1. The Cloud Security Alliance STAR Registry is used for which of the following purposes?


2. SLA’s may limit a client’s ability to collect large volumes of data quickly and in a forensically sound manner.


3. Which of the following statement about CSA s CCM and Security Guidance is not true?


4. How will you ensure that you have provided sufficient encryption protection to your data in the cloud?


5. In which phase of the application design and development process, the focus is on architecture?


6. Which of the following is true about the pass-through audit which is a form of compliance inheritance?


7. When it comes to securing the management plane, how are access identification, authentication, and authorization implemented?


8. When entrusting a third party to process the data on its behalf, who remains responsible for the collection and processing of the data?


9. Identity and Access Management (IAM) includes which of the following?


10. Logs, documentation, and other materials that are needed for audits and compliance and are used as evidence to support compliance activities are called as-


11. Which of the following statements regarding risk transfer is not true?


12. What is the role of the Scope Applicability column in the CCM?


13. Which of the following is the most commonly used application programming interface?


14. How can a single administrator access multiple service administrator accounts with just the privileges they need for that particular action?


15. In which of the following service models cloud consumer may only be able to manage authorization and entitlements?


16. Which of the following statement is true for orchestration?


17. Which of the following WAN virtualization technology is used to create networks which span multiple base networks?


18. Which plane is used by consumers to launch virtual machines or configuring virtual networks?


19. Attestations and certifications are activities that will be valid at any future point in time and providers must keep any published results readily available for quick reference.


20. All services from a particular provider meet the same audit/assessment standards.


21. Dedicated or private tenancy model is not possible in a cloud environment.


22. Which of the following is an underlying vulnerability related to loss of Governance?


23. Which of the following is not one of the five key legal issues common across all scenarios?


24. Which of the following leverages virtual network topologies to run smaller, and more isolated networks without incurring additional hardware costs?


25. The nature of contracts with cloud providers will often preclude things like on-premises audits. What options does the customer have in this situation?


26. Which communication method is used by customers to access database information using a web console?


27. Cloud user does not require special permission to perform vulnerability assessment on its environment in cloud.


28. Which of the following is among the top security benefits?


29. Which of the following allows you to create an infrastructure template to configure all or some aspects of a cloud deployment?


30. The main difference between traditional virtualization and cloud computing and is abstraction.


31. The following list of controls belongs to which domain of the CCM?
GRM 04 – Management Program
GRM 05 – Support / Involvement
GRM 06 – Policy
GRM 07 – Policy Enforcement


32. Which of the following is a key tool in enabling and enforcing separation and isolation in multi-tenancy environment?


33. In which type of environment it is impractical to allow clients to conduct their own audits?


34. PaaS needs to be built on top of IaaS and it cannot be a custom designed stand-alone architecture


35. If an attacker gets into your management plane, they have full remote access to your entire cloud environment.


36. CCM: The CCM provides an anchor-point and common language for balanced measurement of security and compliance postures.

With CCM all supply chain parties can speak the same language ?


37. Which of the following reflects the claim of an individual to have certain data deleted so that third persons can no longer trace them?


38. Which of the following is a cloud infrastructure that is shared by several organizations and supports a specific group that has shared concerns?


39. In which of the five main phases of secure application design and development, you perform Threat Modelling?


40. Which of the following statement regarding service administrator account is not true?


41. Which of the following describes the cloud management plane?


42. Which of the following can the cloud provider implement to mitigate the credential compromise or theft?


43. Which of the following tools lists cloud security controls and maps them to multiple security and compliance standards. ?


44. Which process is used to determine and defend the applications from any weakness before they are introduced into production?


45. Which of the following is a key area of control for the cloud provider network architecture?


46. The data and information like content in database or file storage are part of which layer of Logical Model?


47. Business Continuity and Disaster Recovery is not a shared responsibility and the cloud user is completely responsible for it.


48. Who manages the web console which is one of the ways the management plane is delivered?


49. The management plane controls and configures which of the following:


50. CCM: How many Domains and Controls are in CCM V.3.0.1?


51. In the United States, a party is obligated to take reasonable steps to prevent the destruction or modification of data in its possession that it knows, is relevant to pending litigation or government investigation.


52. How can web security as a service be offered to the cloud customer?


53. The key difference between cloud and traditional computing is the infrastructure.


54. Which of the following statements regarding SDN (Software Defined Networking) is not true?


55. Which of the following governance domain focuses on proper and adequate incident detection, response, notification and remediation?


56. Which of the following tools provide a standard template for cloud providers to document their security and compliance controls?


57. Cloud service providers leverage which of the following to manage costs and enable capabilities?


58. Which of the following is an important consideration in management plane usage?


59. All assets in the cloud require same business continuity.


60. Which of the following is not one of the benefits of Cloud Computing?


Question 1 of 60