CCSP : Certified Cloud Security Professional (CCSP) : Part 14

CCSP : Certified Cloud Security Professional (CCSP) : Part 14

1. Many aspects and features of cloud computing can make eDiscovery compliance more difficult or costly.

   Which aspect of cloud computing would be the MOST complicating factor?

   • Measured service
   • Broad network access
   • Multitenancy
   • Portability

   Explanation:
   With multitenancy, multiple customers share the same physical hardware and systems. With the nature of a cloud environment and how it writes data across diverse systems that are shared by others, the process of eDiscovery becomes much more complicated. Administrators cannot pull physical drives or easily isolate which data to capture. They not only have to focus on which data they need to collect, while ensuring they find all of it, but they also have to make sure that other data is not accidently collected and exposed along with it. Measured service is the aspect of a cloud where customers only pay for the services they are actually using, and for the duration of their use. Portability refers to the ease with which an application or service can be moved among different cloud providers. Broad network access refers to the nature of cloud services being accessed via the public Internet, either with or without secure tunneling technologies. None of these concepts would pertain to eDiscovery.

2. A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it’s best to lease space in a data center or build your own data center–and now with cloud computing, whether to purchase resources within a cloud.

   What is the biggest advantage to leasing space in a data center versus procuring cloud services?

   • Regulations
   • Control
   • Security
   • Costs
   Explanation:
   When leasing space in a data center versus utilizing cloud services, a customer has a much greater control over its systems and services, from both the hardware/software perspective and the operational management perspective. Costs, regulations, and security are all prime considerations regardless of the hosting type selected. Although regulations will be the same in either hosting solution, in most instances, costs and security will be greater factors with leased space.

3. Which of the following systems is used to employ a variety of different techniques to discover and alert on threats and potential threats to systems and networks?

   • IDS
   • IPS
   • Firewall
   • WAF
   Explanation:
   An intrusion detection system (IDS) is implemented to watch network traffic and operations, using predefined criteria or signatures, and alert administrators if anything suspect is found. An intrusion prevention system (IPS) is similar to an IDS but actually takes action against suspect traffic, whereas an IDS just alerts when it finds anything suspect. A firewall works at the network level and only takes into account IP addresses, ports, and protocols; it does not inspect the traffic for patterns or content. A web application firewall (WAF) works at the application layer and provides additional security via proxying, filtering service requests, or blocking based on additional factors such as the client and requests.

4. Which of the following is not a risk management framework?

   • COBIT
   • Hex GBL
   • ISO 31000:2009
   • NIST SP 800-37
   Explanation:
   Hex GBL is a reference to a computer part in Terry Pratchett’s fictional Discworld universe. The rest are not.

5. In order to ensure ongoing compliance with regulatory requirements, which phase of the cloud data lifecycle must be tested regularly?

   • Archive
   • Share
   • Store
   • Destroy
   Explanation:
   In order to ensure compliance with regulations, it is important for an organization to regularly test the restorability of archived data. As technologies change and older systems are deprecated, the risk rises for an organization to lose the ability to restore data from the format in which it is stored. With the destroy, store, and share phases, the currently used technologies will be sufficient for an organization’s needs in an ongoing basis, so the risk that is elevated with archived data is not present.

6. Which of the following threat types involves leveraging a user’s browser to send untrusted data to be executed with legitimate access via the user’s valid credentials?

   • Injection
   • Missing function-level access control
   • Cross-site scripting
   • Cross-site request forgery
   Explanation:
   Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user’s browser without going through any validation or sanitization processes, or perhaps the code is not properly escaped from processing by the browser. The code is then executed on the user’s browser with their own access and permissions, allowing the attacker to redirect the user’s web traffic, steal data from their session, or potentially access information on the user’s own computer that their browser has the ability to access. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials.

7. Digital investigations have adopted many of the same methodologies and protocols as other types of criminal or scientific inquiries.

   What term pertains to the application of scientific norms and protocols to digital investigations?

   • Scientific
   • Investigative
   • Methodological
   • Forensics
   Explanation:
   Forensics refers to the application of scientific methods and protocols to the investigation of crimes. Although forensics has traditionally been applied to well-known criminal proceedings and investigations, the term equally applies to digital investigations and methods. Although the other answers provide similar-sounding terms and ideas, none is the appropriate answer in this case.

8. Within a federated identity system, which entity accepts tokens from the identity provider?

   • Assertion manager
   • Servicing party
   • Proxy party
   • Relying party
   Explanation:
   The relying party is attached to the application or service that a user is trying to access, and it accepts authentication tokens from the user’s own identity provider in order to facilitate authentication and access. The other terms provided are all associated with federated systems, but none is the correct choice in this case.

9. Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on.

   Which of the following audits are considered “restricted use” versus being for a more broad audience?

   • SOC Type 2
   • SOC Type 1
   • SOC Type 3
   • SAS-70
   Explanation:
   SOC Type 1 reports are intended for restricted use, only to be seen by the actual service organization, its current clients, or its auditors. These reports are not intended for wider or public distribution.SAS-70 audit reports have been deprecated and are no longer in use, and both the SOC Type 2 and 3 reports are designed to expand upon the SOC Type 1 reports and are for broader audiences.

10. Although host-based and network-based IDSs perform similar functions and have similar capabilities, which of the following is an advantage of a network-based IDS over a host-based IDS, assuming all capabilities are equal?

