Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Which attack surfaces, if any, does virtualization technology introduce?

A.

The hypervisor

B.

Virtualization management components apart from the hypervisor

C.

Configuration and VM sprawl issues

D.

All of the above

Which of the following is NOT a cloud computing characteristic that impacts incidence response?

A.

The on demand self-service nature of cloud computing environments.

B.

Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.

C.

The possibility of data crossing geographic or jurisdictional boundaries.

D.

Object-based storage in a private cloud.

E.

The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.

CCM: The following list of controls belong to which domain of the CCM?

GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework

A.

Governance and Retention Management

B.

Governance and Risk Management

C.

Governing and Risk Metrics

Who is responsible for the security of the physical infrastructure and virtualization platform?

A.

The cloud consumer

B.

The majority is covered by the consumer

C.

It depends on the agreement

D.

The responsibility is split equally

E.

The cloud provider

What is critical for securing serverless computing models in the cloud?

A.

Disabling console access completely or using privileged access management

B.

Validating the underlying container security

C.

Managing secrets and configuration with the least privilege

D.

Placing serverless components behind application load balancers

Why is consulting with stakeholders important for ensuring cloud security strategy alignment?

A.

IT simplifies the cloud platform selection process

B.

It reduces the overall cost of cloud services.

C.

It ensures that the strategy meets diverse business requirements.

D.

It ensures compliance with technical standards only.

In the context of server-side encryption handled by cloud providers, what is the key attribute of this encryption?

A.

The data is encrypted using symmetric encryption.

B.

The data is not encrypted in transit.

C.

The data is encrypted using customer or provider keys after transmission to the cloud.

D.

The data is encrypted before transmission to the cloud.

In the cloud provider and consumer relationship, which entity

manages the virtual or abstracted infrastructure?

A.

Only the cloud consumer

B.

Only the cloud provider

C.

Both the cloud provider and consumer

D.

It is determined in the agreement between the entities

E.

It is outsourced as per the entity agreement

Which Cloud Service Provider (CSP) security measure is primarily used to filter and monitor HTTP requests to protect against SQL injection and XSS attacks?

A.

CSP firewall

B.

Virtual Appliance

C.

Web Application Firewall

D.

Intrusion Detection System

When designing an encryption system, you should start with a threat model.

A.

False

B.

True