- web.groovymark@gmail.com
- November 28, 2024
Question 41
Which technology is used to prevent unauthorized devices from accessing a cloud network?
A. VPN
B. NAC
C. IDS
D. WAF
Correct Answer: B. NAC
Explanation: Network Access Control (NAC) prevents unauthorized devices from accessing a cloud network. VPN secures remote access, IDS detects unauthorized access, and WAF protects web applications.
Question 42
What is the primary purpose of a sandbox in cloud security?
A. Encrypting sensitive data
B. Isolating environments for testing and development
C. Managing access control
D. Ensuring compliance with regulations
Correct Answer: B. Isolating environments for testing and development
Explanation: A sandbox isolates environments for testing and development to prevent potential security issues from affecting production systems. Encryption, access control, and compliance are handled by other controls.
Question 43
. Which risk management process involves evaluating the impact and likelihood of risks in a cloud environment?
A. Risk Transference
B. Risk Mitigation
C. Risk Assessment
D. Risk Acceptance
Correct Answer: C. Risk Assessment
Explanation: Risk Assessment involves evaluating the impact and likelihood of risks in a cloud environment. Risk Transference, Mitigation, and Acceptance are strategies for managing risks after assessment.
Question 44
Which type of encryption is most commonly used to secure data during its transmission over the internet?
A. Disk Encryption
B. Homomorphic Encryption
C. SSL/TLS
D. Symmetric Encryption
Correct Answer: C. SSL/TLS
Explanation: SSL/TLS is commonly used to encrypt data during transmission over the internet. Disk Encryption protects data at rest, Homomorphic Encryption allows data processing while encrypted, and Symmetric Encryption is a general encryption method.
Question 45
What is the role of Multi-Factor Authentication (MFA) in cloud security?
A. Managing system performance
B. Encrypting data at rest
C. Preventing unauthorized access
D. Monitoring network traffic
Correct Answer: C. Preventing unauthorized access
Explanation: MFA helps prevent unauthorized access by requiring multiple forms of verification. Performance management, data encryption, and network traffic monitoring are separate controls.
Question 46
Which type of risk analysis ranks risks based on subjective factors such as impact and likelihood?
A. Quantitative Risk Analysis
B. Qualitative Risk Analysis
C. Scenario Analysis
D. Business Impact Analysis
Correct Answer: B. Qualitative Risk Analysis
Explanation: Qualitative Risk Analysis ranks risks based on subjective factors like impact and likelihood. Quantitative Risk Analysis uses numerical estimates, Scenario Analysis explores different risk scenarios, and Business Impact Analysis assesses the impact on business function
Question 47
Which regulation in the U.S. requires financial institutions to protect customer data?
A. HIPAA
B. GDPR
C. GLBA
D. SOX
Correct Answer: C. GLBA
Explanation: The Gramm-Leach-Bliley Act (GLBA) requires U.S. financial institutions to protect customer data. HIPAA governs healthcare data, GDPR protects personal data in the EU, and SOX focuses on corporate governance.
Question 48
Which cloud computing service model provides the customer with control over the operating system but not the hardware?
A. SaaS
B. PaaS
C. IaaS
D. Public Cloud
Correct Answer: C. IaaS
Explanation: IaaS (Infrastructure as a Service) allows the customer to control the operating system but not the underlying hardware. SaaS and PaaS offer more managed services, while Public Cloud is a deployment model.
Question 49
What does the principle of Data Minimization under GDPR require organizations to do?
A. Ensure data accuracy
B. Encrypt all personal data
C. Collect only necessary data
D. Notify individuals in the event of a breach
Correct Answer: C. Collect only necessary data
Explanation: Data Minimization requires organizations to collect only the data necessary for specific purposes. Accuracy, encryption, and breach notification are governed by other GDPR principles.
Question 50
Which risk management strategy involves reducing the likelihood or impact of a risk through security controls?
A. Risk Acceptance
B. Risk Mitigation
C. Risk Avoidance
D. Risk Transference
Correct Answer: B. Risk Mitigation
Explanation: Risk Mitigation involves reducing the likelihood or impact of a risk through security controls. Risk Acceptance involves tolerating the risk, Risk Avoidance eliminates the risk, and Risk Transference shifts it to another party.