Mock-Test Window

1 :-

CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients. Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s cloud service?

The Ccm Columns Are Mapped To Hipaa/hitech Act And Therefore Health4sure Could Verify The Ccm Controls Already Covered Ad A Result Of Their Compliance With Hippa/hitech Act. They Could Then Assess The Remaining Controls. This Approach Will Save Time. The Ccm Domain Controls Are Mapped To Hipaa/hitech Act And Therefore Health4sure Could Verify The Ccm Controls Already Covered As A Result Of Their Compliance With Hippa/hitech Act. They Could Then Assess The Remaining Controls Thoroughly. This Approach Saves Time While Being Able To Assess The Company’s Overall Security Posture In An Efficient Manner. The Ccm Domains Are Not Mapped To Hipaa/hitech Act. Therefore Health4sure Should Assess The Security Posture Of Their Cloud Service Against Each And Every Control In The Ccm. This Approach Will Allow A Thorough Assessment Of The Security Posture.

2 :-

What is true of searching data across cloud environments?

You Might Not Have The Ability Or Administrative Rights To Search Or Access All Hosted Data. The Cloud Provider Must Conduct The Search With The Full Administrative Controls. All Cloud-hosted Email Accounts Are Easily Searchable Search And Discovery Time Is Always Factored Into A Contract Between The Consumer And Provider You Can Easily Search Across Your Environment Using Any E-discovery Tool.

3 :-

Your cloud and on-premises infrastructures should always use the same network address ranges.

True False

4 :-

APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

False True

5 :-

An important consideration when performing a remote vulnerability test of a cloud-based application is to

Obtain Provider Permission For Test Use Techniques To Evade Cloud Provider’s Detection Systems Use Application Layer Testing Tools Exclusively Use Network Layer Testing Tools Exclusively Schedule Vulnerability Test At Night

6 :-

What is defined as the process by which an opposing party may obtain private documents for use in litigation?

Discovery Custody Subpoena Risk Assessment Scope

7 :-

A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

An Entitlement Matrix A Support Table An Entry Log A Validation Process An Access Log

8 :-

In volume storage, what method is often used to support resiliency and security ?

Proxy Encryption Data Rights Management Hypervisor Agents Data Dispersion Random Placement

9 :-

Network logs from cloud providers are typically flow records, not full packet captures.

True False

10 :-

Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

Infrastructure Datastructure Infostructure Applistructure Metastructure

11 :-

Which statement best describes the impact of Cloud Computing on business continuity management?

A General Lack Of Interoperability Standards Means That Extra Focus Must Be Placed On The Security Aspects Of Migration Between Cloud Providers. The Size Of Data Sets Hosted At A Cloud Provider Can Present Challenges If Migration To Another Provider Becomes Necessary Customers Of Saas Providers In Particular Need To Mitigate The Risks Of Application Lock-in. Clients Need To Do Business Continuity Planning Due Diligence In Case They Suddenly Need To Switch Providers. Geographic Redundancy Ensures That Cloud Providers Provide Highly Available Services.

12 :-

What is known as a code execution environment running within an operating system that shares and uses the resources of the operating system?

Platform-based Workload Pod Abstraction Container Virtual Machine

13 :-

CCM: The following list of controls belong to which domain of the CCM?

GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework

Governance And Retention Management Governance And Risk Management Governing And Risk Metrics

14 :-

Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?

Inspect And Account For Risks Inherited From Other Members Of The Cloud Supply Chain And Take Active Measures To Mitigate And Contain Risks Through Operational Resiliency. Respect The Interdependency Of The Risks Inherent In The Cloud Supply Chain And Communicate The Corporate Risk Posture And Readiness To Consumers And Dependent Parties. Negotiate Long-term Contracts With Companies Who Use Well-vetted Software Application To Avoid The Transient Nature Of The Cloud Environment. Provide Transparency To Stakeholders And Shareholders Demonstrating Fiscal Solvency And Organizational Transparency. Both B And C.

15 :-

If there are gaps in network logging data, what can you do?

Nothing. There Are Simply Limitations Around The Data That Can Be Logged In The Cloud Ask The Cloud Provider To Open More Ports. You Can Instrument The Technology Stack With Your Own Logging. Ask The Cloud Provider To Close More Ports. Nothing. The Cloud Provider Must Make The Information Available.

16 :-

How does running applications on distinct virtual networks and only connecting networks as needed help?

It Reduces Hardware Costs It Provides Dynamic And Granular Policies With Less Management Overhead It Locks Down Access And Provides Stronger Data Security It Reduces The Blast Radius Of A Compromised System It Enables You To Configure Applications Around Business Groups

17 :-

Big data includes high volume, high variety, and high velocity.

True False

18 :-

Which concept provides the abstraction needed for resource pools?

Virtualization Applistructure Hypervisor Metastructure Orchestration

19 :-

ENISA: “VM hopping” is:

Improper Management Of Vm Instances Causing Customer Vms To Be Commingled With Other Customer Systems. Looping Within Virtualized Routing Systems. Lack Of Vulnerability Management Standards. Using A Compromised Vm To Exploit A Hypervisor Used To Take Control Of Other Vms Instability In Vm Patch Management Causing Vm Routing Errors.

20 :-

Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

Platform-as-a-service (paas) Desktop-as-a-service (daas) Infrastructure-as-a-service (iaas) Identity-as-a-service (idaas) Software-as-a-service (saas)

Certificate of cloud security knowledge version 1.0 Quiz

🏅