    • Segregated from host systems
    • Network access
    • Scalability
    • External to system patching
    Explanation:
    A network-based IDS has the advantage of being segregated from host systems, and as such, it would not be open to compromise in the same manner a host-based system would be. Although a network-based IDS would be external to system patching, this is not the best answer here because it is a minor concern compared to segregation due to possible host compromise. Scalability is also not the best answer because, although a network-based IDS does remove processing from the host system, it is not a primary security concern. Network access is not a consideration because both a host-based IDS and a network-based IDS would have access to network resources.

11. DNSSEC was designed to add a layer of security to the DNS protocol.

    Which type of attack was the DNSSEC extension designed to mitigate?

    • Account hijacking
    • Snooping
    • Spoofing
    • Data exposure
    Explanation:
    DNSSEC is an extension to the regular DNS protocol that utilizes digital signing of DNS query results, which can be verified to come from an authoritative source. This verification mitigates the ability for a rogue DNS server to be used to spoof query results and to direct users to malicious sites. DNSSEC provides for the verification of the integrity of DNS queries. It does not provide any protection from snooping or data exposure. Although it may help lessen account hijacking by preventing users from being directed to rogue sites, it cannot by itself eliminate the possibility.

12. Which aspect of cloud computing pertains to cloud customers only paying for the resources and services they actually use?

    • Metered service
    • Measured billing
    • Metered billing
    • Measured service
    Explanation:
    Measured service is the aspect of cloud computing that pertains to cloud services and resources being billed in a metered way, based only on the level of consumption and duration of the cloud customer. Although they sound similar to the correct answer, none of the other choices is the actual cloud terminology.

13. Many of the traditional concepts of systems and services for a traditional data center also apply to the cloud. Both are built around key computing concepts.

    Which of the following compromise the two facets of computing?

    • CPU and software
    • CPU and storage
    • CPU and memory
    • Memory and networking
    Explanation:
    The CPU and memory resources of an environment together comprise its “computing” resources. Cloud environments, especially public clouds, are enormous pools of resources for computing and are typically divided among a large number of customers with constantly changing needs and demands. Although storage and networking are core components of a cloud environment, they do not comprise its computing core. Software, much like within a traditional data center, is highly subjective based on the application, system, service, or cloud computing model used; however, it is not one of the core cloud components.

14. With a cloud service category where the cloud customer is provided a full application framework into which to deploy their code and services, which storage types are MOST likely to be available to them?

    • Structured and unstructured
    • Structured and hierarchical
    • Volume and database
    • Volume and object
    Explanation:
    The question is describing the Platform as a Service (PaaS) cloud offering, and as such, structured and unstructured storage types will be available to the customer. Volume and object are storage types associated with IaaS, and although the other answers present similar-sounding storage types, they are a mix of real and fake names.

15. Firewalls are used to provide network security throughout an enterprise and to control what information can be accessed–and to a certain extent, through what means.

    Which of the following is NOT something that firewalls are concerned with?

    • IP address
    • Encryption
    • Port
    • Protocol
    Explanation:
    Firewalls work at the network level and control traffic based on the source, destination, protocol, and ports. Whether or not the traffic is encrypted is not a factor with firewalls and their decisions about routing traffic. Firewalls work primarily with IP addresses, ports, and protocols.

16. Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

    • Memory
    • Number of users
    • Storage
    • CPU
    Explanation:
    Within IaaS, where the cloud customer is responsible for everything beyond the physical network, the number of users on a system would not be a factor in billing or service charges. The core cloud services for IaaS are based on the memory, storage, and CPU requirements of the cloud customer. Because the cloud customer with IaaS is responsible for its own images and deployments, these components comprise the basis of its cloud provisioning and measured services billing.

17. Many different common threats exist against web-exposed services and applications. One attack involves attempting to leverage input fields to execute queries in a nested fashion that is unintended by the developers.

    What type of attack is this?

    • Injection
    • Missing function-level access control
    • Cross-site scripting
    • Cross-site request forgery
    Explanation:
    An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. This can trick an application into exposing data that is not intended or authorized to be exposed, or it can potentially allow an attacker to gain insight into configurations or security controls. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials. Cross-site scripting occurs when an attacker is able to send untrusted data to a user’s browser without going through validation processes.

18. For service provisioning and support, what is the ideal amount of interaction between a cloud customer and cloud provider?

    • Half
    • Full
    • Minimal
    • Depends on the contract
    Explanation:
    The goal with any cloud-hosting setup is for the cloud customer to be able to perform most or all its functions for service provisioning and configuration without any need for support from or interaction with the cloud provider beyond the automated tools provided. To fulfill the tenants of on-demand self-service, required interaction with the cloud provider–either half time, full time, or a commensurate amount of time based on the contract–would be in opposition to a cloud’s intended use. As such, these answers are incorrect.

19. What does a cloud customer purchase or obtain from a cloud provider?

    • Services
    • Hosting
    • Servers
    • Customers
    Explanation:
    No matter what form they come in, “services” are obtained or purchased by a cloud customer from a cloud service provider. Services can come in many forms–virtual machines, network configurations, hosting setups, and software access, just to name a few. Hosting and servers–or, with a cloud, more appropriately virtual machines–are just two examples of “services” that a customer would purchase from a cloud provider. “Customers” would never be a service that’s purchased.

20. Which phase of the cloud data lifecycle represents the first instance where security controls can be implemented?

    • Use
    • Share
    • Store
    • Create
    Explanation:
    The store phase occurs immediately after the create phase, and as data is committed to storage structures, the first opportunity for security controls to be implemented is realized. During the create phase, the data is not yet part of a system where security controls can be applied, and although the use and share phases also entail the application of security controls, they are not the first phase where the process occurs.