Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?
A. Platform-as-a-service (PaaS)
B. Desktop-as-a-service (DaaS)
C. Infrastructure-as-a-service (IaaS)
D. Identity-as-a-service (IDaaS)
E. Software-as-a-service (SaaS)
Cloud applications can use virtual networks and other structures, for hyper-segregated environments.
A. False
B. True
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
A. False
B. True
CCM: In the CCM tool, `Encryption and Key Management` is an example of which of the following?
A. Risk Impact
B. Domain
C. Control Specification
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?
A. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
B. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.
C. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
E. Both B and D.
The containment phase of the incident response lifecycle requires taking systems o ine.
A. False
B. True
When mapping functions to lifecycle phases, which functions are required to successfully process data?
A. Create, Store, Use, and Share
B. Create and Store
C. Create and Use
D. Create, Store, and Use
E. Create, Use, Store, and Delete
CCM: The Cloud Service Delivery Model Applicability column in the CCM indicates the applicability of the cloud security control to which of the following elements?
A. Mappings to well-known standards and frameworks
B. Service Provider or Tenant/Consumer
C. Physical, Network, Compute, Storage, Application or Data
D. SaaS, PaaS or IaaS
What is true of cloud built-in firewalls?
A. They operate exclusively outside of the hypervisor
B. Whichever features are not provided in the firewall, the cloud provider has an alternative
C. They operate exclusively outside of the SDN
D. They typically offer fewer features that newer physical firewalls
E. They provide identical configurations to physical firewalls
What is a method used to decouple the network control plane from the data plane?
A. Information Management Policies
B. Multitenancy
C. Network Intrusion Detect on Systems (NIDS)
D. Software defined Networking (SDN)
E. Virtual LANs (VLANs)
While a virtual machine is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still using the kernel and other OS capabilities.
A. True
B. False
CCM: A hypothetical start-up company called "CertBus4Sure" provides a cloud based IT management solution. They are growing rapidly and have some security measures in place but the employees are still using their personal mobile devices for storing and communicating company confidential information. So they decide to provide the employees with company mobile devices and implement a Mobile Device Management policy. Two months later, a customer wants to review CertBus4Sure's mobile device security practices. Which of the following basic protection measures should the client look for in the company's Mobile Device Management policy?
A. Registration of mobile devices
B. Requirements for physical protection
C. Requirements for mobile device software versions and for applying patches
D. Malware protection
E. All of the above
Absent other evidence, such as tampering or hacking, documents should not be considered more or less admissible or credible because they were created or stored in the cloud.
A. True
B. False
Virtual appliances can become bottlenecks because they cannot fail open and must intercept all traffic .
A. False
B. True
Immutable workloads make it faster to roll out updated versions because applications must be designed to handle individual nodes going down.
A. False
B. True