(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests. Ben Malisow
unknown, unpatched assets from being used as back doors to the environmentEnsure that any lost devices are automatically entered into the acquisition system for repurchasing and replacementMaintain user morale by having their devices properly catalogued and annotatedEnsure that billing for all devices is handled by the appropriate departments
106 Which of the following can enhance data portability?Interoperable export formatsEgress monitoring solutionsStrong physical protectionsAgile business intelligence
107 Which of the following can enhance application portability?Using the same cloud provider for the production environment and archivingConducting service trials in an alternate cloud provider environmentProviding cloud-usage training for all usersTuning web application firewalls (WAFs) to detect anomalous activity in inbound communications
108 What should the cloud customer do to ensure that disaster recovery activities don’t exceed the maximum allowable downtime (MAD)?Make sure any alternate provider can support the application needs of the organization.Ensure that contact information for all first responder agencies are correct and up-to-date at all times.Select an appropriate recovery time objective (RTO).Regularly review all regulatory directives for disaster response.
109 Which of the following would probably best aid an organization in deciding whether to migrate from a traditional environment to a particular cloud provider?Rate sheets comparing a cloud provider to other cloud providersCloud provider offers to provide engineering assistance during the migrationThe cost/benefit measure of closing the organization’s relocation site (hot site/warm site) and using the cloud for disaster recovery insteadSLA satisfaction surveys from other (current and past) cloud customers
110 A cloud provider will probably require all of the following except ___________________ before a customer conducts a penetration test.NoticeDescription of scope of the testPhysical location of the launch pointKnowledge of time frame/duration
111 Cloud providers will probably not allow ___________________ as part of a customer’s penetration test.Network mappingVulnerability scanningReconnaissanceSocial engineering
112 A cloud customer performing a penetration test without the provider’s permission is risking ___________________.Malware contaminationExcessive fees for SLA violationsLoss of market shareProsecution
113 When a customer performs a penetration test in the cloud, why isn’t the test an optimum simulation of attack conditions?Attackers don’t use remote access for cloud activity.Advanced notice removes the element of surprise.When cloud customers use malware, it’s not the same as when attackers use malware.Regulator involvement changes the attack surface.
114 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. What is the technology that creates most of the cost savings in the cloud environment?EmulationSecure remote accessCrypto-shreddingVirtualization
115 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. From the customer perspective, most of the cost differential created between the traditional environment and the cloud through virtualization is achieved by removing ___________________.External risksInternal risksRegulatory complianceSunk capital investment
116 Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a traditional environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ___________________.RiskSecurity controlsPersonnelData
117 Which of the following is a risk posed by the use of virtualization?Internal threats interrupting service through physical accidents (spilling drinks, tripping over cables, etc.)The ease of transporting stolen virtual machine imagesIncreased susceptibility of virtual systems to malwareElectromagnetic pulse
118 The tasks performed by the hypervisor in the virtual environment can be most likened to the tasks of the ___________________ in the traditional environment.Central processing unit (CPU)Security teamOperating system (OS)Pretty Good Privacy (PGP)
119 Mass storage in the cloud will most likely currently involve ___________________.Spinning plattersTape drivesMagnetic disksSolid-state drives (SSDs)
120 What is the type of cloud storage arrangement that involves the use of associating metadata with the saved data?VolumeBlockObjectRedundant
121 According to the NIST Cloud Computing Reference Architecture, which of the following is most likely a cloud carrier?Amazon Web ServicesNetflixVerizonNessus
122 Resolving resource contentions in the cloud will most likely be the job of the ___________________.RouterEmulatorRegulatorHypervisor
123 Security controls installed on a guest virtual machine operating system (VM OS) will not function when ___________________.The user is accessing the VM remotelyThe OS is not scanned for vulnerabilitiesThe OS is not subject to version controlThe VM is not active while in storage
124 Typically, SSDs are ___________________.More expensive than spinning plattersLarger than tape backupHeavier than tape librariesMore subject to malware than legacy drives
125 Typically, SSDs are ___________________.Harder to install than magnetic memoryFaster than magnetic drivesHarder to administer than tape librariesMore likely to fail than spinning platters
126 Typically, SSDs are ___________________.Impossible to destroy physicallyNot vulnerable to degaussingSubject to a longer warrantyProtected by international trade laws
127 Of the following control techniques/solutions, which can be combined to enhance the protections offered by each?Fences/firewallsAsset inventories/personnel trainingData dispersion/encryptionIntrusion prevention solutions/intrusion detection solutions
128 Of the following control techniques/solutions, which can be combined to enhance the protections offered by each?Razor tape/background checksLeast privilege/generatorsDLP/DRMPersonnel badging/secure baselines
129 Risk assessment is the responsibility of ___________________.Companies offering managed cloud servicesRegulatory bodiesEvery organizationLegislative entities
130 Which entity can best aid the organization in avoiding vendor lock-in?Senior managementThe IT security officeGeneral counselThe cloud security representative
131 Perhaps the best method for avoiding vendor lock-out is also a means for enhancing BC/DR capabilities. This is ___________________.Having a warm site within 250 miles of the primary production environmentUsing one cloud provider for primary production and another for backup purposesBuilding a data center above the flood plainCross-training all personnel
132 ___________________ can often be the result of inadvertent activity.DDoSPhishingSprawlDisasters
133 Of the following, which is probably the most significant risk in a managed cloud environment?DDoSManagement plane breachGuest escapePhysical attack on the utility service lines
134 What is the optimal number of entrances to the cloud data center campus?OneTwoThreeFour
135 The cloud data center campus physical access point should include all of the following except ___________________.Reception areaVideo surveillanceBadging procedureMantrap structures
136 Where should multiple egress points be included?At the power distribution substationWithin the data centerIn every building on the campusIn the security operations center
137 Which of the following is a risk in the cloud environment that does not exist or is not as prevalent in the traditional environment?DDoSIsolation failureExternal attackInternal attack
138 All security controls necessarily ___________________.Are expensiveDegrade performanceRequire senior management approvalWill work in the cloud environment as well as they worked in the traditional environment
139 Which of the following is a risk in the cloud environment that does not exist or is not as prevalent in the traditional environment?Legal liability in multiple jurisdictionsLoss of productivity due to DDoSAbility of users to gain access to their physical workplaceFire
140 Which of the following is a risk in the cloud