Download Cloud Security Exam Questions and Answers: C838 OA 2025 and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
C838 - MANAGING CLOUD SECURITY FINAL
OA 2025 UPDATED EXAM QUESTIONS AND
ANSWERS.
_____ drive security decisions. - correct answer- business requirements All of these are reasons because of which an organization may want to consider cloud migration, except: - correct answer- Elimination of risks The generally accepted definition of cloud computing includes all of the following characteristics except: - correct answer- negating the need for backups When a cloud customer uploads PII to a cloud provider, who becomes ultimately responsible for the security of that PII? - correct answer- cloud customer We use which of the following to determine the critical paths, processes, and assets of an organization? - correct answer- BIA
If a service or solution does not meet all of the specified key characteristics listed below, it is said to be not true cloud computing. Please select the valid cloud computing characteristics out of the terms identified below. Each correct answer represents a complete solution. Choose all that apply. - correct answer- On-demand self-service Broad network access Resource pooling measured service All of these technologies have made cloud service viable except: - correct answer- smart hubs The cloud deployment model that features organizational ownership of the hardware and infrastructure, and usage only by members of that organization, is known as: - correct answer- private The cloud deployment model that features ownership by a cloud provider, with services offered to anyone who wants to subscribe, is known as: - correct answer- Public
If a cloud customer cannot get access to the cloud provider, this affects what portion of the CIA triad? - correct answer- Availability All of the following can result in vendor lock-in except: - correct answer- Statutory compliance The risk that a cloud provider might go out of business and the cloud customer might not be able to recover data is known as: - correct answer- vendor lock-out All of these are features of cloud computing except: - correct answer- Reversed charging configuration Cloud vendors are held to contractual obligations with specified metrics by: - correct answer- SLAs Gathering business requirements can aid the organization in determining all of this information about organizational assets, except: - correct answer- Usefulness
The BIA can be used to provide information about all of the following, except: - correct answer- Secure Acquisition Risk appetite for an organization is determined by which of the following? - correct answer- Senior management What is the risk left over after controls and countermeasures are put in place? - correct answer- Residual All the following are ways of addressing risk, except: - correct answer- Reversal Which of the following best describes risk? - correct answer- The likelihood that a threat will exploit a vulnerability In which cloud service model is the customer required to maintain the OS? - correct answer- IaaS
Which of the following is considered a physical control? - correct answer- Fences In a cloud environment, encryption should be used for all the following, except: - correct answer- Profile formatting The process of hardening a device should include all of the following, except: - correct answer- Improve default accounts The process of hardening a device should include which of the following? - correct answer- updating and patching the system What is an experimental technology that is intended to create the possibility of processing encrypted data without having to decrypt it first? - correct answer- Homomorphic To protect data on user devices in a BYOD environment, the organization should consider requiring all of the following, except: - correct answer- Two-person integrity
Devices in the cloud datacenter should be secure against attack. All the following are means of hardening devices, except:
- correct answer- Removing all admin accounts All of these are methods of data discovery, except: - correct answer- User-based Data labels could include all the following, except: - correct answer- Data value Data labels could include all the following, except: - correct answer- delivery vendor Data labels could include all the following, except: - correct answer- Mutlifactor authentication All the following are data analytics modes, except: - correct answer- Refractory iteration In the cloud motif, the data owner is usually: - correct answer- the cloud customer
What is the intellectual property protection for the logo of a new video game? - correct answer- Trademark What is the aspect of the DMCA that has often been abused and places the burden of proof on the accused? - correct answer- Takedown notice What is the federal agency that accepts applications for new patents? - correct answer- USPTO DRM tools use a variety of methods for enforcement of intellectual property rights. These include all the following, except: - correct answer- Dip switch validity DRM solutions should generally include all the following functions, except: - correct answer- Automatic self-destruct Every security program and process should have which of the following? - correct answer- foundational policy
