Domain 5 in the Certified Cloud Security Professional (CCSP) Exam Outline both introduces some significant new concepts, such as the physical design of a data center and the attendant standards and guidelines, and restates some material covered in earlier domains, such as multitenancy, resource pooling, and the like. What is the primary incident response goal?
You are in charge of building a cloud data center. Which raised floor level is sufficient to meet standard requirements?
You are in charge of building a cloud data center. What purposes does the raised floor serve?
You are in charge of building a cloud data center. Which of the following is a useful rack configuration for regulating airflow?
An event is something that can be measured within the environment. An incident is a(n) _______________ event.
Which of the following factors would probably most affect the design of a cloud data center?
All of the following elements must be considered in the design of a cloud data center except _______________.
In designing a data center to meet their own needs and provide optimum revenue/profit, the cloud provider will most likely aim to enhance _______________.
You are the security officer for a small cloud provider offering public cloud infrastructure as a service (IaaS); your clients are predominantly from the education sector, located in North America. Of the following technology architecture traits, which is probably the one your organization would most likely want to focus on?
What is perhaps the main way in which software-defined networking (SDN) solutions facilitate security in the cloud environment?
The logical design of a cloud environment can enhance the security offered in that environment. For instance, in a software as a service (SaaS) cloud, the provider can incorporate _______________ capabilities into the application itself.
You are tasked with managing a cloud data center in Los Angeles; your customers are mostly from the entertainment industry, and you are offering both platform as a service (PaaS) and software as a service (SaaS) capabilities. From a physical design standpoint, you are probably going to be most concerned with _______________.
You are the security manager for a small retail business involved mainly in direct e-commerce transactions with individual customers (members of the public). The bulk of your market is in Asia, but you do fulfill orders globally. Your company has its own data center located within its headquarters building in Hong Kong, but it also uses a public cloud environment for contingency backup and archiving purposes. Your cloud provider is changing its business model at the end of your contract term, and you have to find a new provider. In choosing providers, which tier of the Uptime Institute rating system should you be looking for, if minimizing cost is your ultimate goal?
You are the security manager for a small retail business involved mainly in direct e-commerce transactions with individual customers (members of the public). The bulk of your market is in Asia, but you do fulfill orders globally. Your company has its own data center located within its headquarters building in Hong Kong, but it also uses a public cloud environment for contingency backup and archiving purposes. Your cloud provider is changing its business model at the end of your contract term, and you have to find a new provider. In choosing providers, which of the following functionalities will you consider absolutely essential?
You are the security manager for a small retail business involved mainly in direct e-commerce transactions with individual customers (members of the public). The bulk of your market is in Asia, but you do fulfill orders globally. Your company has its own data center located within its headquarters building in Hong Kong, but it also uses a public cloud environment for contingency backup and archiving purposes. Which of the following standards are you most likely to adopt?
You are the security manager for a small retail business involved mainly in direct e-commerce transactions with individual customers (members of the public). The bulk of your market is in Asia, but you do fulfill orders globally. Your company has its own data center located within its headquarters building in Hong Kong, but it also uses a public cloud environment for contingency backup and archiving purposes. Your company has decided to expand its business to include selling and monitoring life-support equipment for medical providers. What characteristic do you need to ensure is offered by your cloud provider?
When designing a cloud data center, which of the following aspects is not necessary to ensure continuity of operations during contingency operations?
You are the security manager for a small surgical center. Your organization is reviewing upgrade options for its current, on-premises data center. In order to best meet your needs, which one of the following options would you recommend to senior management?
When building a new data center within an urban environment, which of the following is probably the most restrictive aspect?
When you are building a new data center in a rural setting, which of the following is probably the most restrictive aspect?
All tiers of the Uptime Institute standards for data centers require _______________ hours of on-site generator fuel.
The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) guidelines for internal environmental conditions within a data center suggest that a temperature setting of _______________ degrees (F) would be too high.
Internal data center conditions that exceed the American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) guidelines for humidity could lead to an increase of the potential for all of the following except _______________.
Setting thermostat controls by measuring the _______________ temperature will result in the highest energy costs.
Heating, ventilation, and air conditioning (HVAC) systems cool the data center by pushing warm air into _______________.
