MANAGING CLOUD SECURITY FINAL EXAM ACTUAL
QUESTIONS AND ANSWERS GRADED A+
✔✔Which security threat occurs when a developer leaves an unauthorized access
interface within an application after release?
A Deprecated API
B Easter egg
C Persistent backdoor
D Development operations - ✔✔C
✔✔Which process prevents the environment from being over-controlled by security
measures to the point where application performance is impacted?
A Trusted cloud initiative (TCI)
B Community cloud
C Quality of service (QoS)
D Private cloud - ✔✔C
✔✔Which open web application security project (OWASP) Top 9 Coding Flaws leads to
security issues?
A Direct object reference
B Cross-site scripting
C Denial-of-service
D Client-side injection - ✔✔A
✔✔Which identity management process targets access to enterprise resources by
ensuring that the identity of an entity is verified?
A Provisioning
B Federation
C Authentication
D Policy management - ✔✔C
✔✔Which technology improves the ability of the transport layer security (TLS) to ensure
privacy when communicating between applications?
A Whole-disk encryption
B Advanced application-specific integrated circuits (ASICs)
C Virtual private networks (VPNs)
D Volume encryption - ✔✔B
✔✔Which multi-factor authentication (MFA) option uses a physical universal serial bus
(USB) device to generate one-time passwords?
,A Transaction authentication numbers
B Biometrics
C Hard tokens
D Out-of-band passwords - ✔✔C
✔✔Which cloud infrastructure is shared by several organizations with common
concerns, such as mission, policy, or compliance considerations?
A Private cloud
B Community cloud
C Public cloud
D Hybrid cloud - ✔✔B
✔✔Which type of cloud deployment model is considered equivalent to a traditional IT
architecture?
A Public
B Private
C Hybrid
D Community - ✔✔B
✔✔Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy?
A Technological controls
B Contractual enforcement of policies
C Training programs
D Strong access controls - ✔✔A
✔✔Which attack vector is associated with cloud infrastructure?
A Seizure and examination of a physical disk
B Licensing fees tied to the deployment of software based on a per-CPU licensing
model
C Data storage locations in multiple jurisdictions
D Compromised API credentials - ✔✔D
✔✔Which risk is associated with malicious and accidental dangers to a cloud
infrastructure?
A Regulatory noncompliance
,B Natural disasters
C Personnel threats
D External attacks - ✔✔C
✔✔Which cloud-specific risk must be considered when moving infrastructure operations
to the cloud?
A Natural disasters
B Lack of physical access
C Denial of service
D Regulatory violations - ✔✔B
✔✔Which risk is controlled by implementing a private cloud?
A Eavesdropping
B Unauthorized access
C Denial-of-service (DoS)
D Physical security - ✔✔D
✔✔Which countermeasure enhances redundancy for physical facilities hosting cloud
equipment during the threat of a power outage?
A Tier 2 network access providers
B Radio frequency interference (RFI) blocking devices
C Multiple and independent power circuits to all racks
D Automated license plate readers (ALPR) at entry points - ✔✔C
✔✔Which countermeasure helps mitigate the risk of stolen credentials for cloud-based
platforms?
A Key management
B Multifactor authentication
C Data sanitization
D Host lockdown - ✔✔B
✔✔Which control helps mitigate the risk of sensitive information leaving the cloud
environment?
A Web application firewall (WAF)
B Disaster recovery plan (DRP)
C Identity and access management (IAM)
D Data loss prevention (DLP) - ✔✔D
✔✔Which countermeasure mitigates the risk of a rogue cloud administrator?
, A Multifactor authentication
B Data encryption
C Platform orchestration
D Logging and monitoring - ✔✔D
✔✔Which consideration should be taken into account when reviewing a cloud service
provider's risk of potential outage time?
A The type of database
B The amount of cloud service offerings
C The unique history of the provider
D The provider's support services - ✔✔C
✔✔Which cloud security control eliminates the risk of a virtualization guest escape from
another tenant?
A Dedicated hosting
B Hardware hypervisor
C File integrity monitor
D Immutable virtual machines - ✔✔A
✔✔Which cloud security control is a countermeasure for man-in-the-middle attacks?
A Backing up data offsite
B Reviewing log data
C Using block data storage
D Encrypting data in transit - ✔✔D
✔✔Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived?
A Applicable regulation
B Data classification
C Enforcement
D Maintenance - ✔✔A
✔✔Which disaster recovery (DR) site results in the quickest recovery in the event of a
disaster?
