- web.groovymark@gmail.com
- November 29, 2024
Question 21
Which international standard provides guidelines for managing information security risks in cloud environments?
A. ISO/IEC 27001
B. ISO/IEC 27005
C. ISO/IEC 27018
D. PCI DSS
Correct Answer: B. ISO/IEC 27005
Explanation: ISO/IEC 27005 provides guidelines for managing information security risks, including in cloud environments. ISO/IEC 27001 focuses on information security management systems, ISO/IEC 27018 is for protecting personal data in the cloud, and PCI DSS is for payment card security.
Question 22
Which security measure is most effective at preventing unauthorized access to sensitive data in a cloud environment?
A. Firewalls
B. Access Control Lists (ACLs)
C. Multi-Factor Authentication (MFA)
D. Data Masking
Correct Answer: C. Multi-Factor Authentication (MFA)
Explanation: Multi-Factor Authentication (MFA) is highly effective at preventing unauthorized access by requiring multiple forms of verification. Firewalls and ACLs control network access, and Data Masking protects data in use.
Question 23
Which operational process ensures cloud services can recover quickly after a disruption?
A. Disaster Recovery
B. Problem Management
C. Incident Management
D. Capacity Management
Correct Answer: A. Disaster Recovery
Explanation: Disaster Recovery focuses on restoring cloud services quickly after a disruption. Problem Management identifies root causes, Incident Management resolves incidents, and Capacity Management ensures resources meet demand.
Question 24
Which type of risk analysis calculates the potential financial loss associated with a specific risk?
A. Qualitative Risk Analysis
B. Quantitative Risk Analysis
C. Business Impact Analysis (BIA)
D. Scenario Analysis
Correct Answer: B. Quantitative Risk Analysis
Explanation: Quantitative Risk Analysis calculates the potential financial loss associated with a specific risk. Qualitative Risk Analysis ranks risks by severity, and Scenario Analysis evaluates various risk scenarios.
Question 25
Which U.S. law requires financial institutions to develop information security plans to protect customer data?
A. Gramm-Leach-Bliley Act (GLBA)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. California Consumer Privacy Act (CCPA)
Correct Answer: A. Gramm-Leach-Bliley Act (GLBA)
Explanation: The GLBA requires financial institutions to develop information security plans to protect customer data. SOX addresses corporate governance, HIPAA focuses on healthcare, and CCPA protects consumer privacy in California.
Question 26
Which security control is designed to detect and respond to unauthorized access attempts in a cloud environment?
A. Intrusion Detection System (IDS)
B. Firewalls
C. Encryption
D. Multi-Factor Authentication (MFA)
Correct Answer: A. Intrusion Detection System (IDS)
Explanation: An IDS detects unauthorized access attempts and alerts administrators. Firewalls block unauthorized access, Encryption protects data, and MFA strengthens access controls.
Question 27
Which cloud operational activity involves automating the scaling of cloud resources based on demand?
A. Load Balancing
B. Auto-Scaling
C. Continuous Integration/Continuous Deployment (CI/CD)
D. Backup and Restore
Correct Answer: B. Auto-Scaling
Explanation: Auto-Scaling automatically adjusts cloud resources based on demand. Load Balancing distributes traffic, CI/CD automates software deployment, and Backup and Restore manage data protection.
Question 28
Which document tracks identified risks, including their severity and mitigation strategies?
A. Risk Appetite Statement
B. Risk Register
C. Business Continuity Plan
D. Incident Response Plan
Correct Answer: B. Risk Register
Explanation: A Risk Register tracks all identified risks, including severity, potential impact, and mitigation strategies. The Risk Appetite Statement defines acceptable levels of risk, and the Business Continuity Plan and Incident Response Plan address disruptions and incidents.
Question 29
Which of the following principles under GDPR ensures personal data is processed fairly, lawfully, and transparently?
A. Integrity and Confidentiality
B. Lawfulness, Fairness, and Transparency
C. Data Minimization
D. Purpose Limitation
Correct Answer: B. Lawfulness, Fairness, and Transparency
Explanation: GDPR's Lawfulness, Fairness, and Transparency principle ensures personal data is processed fairly, lawfully, and transparently. Integrity and Confidentiality protect data, Data Minimization limits data collection, and Purpose Limitation specifies data use.
Question 30
Which of the following cloud security measures involves creating an isolated environment for testing and development?
A. Sandbox
B. Encryption
C. Multi-Factor Authentication (MFA)
D. Virtual Private Network (VPN)
Correct Answer: A. Sandbox
Explanation: A Sandbox creates an isolated environment for testing and development, protecting production systems from potential security issues. Encryption secures data, MFA strengthens access controls, and VPNs secure network communications.
