Questions

What are the 3 pools of resources

Which type of APIs are used for resource grabs?

What are the 4 Layers of the Cloud Logical Model?

What are the 3 main items that exist at the Infrastrucure layer?
What is the main goal of the Metastructure layer?
Answer Source Is it being verified?
Storage, Compute & Network Quizlet

RESTful APIs since they are considered lightweight as compared to

SOAP APIs.

SOAP have security services, REST does not. SOAP also is a standard
& a Protocol which = more overheard

REST is stateless & relies on other standards such as HTTP, URL, JSON

Every REST call uses an HTTP method

If something is exposed via an API, it can be accessed

programmatically

Quizlet
Infrastructure, Metastructure, Infostructure, & Applistructure Quizlet
The servers, networking, & storage pools Quizlet
It is where you configure & manage any cloud development. Quizlet
Questions

What is the newer application development methodology and philosophy focused on automation of application development

What is true of searching data across cloud environments?

How should an SDLC be modified to address application security in a Cloud Computing environment?
Answer
Agile
BusOps
DevOps
SecDevOps
Scrum
You might not have the ability or administrative rights to search or access all hosted data.
The cloud provider must conduct the search with the full administrative controls.
All cloud-hosted email accounts are easily searchable.
Search and discovery time is always factored into a contract between the consumer and provider.
You can easily search across your environment using any E-Discovery tool.

Integrated development environments

Updated threat and trust models
No modification is needed
Just-in-time compilers
Both B and C
Source Is it being verified?

Dumpsbase

Dumpsbase

Dumpsbase
Questions
Which concept provides the abstraction needed for resource pools?
Which of the following is NOT a cloud computing characteristic that impacts incidence response?
What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?
Vulnerability assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions.
What is true of a workload?

CCM: The following list of controls belong to which domain of the CCM?

GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10
Assessments GRM 11 – Risk Management Framework
Why is a service type of network typically isolated on different hardware?
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?
Which concept provides the abstraction needed for resource pools?
Which of the following is NOT a cloud computing characteristic that impacts incidence response?
What should every cloud customer set up with its cloud service provider (CSP) that can be utilized in the event of an incident?
Which opportunity helps reduce common application security issues?
Which governance domain deals with evaluating how cloud computing affects compliance with internal
security policies and various legal requirements, such as regulatory and legislative?
A cloud deployment of two or more unique clouds is known as:
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?
Answer
Virtualization
Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.
A number of requirements to be implemented, based upon numerous standards and regulatory requirements
0
It is a unit of processing that consumes memory

Governance and Risk Management

It has distinct functions from other networks
1
A number of requirements to be implemented, based upon numerous standards and regulatory requirements
Virtualization
Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.
A communication plan
Elastic infrastructure

Compliance and Audit Management

A Community Cloud
Infrastructure
Source Is it being verified?

Marks4sure
Marks4sure

Marks4sure
Marks4sure
Marks4sure
Marks4sure
Marks4sure
Marks4sure
Marks4sure
Marks4sure

Marks4sure
Marks4sure
Marks4sure
Why is a service type of network typically isolated on different hardware?
Which governance domain deals with evaluating how cloud computing affects compliance with internal security policies and v
An important consideration when performing a remote vulnerability test of a cloud-based application is to
Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional compu
What item below allows disparate directory services and independent security domains to be interconnected?
What is true of searching data across cloud environments?
How should an SDLC be modified to address application security in a Cloud Computing environment?
Which governance domain focuses on proper and adequate incident detection, response, notification, and remediati
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine
It manages the traffic between other networks testpassport.com
Compliance and Audit Management testpassport.com
Obtain provider permission for test testpassport.com
On-demand self-service testpassport.com
Federation testpassport.com
You might not have the ability or administrative righttestpassport.com
Integrated development environments testpassport.com
Incident Response, Notification and Remediation testpassport.com
A validation process testpassport.com
All cloud services utilize virtualization technologies.
If there are gaps in network logging data, what can you do?
CCM: In the CCM tool, a _____________________ is a measure that modifies risk and includes any process, policy
Who is responsible for the security of the physical infrastructure and virtualization platform?
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?
Which cloud-based service model enables companies to provide client-based access for partners to databases or ap
CCM: The following list of controls belong to which domain of the CCM?
GRM
Which06 – Policy
attack GRM if07any,
surfaces, – Policy
does Enforcement
virtualization GRM 08 – Policy
technology Impact on Risk Assessments GRM 09 – Policy Re
introduce?
APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticat
Which of the following is NOT a cloud computing characteristic that impacts incidence response?
Big data includes high volume, high variety, and high velocity.
CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based servic
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine
is called
Cloud what?
applications can use virtual networks and other structures, for hyper-segregated environments.
Your cloud and on-premises infrastructures should always use the same network address ranges.
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operati
Why is a service type of network typically isolated on different hardware?
Which governance domain deals with evaluating how cloud computing affects compliance with internal security polic
An important consideration when performing a remote vulnerability test of a cloud-based application is to
Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditiona
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse en
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud
What is defined as the process by which an opposing party may obtain private documents for use in litigation?
What item below allows disparate directory services and independent security domains to be interconnected?
Use elastic servers when possible and move workloads to new instances
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
Which data security control is the LEAST likely to be assigned to an IaaS provider?
How does virtualized storage help avoid data loss if a drive fails?
What is the newer application development methodology and philosophy focused on automation of application deve
Sending data to a provider’s storage over an API is likely as much more reliable and secure than setting up your ow
What is true of searching data across cloud environments?
How does running applications on distinct virtual networks and only connecting networks as needed help?
1
You can instrument the technology stack with your own logging.
Control Specification
The cloud provider
The physical location of the data and how it is accessed
Platform-as-a-service (PaaS)
Governance and Risk Management
The hypervisor, Virtualization management components apart from the hypervisor, Configuration and VM sprawl iss
1
Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an in
1
The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security postu
ofthe security
A validation posture.
process
1
0
Infrastructure
It manages the traffic between other networks
Compliance and Audit Management
Obtain provider permission for test
On-demand self-service
1
Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature
Discovery
Federation
1
Third-party attestations
Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
Application logic
Multiple copies in different locations
DevOps
1
You might not have the ability or administrative rights to search or access all hosted data
It reduces the blast radius of a compromised system
f their cloud service against each and every control in the CCM. This approach will allow a thorough assessment

he cloud environment
h assessment
When configured properly, logs can track every code, infrastructure, and configuration change and connect it back to the subm
What of the following is NOT an essential characteristic of cloud computing?
Without virtualization, there is no cloud.
All assets require the same continuity in the cloud.
 1 Page 21
Third Party Service Page 21
1 Page 21
0 Page 21 6.0.1.1