All policies within the organization should include a section that includes all of the following, except: - correct answer- policy adjudication The most pragmatic option for data disposal in the cloud is which of the following? - correct answer- cryptoshredding What are the U.S. State Department controls on technology exports known as? - correct answer- ITAR What are the U.S. Commerce Department controls on technology exports known as? - correct answer- EAR Cryptographic keys for encrypted data stored in the cloud should be ______________. - correct answer- Not stored with the cloud provider Cryptographic keys should be secured ______________. - correct answer- to a level at least as high as the data they can decrypt
DLP solutions can aid in deterring loss due to which of the following? - correct answer- inadvertent disclosure DLP solutions can aid in deterring loss due to which of the following? - correct answer- malicious disclosure What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first? - correct answer- homomorphic encryption Proper implementation of DLP solutions for successful function requires which of the following? - correct answer- accurate data categorization Tokenization requires two distinct ______________. - correct answer- databases Data masking can be used to provide all of the following functionality, except: - correct answer- authentication of privileged users
DLP can be combined with what other security technology to enhance data controls? - correct answer- DRM Best practices for key management include all of the following, except: - correct answer- ensure mutlifactor authentication What are third-party providers of IAM functions for the cloud environment? - correct answer- CASBs The goals of DLP solution implementation include all of the following, except: - correct answer- Elasticity What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud? - correct answer- portability All of the following are techniques to enhance the portability of cloud data, in order to minimize the potential of vendor lock-in except: - correct answer- Use DRM and DLP solutions widely throughout the cloud operation
Which of the following is a technique used to attenuate risks to the cloud environment, resulting in loss or theft of a device used for remote access? - correct answer- remote kill switch A poorly negotiated cloud service contract could result in all the following detrimental effects except: - correct answer- malware Countermeasures for protecting cloud operations against internal threats include all of the following except: - correct answer- hardened perimeter devices Countermeasures for protecting cloud operations against internal threats include all of the following except: - correct answer- redundant ISPs Countermeasures for protecting cloud operations against internal threats include all of the following except: - correct answer- scalability
Countermeasures for protecting cloud operations against internal threats include all of the following except: - correct answer- conflict of interest Benefits for addressing BC/DR offered by cloud operations include all of the following except: - correct answer- metered service All of the following methods can be used to attenuate the harm caused by escalation of privilege except: - correct answer- periodic and effective use of cryptographic sanitization tools The various models generally available for cloud BC/DR activities include all of the following except: - correct answer- cloud provider, backup from private provider After a cloud migration, the BIA should be updated to include a review of the new risks and impacts associated with cloud operations; this review should include an analysis of the possibility of vendor lock-in/lock-out. Analysis of this risk may not have to be performed as a new effort, because a lot of the material that would be included is already available from which of the following? - correct answer- the cost-benefit analysis the organization conducted when deciding on cloud migration
Vulnerability assessments cannot detect which of the following?
- correct answer- zero-day exploits What is the cloud service model in which the customer is responsible for administration of the OS? - correct answer- IaaS Hardening the operating system refers to all of the following except: - correct answer- Removing antimalware agents Which type of software is most likely to be reviewed by the most personnel, with the most varied perspectives? - correct answer- open source software In all cloud models, the customer will be given access and ability to modify which of the following? - correct answer- data To address shared monitoring and testing responsibilities in a cloud configuration, the provider might offer all these to the cloud customer except: - correct answer- security control adminstration
Which kind of SSAE audit report is a cloud customer most likely to receive from a cloud provider? - correct answer- SOC 3 Which kind of SSAE audit report is most beneficial for a cloud customer, even though it's unlikely the cloud provider will share it? - correct answer- SOC 2 Type 2 As a result of scandals involving publicly traded corporations such as Enron, WorldCom, and Adelphi, Congress passed legislation known as: - correct answer- SOX The cloud customer's trust in the cloud provider can be enhanced by all of the following except: - correct answer- Real- time video surveillance User access to the cloud environment can be administered in all of the following ways except: - correct answer- customer provides administration on behalf of the provider