It is important to include _______________ in the design of underfloor plenums if they are also used for wiring.
Cable management includes all of the following except _______________.
How often should cable management efforts take place?
You are designing a private cloud data center for an insurance underwriter, to be located in a major metropolitan area. Which of the following airflow management schemes is preferable?
Which of the following factors will probably have the most impact on the cost of running your heating, ventilation, and air conditioning (HVAC) systems?
You are designing a Tier 4 data center for a large hospital. In order to plan for the possibility of losing utility power, in addition to having sufficient generators, you should plan to locate the data center _______________.
Because most cloud environments rely heavily on virtualization, it is important to lock down or harden the virtualization software, or any software involved in virtualization. Which of the following is not an element of hardening software?
Which of the following is not an aspect of host hardening?
Which of the following is not an element of ongoing configuration maintenance?
Storage controllers will be used in conjunction with all the following protocols except _______________.
Which of these characteristics of a virtualized network adds risks to the cloud environment?
Security best practices in a virtualized network environment would include which of the following?
In order to enhance virtual environment isolation and security, a best practice is to _______________.
Which of the following is a risk that stems from a virtualized environment?
Which of the following is a risk that stems from a pooled-resources environment?
Modern managed cloud service providers will often use secure keyboard/video/mouse (KVM) devices within their data centers. These devices are extremely expensive compared to their non-secured counterparts. Which of the following is one of the reasons cloud service providers do this?
The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) guidelines for internal environmental conditions within a data center suggest that a temperature setting of _______________ degrees (F) would be too low.
Modern managed cloud service providers will often use secure keyboard/video/mouse (KVM) devices within their data centers. These devices are extremely expensive compared to their non-secured counterparts. Which of the following is one of the reasons cloud service providers do this?
A truly air-gapped machine selector will _______________.
Which of the following cloud data center functions do not have to be performed on isolated networks?
Which of the following is not a characteristic of a virtual local area network (VLAN)?
In order for communications from inside a virtual local area network (VLAN) to reach endpoints outside the VLAN, _______________.
Transport Layer Security (TLS) uses _______________ to authenticate a connection and create a shared secret for the duration of the session.
Halon is now illegal to use for data center fire suppression. What is the reason it was outlawed?
When cloud computing professionals use the term ping, power, pipe, which of the following characteristics is not being described?
Which of the following is not a goal of a site survey?
Designing system redundancy into a cloud data center allows all the following capabilities except _______________.
Gaseous fire suppression systems that function by displacing oxygen need to be installed in conjunction with _______________.
What aspect of data center planning occurs first?
Which of the following are not examples of personnel controls?
Updating virtual machine management tools will require _______________.
Access control to virtualization management tools should be _______________.
Before deploying a specific brand of virtualization toolset, it is important to configure it according to _______________.
Which of the following is essential for getting full security value from your system baseline?
Which of the following is essential for getting full security value from your system baseline?
Patching can be viewed as a configuration modification and therefore subject to the organization’s configuration management program and methods. What may also be an aspect of patching in terms of configuration management?
Clustering hosts allows you to do all the following except _______________.
Which of the following is not a way to apportion resources in a pooled environment?
A loosely coupled storage cluster will have performance and capacity limitations based on the _______________.
When putting a system into maintenance mode, it’s important to do all of the following except _______________.
Typically, a cloud customer seeking stand-alone hosting will expect all of the following except _______________.
Methods for achieving “high availability” cloud environments include all of the following except _______________.
You are in charge of a cloud migration for your organization. You anticipate attack traffic from various sources, each using a variety of both automated and manual intrusion techniques. In order to deter novel attacks used only against your organization, you would be wise to employ firewalls that use _______________ to detect threats.
Firewalls can be included in all the following aspects of a cloud environment except _______________.
A honeypot can be used for all the following purposes except _______________.
Which of the following should honeypots contain?
Because all cloud access is remote access, contact between users and the environment should include all of the following except _______________.
Most attacks that overcome encryption protections exploit _______________.
Administrators and engineers who work for cloud service providers will have a significant amount of control over multiple customer environments and therefore pose a severe risk. Which of the following is not a technique used to mitigate this level of increased risk from privileged users in the cloud data center?
Which of these is a vital action to determine whether the business continuity and disaster recovery (BC/DR) effort has a chance of being successful?
