1. Which of the following is a preferred model for cloud-based access management?


2. Exiting from an activity giving rise to more risk is called as?


3. Role-Based Access Control (RBAC) model for IAM offers greater flexibility and security than the Attribute-Based Access Control (ABAC) model.


4. ENISA: Which of the following is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data?


5. ENISA: The risks identified can be classified into which of the following three categories?


6. Which of the following statement related to direct “lift and shift” of existing application to a cloud environment is true?


7. Virtualization security in cloud computing is the responsibility of cloud provider.


8. Which of the following defines the amount of risk that the leadership and stakeholders of an organization are willing to accept?


9. In addition to providing better server utilization, and data center consolidation, virtualization also reduces the security threats significantly.


10. Which of the following best describes the data protection when it moves to the cloud?


11. Which of the following ensures that the consumers only use what they are allotted, and are charged for it?


12. Inability to provide sufficient capacity to a customer can lead to which of the following?


13. Why Hardware Security Modules (HSM) are difficult to distribute in multiple locations used in cloud architectures?


14. Resource pooling practiced by the cloud services may especially complicate which part of the IR process?


15. Which of the following characteristics of cloud allows a consumer to unilaterally provision computing capabilities such server time and network storage as needed?


16. As per GDPR company must report the breach in what amount of time?


17. If a cloud service provider receives a request to provide client information in the form of a subpoena or a court order, how can client have the ability to fight the request?


18. Which of the following is one of the challenges of application security in a cloud environment?


19. Installing traditional agents designed for physical servers will not result in the same amount of efficiency and performance on a virtualized server.


20. Which of the following clauses in the agreement between customer and cloud provider can provide customers in highly regulated industries with the required information?


21. Which of the following statements regarding cloud platform architecture is true?


22. Which of the following encryption will be used when object storage is used as the back-end for an application?


23. How can you prevent cloud providers from inappropriately accessing customer data?


24. Which technique is used in the cloud to coordinate carving out and delivering a set of resources from the pools to the consumers?


25. Which of the following regarding customer managed keys is true?


26. Which of the following frameworks is used in the industry to describe a series of security activities during all phases of application development, deployment, and operations?


27. Which of the following is one of the most common open standards to enable federation in the cloud?


28. Which of the following is the most obvious form of provider lock-in?


29. Which of the following is a permission to do something like access a file, network, or perform a certain function like an API call on a particular resource?


30. ENISA: Password-based authentication should be sufficient for accessing cloud resources.


31. Containers provide full security isolation and task segregation.


32. CSA’s Software Defined Perimeter includes:


33. You do not trust your SaaS provider and have chosen to encrypt all of your data. Which of the following is true is this situation?


34. Which of the following encryption methods is utilized when object storage is used as the back-end for an application?


35. ENISA: The lack of use of standards technologies and solutions by the cloud provider may lead to-


36. Which of the following essential characteristics of a cloud allows customers to closely match resource consumption with demand?


37. Which of the following gives the customers ability to audit the cloud provider?


38. Which of the following statements regarding SDN (Software Defined Networking) is not true?


39. Which of the following comes immediately after the data creation in the data security lifecycle?


40. ENISA: Lock-in is under which category of risk?


41. Which of the following is the most important aspects of incident response for cloud-based resources?


42. Private Cloud operated solely for a single organization can be located at-


43. ENISA: Which of the following statement is true regarding the risk of natural disasters in cloud?


44. CI/CD pipelines can enhance security through support of which of the following?


45. Cloud based Web Application Firewalls (WAFs) also include anti-DDoS capabilities.


46. Which of the following is a responsibility of a cloud user?


47. Which of the following are the most commonly seen networks that are isolated onto dedicated hardware since there is no functional or traffic overlap?


48. ENISA: Whose responsibility is it to choose a data processor that provides sufficient guarantees with respect to the technical security measures and organisational measures governing the processing to be carried out, and ensuring compliance with those measures?


49. In a multi-tenant environment, if customers can access and modify each other’s assets which of the following has caused this issue?


50. Which of the following will not prevent you from moving unapproved data to cloud services?


51. “Cloud Provider Acquisition” is which form of risk?


52. Which of the following provides “Storage as a Service” as a sub-offering?


53. Infrastructure in the cloud cannot be defined and implemented through templates and automation.


54. In Federation which party makes assertions to which party?


55. Customers should view cloud services and security as –


56. Which of the following includes all the documentation on a provider’s internal and external compliance assessments?


57. Which of the following encrypts and prevents the unauthorized copying or changing of the content?


58. For which of the following SecaaS concerns, providers should be held to the highest standards of multi-tenant isolation and segregation?


59. The most fundamental security control for any multi-tenant network is-


60. Point-in-time activities like compliance, audit, and assurance should be conducted by cloud providers to avoid creating any gaps, and thus exposures, for their customers.


Question 1 of 60