A Hot
B Cold
C Reserve
D Passive - ✔✔A
QUESTIONS AND ANSWERS GRADED A+
✔✔Which security threat occurs when a developer leaves an unauthorized access
interface within an application after release?
A Deprecated API
B Easter egg
C Persistent backdoor
D Development operations - ✔✔C
✔✔Which process prevents the environment from being over-controlled by security
measures to the point where application performance is impacted?
A Trusted cloud initiative (TCI)
B Community cloud
C Quality of service (QoS)
D Private cloud - ✔✔C
✔✔Which open web application security project (OWASP) Top 9 Coding Flaws leads to
security issues?
A Direct object reference
B Cross-site scripting
C Denial-of-service
D Client-side injection - ✔✔A
✔✔Which identity management process targets access to enterprise resources by
ensuring that the identity of an entity is verified?
A Provisioning
B Federation
C Authentication
D Policy management - ✔✔C
✔✔Which technology improves the ability of the transport layer security (TLS) to ensure
privacy when communicating between applications?
A Whole-disk encryption
B Advanced application-specific integrated circuits (ASICs)
C Virtual private networks (VPNs)
D Volume encryption - ✔✔B
✔✔Which multi-factor authentication (MFA) option uses a physical universal serial bus
(USB) device to generate one-time passwords?
,A Transaction authentication numbers
B Biometrics
C Hard tokens
D Out-of-band passwords - ✔✔C
✔✔Which cloud infrastructure is shared by several organizations with common
concerns, such as mission, policy, or compliance considerations?
A Private cloud
B Community cloud
C Public cloud
D Hybrid cloud - ✔✔B
✔✔Which type of cloud deployment model is considered equivalent to a traditional IT
architecture?
A Public
B Private
C Hybrid
D Community - ✔✔B
✔✔Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy?
A Technological controls
B Contractual enforcement of policies
C Training programs
D Strong access controls - ✔✔A
✔✔Which attack vector is associated with cloud infrastructure?
A Seizure and examination of a physical disk
B Licensing fees tied to the deployment of software based on a per-CPU licensing
model
C Data storage locations in multiple jurisdictions
D Compromised API credentials - ✔✔D
✔✔Which risk is associated with malicious and accidental dangers to a cloud
infrastructure?
A Regulatory noncompliance
,B Natural disasters
C Personnel threats
D External attacks - ✔✔C
✔✔Which cloud-specific risk must be considered when moving infrastructure operations
to the cloud?
A Natural disasters
B Lack of physical access
C Denial of service
D Regulatory violations - ✔✔B
✔✔Which risk is controlled by implementing a private cloud?
A Eavesdropping
B Unauthorized access
C Denial-of-service (DoS)
D Physical security - ✔✔D
✔✔Which countermeasure enhances redundancy for physical facilities hosting cloud
equipment during the threat of a power outage?
A Tier 2 network access providers
B Radio frequency interference (RFI) blocking devices
C Multiple and independent power circuits to all racks
D Automated license plate readers (ALPR) at entry points - ✔✔C
✔✔Which countermeasure helps mitigate the risk of stolen credentials for cloud-based
platforms?
A Key management
B Multifactor authentication
C Data sanitization
D Host lockdown - ✔✔B
✔✔Which control helps mitigate the risk of sensitive information leaving the cloud
environment?
A Web application firewall (WAF)
B Disaster recovery plan (DRP)
C Identity and access management (IAM)
D Data loss prevention (DLP) - ✔✔D
✔✔Which countermeasure mitigates the risk of a rogue cloud administrator?
, A Multifactor authentication
B Data encryption
C Platform orchestration
D Logging and monitoring - ✔✔D
✔✔Which consideration should be taken into account when reviewing a cloud service
provider's risk of potential outage time?
A The type of database
B The amount of cloud service offerings
C The unique history of the provider
D The provider's support services - ✔✔C
✔✔Which cloud security control eliminates the risk of a virtualization guest escape from
another tenant?
A Dedicated hosting
B Hardware hypervisor
C File integrity monitor
D Immutable virtual machines - ✔✔A
✔✔Which cloud security control is a countermeasure for man-in-the-middle attacks?
A Backing up data offsite
B Reviewing log data
C Using block data storage
D Encrypting data in transit - ✔✔D
✔✔Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived?
A Applicable regulation
B Data classification
C Enforcement
D Maintenance - ✔✔A
✔✔Which disaster recovery (DR) site results in the quickest recovery in the event of a
disaster?
A Hot
B Cold
C Reserve
D Passive - ✔✔A
