5 A Security Assertion Markup Language (SAML) identity assertion token uses the ___________________ protocol.Extensible Markup Language (XML)Hypertext Transfer Protocol (HTTP)Hypertext Markup Language (HTML)American Standard Code for Information Interchange (ASCII)
6 The minimum essential characteristics of a cloud data center are often referred to as “ping, power, pipe.” What does this term mean?Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an Internet service provider (ISP)/the InternetApplication suitability; availability; connectivityInfrastructure as a service (IaaS); software as a service (SaaS); platform as a service (PaaS)Anti-malware tools; controls against distributed denial-of-service (DDoS) attacks; physical/environmental security controls, including fire suppression
7 To support all aspects of the CIA triad (confidentiality, integrity, availability), all of the following aspects of a cloud data center need to be engineered with redundancies except ___________________.Power supplyHVACAdministrative officesInternet service provider (ISP)/connectivity lines
8 Who is the cloud carrier?The cloud customerThe cloud providerThe regulator overseeing the cloud customer’s industryThe ISP between the cloud customer and provider
9 Which of the following terms describes a means to centralize logical control of all networked nodes in the environment, abstracted from the physical connections to each?Virtual private network (VPN)Software-defined network (SDN)Access control lists (ACLs)Role-based access control (RBAC)
10 In software-defined networking (SDN), the northbound interface (NBI) usually handles traffic between the ___________________ and the ___________________.Cloud customer; ISPSDN controllers; SDN applicationsCloud provider; ISPRouter; host
11 Software-defined networking (SDN) allows network administrators and architects to perform all the following functions except ___________________.Reroute traffic based on current customer demandCreate logical subnets without having to change any actual physical connectionsFilter access to resources based on specific rules or settingsDeliver streaming media content in an efficient manner by placing it closer to the end user
12 Which of the following is a device specially purposed to handle the issuance, distribution, and storage of cryptographic keys?Key management box (KMB)Hardware security module (HSM)Ticket-granting ticket (TGT)Trusted computing base (TCB)
13 When discussing the cloud, we often segregate the data center into the terms compute, storage, and networking. Compute is made up of ___________________ and ___________________.Routers; hostsApplication programming interface (APIs); northbound interface (NBIs)Central processing unit (CPU); random-access memory (RAM)Virtualized; actual hardware devices
14 All of the following can be used to properly apportion cloud resources except ___________________.ReservationsSharesCancellationsLimits
15 Which of the following is a method for apportioning resources that involves setting guaranteed minimums for all tenants/customers within the environment?ReservationsSharesCancellationsLimits
16 Which of the following is a method for apportioning resources that involves setting maximum usage amounts for all tenants/customers within the environment?ReservationsSharesCancellationsLimits
17 Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations?ReservationsSharesCancellationsLimits
18 A bare-metal hypervisor is Type ___________________.1234
19 A hypervisor that runs inside another operating system (OS) is a Type ___________________ hypervisor.1234
20 A Type ___________________ hypervisor is probably more difficult to defend than other hypervisors.1234
21 One of the security challenges of operating in the cloud is that additional controls must be placed on file storage systems because ___________________.File stores are always kept in plain text in the cloudThere is no way to sanitize file storage space in the cloudVirtualization necessarily prevents the use of application-based security controlsVirtual machines are stored as snapshotted files when not in use
22 What is the main reason virtualization is used in the cloud?Virtual machines (VMs) are easier to administer.If a VM is infected with malware, it can be easily replaced.With VMs, the cloud provider does not have to deploy an entire hardware device for every new user.VMs are easier to operate than actual devices.
23 Orchestrating resource calls is the job of the ___________________.AdministratorRouterVMHypervisor
24 Which of the following terms describes a cloud storage area that uses a filesystem/hierarchy?Volume storageObject storageLogical unit number (LUN)Block storage
25 Typically, which form of cloud storage is used in the near term for snapshotted virtual machine (VM) images?Volume storageObject storageLogical unit number (LUN)Block storage
26 Who operates the management plane?RegulatorsEnd consumersPrivileged usersPrivacy data subjects
27 What is probably the optimum way to avoid vendor lock-in?Use nonproprietary data formats.Use industry-standard media.Use strong cryptography.Use favorable contract language.
28 Who will determine whether your organization’s cloud migration is satisfactory from a compliance perspective?The cloud providerThe cloud customerThe regulator(s)The Internet service provider (ISP)
29 What is probably the best way to avoid problems associated with vendor lock-out?Use strong contract language.Use nonproprietary data and media formats.Use strong cryptography.Use another provider for backup purposes.
30 In a public cloud services arrangement, who creates governance that will determine which controls are selected for the data center and how they are deployed?The cloud providerThe cloud customerThe regulator(s)The end user
31 What is the term that describes the situation when a malicious user or attacker can exit the restrictions of a virtual machine (VM) and access another VM residing on the same host?Host escapeGuest escapeProvider exitEscalation of privileges
32 What is the term that describes the situation when a malicious user or attacker can exit the restrictions of a single host and access other nodes on the network?Host escapeGuest escapeProvider exitEscalation of privileges
33 ___________________ is/are probably the main cause of virtualization sprawl.Malicious attackersLack of provider controlsLack of customer controlsEase of use
34 Sprawl is mainly a(n) ___________________ problem.TechnicalExternalManagementLogical
35 Which of the following risks exists in the traditional environment but is dramatically increased by moving into the cloud?Physical security breachesLoss of utility powerFinancial upheavalMan-in-the-middle attacks
36 A fundamental aspect of security principles, ___________________ should be implemented in the cloud as well as in traditional environments.Continual uptimeDefense in depthMultifactor authenticationSeparation of duties
37 From a security perspective, automation of configuration aids in ___________________.Enhancing performanceReducing potential attack vectorsIncreasing ease of use of the systemsReducing need for administrative personnel
38 ___________________ is the most prevalent protocol used in identity federation.Hypertext Transfer Protocol (HTTP)Security Assertion Markup Language (SAML)File Transfer Protocol (FTP)WS-Federation
39 A user signs on to a cloud-based social media platform. In another browser tab, the user finds an article worth posting to the social media platform. The user clicks on the platform’s icon listed on the article’s website, and the article is automatically posted to the user’s account on the social media platform. This is an example of what?Single sign-onInsecure direct identifiersIdentity federationCross-site scripting
40 A group of clinics decides to create an identification federation for their users (medical providers and clinicians). If they opt to review each other, for compliance with security governance and standards they all find acceptable, what is this federation model called?Cross-certificationProxySingle