Patches do all the following except _______________.
When applying patches, it is necessary to do all of the following except _______________.
Which of the following is a risk associated with automated patching?
Which of the following is a risk associated with automated patching, especially in the cloud?
Which of the following is a risk associated with automated patching, especially in the cloud?
Which of the following is a risk associated with manual patching, especially in the cloud?
Which of the following is a risk associated with manual patching especially in the cloud?
You are the security manager for an organization that uses the cloud for its production environment. According to your contract with the cloud provider, your organization is responsible for patching. A new patch is issued by one of your vendors. You decide not to apply it immediately for fear of interoperability problems. What additional risk are you accepting?
You are the security manager for an organization that uses the cloud for its production environment. According to your contract with the cloud provider, your organization is responsible for patching. A new patch is issued by one of your vendors. You decide not to apply it immediately for fear of interoperability problems. Who may impose penalties on your organization for this decision if the vulnerability is exploited?
Which of the following aspects of a cloud environment is most likely to add risk to the patch management process?
Which type of web application monitoring most closely measures actual activity?
When using real-user monitoring (RUM) for web application activity analysis, which of the following do you need to take into account?
Synthetic performance monitoring may be preferable to real-user monitoring (RUM) because _______________.
You are the security manager for an organization with a cloud-based production environment. You are tasked with setting up the event monitoring and logging systems. In your jurisdiction, private entities are allowed to monitor all activity involving their systems, without exception. Which of the following best describes a logging scheme you would recommend?
Who should be performing log review?
Which of these subsystems is probably most important for acquiring useful log information?
A SIEM (security information and event management) system does not eliminate the need for human participation in _______________.
Log data should be protected _______________.
Risk is usually viewed with consideration for all the following elements except _______________.
Risk management entails evaluating all of the following except _______________.
Impact resulting from risk being realized is often measured in terms of _______________.
You are the security officer for a small nonprofit organization. You are tasked with performing a risk assessment for your organization; you have one month to complete it. The IT personnel you work with have been with the organization for many years and have built the systems and infrastructure from the ground up. They have little training and experience in the field of risk. Which type of risk assessment would you choose to conduct?
Which of the following is most useful in determining the single loss expectancy (SLE) of an asset?
Which of the following will likely best help you predict the annualized rate of occurrence (ARO) of a specific loss?
Which of the following has the most effect on exposure factor (EF)?
You are a consultant, performing an external security review on a large manufacturing firm. You determine that its newest assembly plant, which cost $24 million, could be completely destroyed by a fire but that a fire suppression system could effectively protect the plant. The fire suppression system costs $15 million. An insurance policy that would cover the full replacement cost of the plant costs $1 million per month. What is the annual rate of occurrence (ARO) in this scenario?
You are a consultant performing an external security review on a large manufacturing firm. You determine that its newest assembly plant, which cost $24 million, could be completely destroyed by a fire but that a fire suppression system could effectively protect the plant. The fire suppression system costs $15 million. An insurance policy that would cover the full replacement cost of the plant costs $1 million per month. What would you recommend?
You are a consultant performing an external security review on a large manufacturing firm. You determine that its newest assembly plant, which cost $24 million, could be completely destroyed by a fire but that a fire suppression system could effectively protect the plant. The fire suppression system costs $15 million. An insurance policy that would cover the full replacement cost of the plant costs $1 million per month. In order to establish the true annualized loss expectancy (ALE), you would need all of the following information except _______________.
You are a consultant performing an external security review on a large manufacturing firm. You determine that its newest assembly plant, which cost $24 million, could be completely destroyed by a fire but that a fire suppression system could effectively protect the plant. The fire suppression system costs $15 million. An insurance policy that would cover the full replacement cost of the plant costs $1 million per month. The plant generates $2 million of revenue each month. The time to rebuild the plant at the current location is six months. What should you recommend?
Risk mitigation must always also entail which other method of addressing risk?
Which of the following poses a secondary risk?
Which of the following is not true about risk mitigation?
Which of the following is not true about risk mitigation?
Which comes first?
The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) is required for federal agencies in the United States. Which of the following is not a characteristic of the RMF?
Symmetric encryption involves _______________.
Symmetric encryption involves _______________.
3.22.71.106