almost impossible to determine.
139 All of the following are reasons overwriting is not a viable secure sanitization method for data stored in the cloud except _______________.Overwriting an entire storage resource would affect other tenants’ dataRegulators usually frown on the practiceLocating the specific storage locations of cloud data is almost impossibleData is being backed constantly in the cloud; before you finished overwriting an entire data set, it would have been replicated elsewhere
140 Which of the following might make crypto-shredding difficult or useless?The cloud provider also managing the organization’s keysLack of physical access to the environmentExternal attackersLack of user training and awareness
141 Crypto-shredding requires at least ____ cryptosystem(s).OneTwoThreeFour
142 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Ensuring profitabilityIncreasing performanceMotivating usersCorrecting accidental errors
143 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Team building and moraleForensic investigationChoosing security controlsEnhancing quality
144 In addition to having it for business continuity and disaster recovery (BC/DR) purposes, data archiving might also be useful for _______________.Compliance/auditMonitoring performanceGathering investmentEnforcing policy
145 Who is responsible for performing archiving activities in a managed cloud environment?The cloud customerThe cloud providerThe customer’s regulatorDepends on the contract
146 Data archiving and retention policies should include __________.How long the data must be kept before destructionThe depth of underground storage bunkers used for archivingThe names of specific personnel tasked with restoring data in the event of data loss in the operational environmentThe name(s) of regulators approving the policy
147 What should data archiving and retention policies include?Names of personnel allowed to receive backup media, if third-party off-site archiving services are usedExplicit statement of data formats and types of storage mediaA list of personnel whose data will be archived on a regular basisWhich Internet service provider (ISP) should be used for backup procedures
148 If the organization operates in a cloud environment, security operations procedures should include specific contact information for all of the following except _______________.Applicable regulatory entitiesFederal and local law enforcementThe originator or publisher of the governing policyThe cloud provider’s security response office
149 If the organization operates in a cloud environment, security operations procedures should include guidance for all of the following audit or logging processes except _______________.Definition of security events and incidentsThe brand or vendor of the cloud provider’s audit or logging toolProcess for adding new audit or logging rulesProcess for filtering out false positives by amending the rule set
150 What does nonrepudiation mean?Prohibiting certain parties from a private conversationEnsuring that a transaction is completed before saving the resultsEnsuring that someone cannot turn off auditing capabilities while performing a functionPreventing any party that participates in a transaction from claiming that it did not
CHAPTER 3 Domain 3: Cloud Platform and Infrastructure Security
The third domain of the Certified Cloud Security Professional (CCSP) Exam Outline concerns the underlying infrastructure of the cloud, including both hardware and software, the concept of pooled resources, and a detailed discussion of identity and access management (IAM).
1 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. Your organization has its production environment hosted in a cloud environment. You are considering using cloud backup services for your BC/DR purposes as well. What would probably be the best strategy for this approach, in terms of redundancy and resiliency?Have your cloud provider also provide BC/DR backup.Keep a BC/DR backup on the premises of your corporate headquarters.Use another cloud provider for the BC/DR backup.Move your production environment back into your corporate premises, and use your cloud provider to host your BC/DR backup.
2 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You decide to have a tabletop test of the BC/DR activity. Which of the following will offer the best value during the test?Have all participants conduct their individual activities via remote meeting technology.Task a moderator well versed in BC/DR actions to supervise and present scenarios to the participants, including randomized special events.Provide copies of the BC/DR policy to all participants.Allow all users in your organization to participate.
3 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. Your organization has its production environment hosted by a cloud provider, and you have appropriate protections in place. Which of the following is a significant consideration for your BC/DR backup?Enough personnel at the BC/DR recovery site to ensure proper operationsGood cryptographic key managementAccess to the servers where the BC/DR backup is storedForensic analysis capabilities
4 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You are going to conduct a full test of the BC/DR plan. Which of the following strategies is an optimum technique to avoid major issues?Have another full backup of the production environment stored prior to the test.Assign all personnel tasks to