MANAGING CLOUD SECURITY STUDY GUIDE EXAM
QUESTIONS AND ANSWERS GRADED A+
✔✔What should configuration management always be tied to?
A Change management
B Financial management
C Business relationship management
D IT service management - ✔✔A
✔✔Which of the following modes of encryption dependencies secures data while it
navigates the CSP network or the Internet?
A Encryption of data at rest
B Encryption of data in transit
C Data obfuscation - ✔✔B
✔✔Which is not associated with Federated ID Systems?
A SAML
B SAME
C OpenID
D OAuth - ✔✔B
✔✔With whom does a service provider dictate both the technology and the operational
procedures being made available to the cloud consumer?
A Cloud computing reseller
B Cloud service provider
C Cloud services brokerage
D Managed service provider - ✔✔B
✔✔Which is the internationally accepted standard for eDiscovery?
A ISO\IEC 27055A
B ISO\IEC 20750A
C ISO\IEC 27050
D ISO\IEC 27055 - ✔✔C
✔✔All formatting, security, and usage of LUNs is handled by the storage device.
A True
B False - ✔✔B
, ✔✔Which of the following components is not associated with encryption deployments?
A Encryption engine
B The data
C Encryption keys
D Encryption algorithm - ✔✔D
✔✔What is lock-in in reference to cloud services?
A Access tools.
B Proprietary roadblocks to changing CSPs.
C Ability to change CSP with minimal changes to the environment.
D SLA Commitment. - ✔✔B
✔✔Key management in a cloud environment is not very important.
A True
B False - ✔✔B
✔✔Who publishes the optimal temperature and humidity levels for data centers?
A ASHR
B ASHRAE
C BICSI
D NFPA - ✔✔B
✔✔To ensure that the service quality and availability are maintained.
To minimize the adverse impact on business operations.
To restore normal service operation as quickly as possible. - ✔✔Three purposes of
incident management
✔✔An organization will conduct a risk assessment to evaluate which of the following?
A Threats to its assets, vulnerabilities present in the environment, the likelihood that a
threat will be realized by taking advantage of an exposure, the impact that the exposure
being realized will have on the organization, and the total risk
B Threats to its assets, vulnerabilities not present in the environment, the likelihood that
a threat will be realized by taking advantage of an exposure, the impact that the
exposure being realized will have on the organization, and the residual risk
C Threats to its assets, vulnerabilities present in the environment, the likelihood that a
threat will be realized by taking advantage of an exposure, the impact that the exposure
being realized will have on another organization, and the residual risk
QUESTIONS AND ANSWERS GRADED A+
✔✔What should configuration management always be tied to?
A Change management
B Financial management
C Business relationship management
D IT service management - ✔✔A
✔✔Which of the following modes of encryption dependencies secures data while it
navigates the CSP network or the Internet?
A Encryption of data at rest
B Encryption of data in transit
C Data obfuscation - ✔✔B
✔✔Which is not associated with Federated ID Systems?
A SAML
B SAME
C OpenID
D OAuth - ✔✔B
✔✔With whom does a service provider dictate both the technology and the operational
procedures being made available to the cloud consumer?
A Cloud computing reseller
B Cloud service provider
C Cloud services brokerage
D Managed service provider - ✔✔B
✔✔Which is the internationally accepted standard for eDiscovery?
A ISO\IEC 27055A
B ISO\IEC 20750A
C ISO\IEC 27050
D ISO\IEC 27055 - ✔✔C
✔✔All formatting, security, and usage of LUNs is handled by the storage device.
A True
B False - ✔✔B
, ✔✔Which of the following components is not associated with encryption deployments?
A Encryption engine
B The data
C Encryption keys
D Encryption algorithm - ✔✔D
✔✔What is lock-in in reference to cloud services?
A Access tools.
B Proprietary roadblocks to changing CSPs.
C Ability to change CSP with minimal changes to the environment.
D SLA Commitment. - ✔✔B
✔✔Key management in a cloud environment is not very important.
A True
B False - ✔✔B
✔✔Who publishes the optimal temperature and humidity levels for data centers?
A ASHR
B ASHRAE
C BICSI
D NFPA - ✔✔B
✔✔To ensure that the service quality and availability are maintained.
To minimize the adverse impact on business operations.
To restore normal service operation as quickly as possible. - ✔✔Three purposes of
incident management
✔✔An organization will conduct a risk assessment to evaluate which of the following?
A Threats to its assets, vulnerabilities present in the environment, the likelihood that a
threat will be realized by taking advantage of an exposure, the impact that the exposure
being realized will have on the organization, and the total risk
B Threats to its assets, vulnerabilities not present in the environment, the likelihood that
a threat will be realized by taking advantage of an exposure, the impact that the
exposure being realized will have on the organization, and the residual risk
C Threats to its assets, vulnerabilities present in the environment, the likelihood that a
threat will be realized by taking advantage of an exposure, the impact that the exposure
being realized will have on another organization, and the residual risk