Question 31
Which operational activity involves continuously monitoring security events and detecting incidents?
A. Security Information and Event Management (SIEM)
B. Incident Management
C. Disaster Recovery
D. Configuration Management
Correct Answer: A. Security Information and Event Management (SIEM)
Explanation: SIEM continuously monitors and analyzes security events to detect and respond to incidents. Incident Management addresses immediate incidents, Disaster Recovery restores services, and Configuration Management ensures systems are properly configured.
Question 32
Which risk analysis evaluates how specific risks could impact business operations under various scenarios?
A. Scenario Analysis
B. Business Impact Analysis (BIA)
C. Risk Mitigation
D. Risk Transference
Correct Answer: A. Scenario Analysis
Explanation: Scenario Analysis evaluates how specific risks could impact business operations by considering different potential scenarios. BIA assesses overall business impact, Risk Mitigation reduces risks, and Risk Transference shifts risks to another party.
Question 33
Which U.S. regulation requires organizations to implement security controls to protect electronic health records (EHRs)?
A. Gramm-Leach-Bliley Act (GLBA)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. General Data Protection Regulation (GDPR)
Correct Answer: C. Health Insurance Portability and Accountability Act (HIPAA)
Explanation: HIPAA requires organizations to implement security controls to protect electronic health records (EHRs). GLBA and SOX address financial information, and GDPR governs personal data protection in the EU.
Question 34
Which security technology ensures that only authorized devices can connect to a cloud network?
A. Network Access Control (NAC)
B. Virtual Private Network (VPN)
C. Web Application Firewall (WAF)
D. Intrusion Detection System (IDS)
Correct Answer: A. Network Access Control (NAC)
Explanation: NAC ensures only authorized devices can connect to a network by enforcing security policies. VPN secures remote access, WAF protects web applications, and IDS detects unauthorized access.
Question 35
Which process ensures that cloud resources are regularly reviewed and adjusted for optimal performance and cost-efficiency?
A. Capacity Management
B. Incident Management
C. Change Management
D. Service Level Management
Correct Answer: A. Capacity Management
Explanation: Capacity Management involves regularly reviewing and adjusting cloud resources to ensure optimal performance and cost-efficiency. Change Management oversees modifications, Incident Management addresses issues, and Service Level Management focuses on meeting SLAs.
Question 36
Which risk management strategy involves accepting the potential consequences of a risk without mitigation or transfer?
A. Risk Avoidance
B. Risk Mitigation
C. Risk Transference
D. Risk Acceptance
Correct Answer: D. Risk Acceptance
Explanation: Risk Acceptance involves taking no action to mitigate or transfer a risk and choosing to accept the potential consequences. Risk Avoidance eliminates the risk, Risk Mitigation reduces it, and Risk Transference shifts it to another party.
Question 37
Which regulation or standard is specifically designed to protect the privacy and security of health information in the U.S.?
A. Sarbanes-Oxley Act (SOX)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Payment Card Industry Data Security Standard (PCI DSS)
Correct Answer: B. Health Insurance Portability and Accountability Act (HIPAA)
Explanation: HIPAA protects the privacy and security of health information in the U.S. SOX focuses on financial transparency, GDPR on personal data in the EU, and PCI DSS on payment card security.
Question 38
Which of the following is a common security measure used to protect cloud APIs from unauthorized access and attacks?
A. API Gateway
B. Encryption
C. Data Masking
D. Biometric Authentication
Correct Answer: A. API Gateway
Explanation: An API Gateway protects cloud APIs from unauthorized access and attacks by enforcing security policies and managing API traffic. Encryption protects data, Data Masking obscures sensitive information, and Biometric Authentication secures user access.
Question 39
Which cloud operational activity involves the documentation and tracking of changes to cloud infrastructure and applications?
A. Change Management
B. Incident Management
C. Problem Management
D. Capacity Management
Correct Answer: A. Change Management
Explanation: Change Management involves documenting and tracking changes to cloud infrastructure and applications to ensure that they are implemented in a controlled manner. Incident Management addresses immediate issues, Problem Management identifies root causes, and Capacity Management optimizes resource use.
Question 40
Which risk response strategy is most appropriate when an organization decides to insure against potential losses from a cyberattack?
A. Risk Mitigation
B. Risk Transference
C. Risk Acceptance
D. Risk Avoidance
Correct Answer: B. Risk Transference
Explanation: Risk Transference is appropriate when an organization insures against potential losses, effectively shifting the financial risk to the insurance provider. Risk Mitigation reduces the risk, Risk Acceptance involves bearing the risk, and Risk Avoidance eliminates it.