Скачать книгу

results?Increased chance of external penetrationFlawed management decisions based on edited displaysHigher likelihood of inadvertent disclosureRaised incidence of physical theft

      93 Which of these is most likely to have the greatest negative impact on data discovery effort?Bandwidth latency issuesPoor physical security of the data centerSevere statutory regulationInaccurate or incomplete data

      94 Cloud customers performing data discovery efforts will have to ensure that the cloud provider attends to all of the following requirements except _______________.Allowing sufficient access to large volumes of dataPreserving metadata tagsAssigning labelsPreserving and maintaining the data

      95 Where should the cloud provider’s data discovery requirements be listed?National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53Applicable laws and regulationsPayment Card Industry Data Security Standard (PCI DSS)The managed services contract and SLA

      96 Who will determine data classifications for the cloud customer?The cloud providerNational Institute of Standards and Technology (NIST)RegulatorsThe cloud customer

      97 An organization’s data classification scheme must include which of the following categories?File sizeOrigin of the dataSensitivity of the dataWhatever the data owner decides

      98 Classification is usually considered a facet of data ____________.SecurityLabelingControlMarkup

      99 Data classification can be ____________ or ____________.Inverse or obverseAutomatic or manualCorrect or incorrectDiurnal or nocturnal

      100 Data may need to be reclassified for all the following reasons except _______________.Color changeTimeRepurposingTransfer of ownership

      101 Proper __________ need(s) to be assigned to each data classification/category.Dollar valuesMetadataSecurity controlsPolicies

      102 Data transformation in a cloud environment should be of great concern to organizations considering cloud migration because ____________ could affect data classification processes and implementations.MultitenancyVirtualizationRemote accessPhysical distance

      103 Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?The userThe subjectThe cloud providerThe cloud customer

      104 In a personally identifiable information (PII) context, who is the subject?The cloud customerThe cloud providerThe regulatorThe individual

      105 In a personally identifiable information (PII) context, who is the processor?The cloud customerThe cloud providerThe regulatorThe individual

      106 In a personally identifiable information (PII) context, who is the controller?The cloud customerThe cloud providerThe regulatorThe individual

      107 In a personally identifiable information (PII) context, which of the following is not normally considered “processing”?StoringViewingDestroyingPrinting

      108 Which of the following countries does not have a national privacy law that concerns personally identifiable information (PII) and applies to all entities?ArgentinaThe United StatesItalyAustralia

      109 In protections afforded to personally identifiable information (PII) under the U.S. Health Information Portability and Accountability Act (HIPAA), the subject must __________ in order to allow the vendor to share their personal data.Opt inOpt outUndergo screeningProvide a biometric template

      110 In protections afforded to personally identifiable information (PII) under the U.S. Gramm-Leach-Bliley Act (GLBA), the subject must __________ in order to prevent the vendor from sharing their personal data.Opt inOpt outUndergo screeningProvide a biometric template

      111 The European Union (EU), with its implementation of privacy directives and regulations, treats individual privacy as ____________.A passing fadA human rightA legal obligationA business expense

      112 If your organization collects/creates privacy data associated with European Union (EU) citizens and you operate in the cloud, you must prevent your provider from storing/moving/processing that data where?ArgentinaThe United StatesJapanIsrael

      113 European Union (EU) personal privacy protections include the right to be _______________.SecureDeliveredForgottenProtected

      114 The Cloud Security Alliance (CSA) has developed a model for cloud privacy frameworks called the Privacy Level Agreement (PLA). Why might a cloud service provider be reluctant to issue or adhere to a PLA?A PLA might limit the provider’s liability.A PLA would force the provider to accept more liability.A PLA is nonbinding.A PLA is not enforceable.

      115 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) lists security controls from all the following frameworks except _______________.ISACA’s Control Objectives for Information and Related Technology (COBIT)Payment Card Industry Data Security Standard (PCI DSS)The Capability Maturity Model (CMM)International Organization for Standardization (ISO) 27001

      116 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) lists security controls from all the following laws except _______________.Health Information Portability and Accountability Act (HIPAA)Family Education Rights and Privacy Act (FERPA)Personal Information Protection and Electronic Documents Act (PIPEDA)Digital Millennium Copyright Act (DMCA)

      117 Digital rights management (DRM) tools might be used to protect all the following assets except _______________.A trusted deviceProprietary softwareMedical recordsFinancial data

      118 Deploying digital rights management (DRM) tools in a bring-your-own-device (BYOD) environment will require _______________.User consent and actionEnhanced security protocolsUse of the cloudNewer, upgraded devices

      119 Deploying digital rights management (DRM) tools in a bring-your-own-device (BYOD) environment will require _______________.A uniform browser installationPlatform-agnostic solutionsTurnstilesA secondary business continuity and disaster recovery (BC/DR) vendor

      120 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) addresses all the following security architecture elements except _______________.Physical securityInfrastructure as a service (IaaS)Application securityBusiness drivers

      121 DRM requires that every data resource be provisioned with __________.A tracking deviceAn access policyA hardware security module (HSM)A biometric system

      122 Digital rights management (DRM) tools can be combined with __________ to enhance security capabilities.Roaming identity services (RIS)Egress monitoring solutions (DLP)Internal hardware settings (BIOS)The TEMPEST program

      123 Digital rights management (DRM) tools should enforce __________, which is the characteristic of access rights following the object, in whatever form or location it might be or move to.Continuous audit trailLimiting printing outputPersistenceAutomatic expiration

      124 Digital rights management (DRM) tools should enforce __________, which is the practice of capturing all relevant system events.Continuous audit trailLimiting printing outputPersistenceAutomatic expiration

      125 Digital rights management (DRM) tools should enforce __________, which is the capability to revoke access based on the decision of the object owner or an administrator action.Integration with email filtering enginesDisabling screencap capabilitiesContinuous audit trailDynamic policy control

      126 Digital rights management (DRM) tools should enforce __________, which is the revocation of access based on time.PersistenceDisabling screencap capabilitiesAutomatic expirationDynamic policy control

      127 Digital rights management (DRM) tools should enforce __________, which is interoperability with the organization’s other access control activities.PersistenceSupport for existing authentication security infrastructureContinuous audit trailDynamic policy control

      128 In a data retention policy, what is perhaps the most crucial element?Location of the data archiveFrequency of backupsSecurity controls in long-term storageData recovery procedures

      129 __________ is the practice of taking data out of the production environment and putting it into long-term storage.DeletionArchivingCrypto-shreddingStoring

      130 In general, all policies within an organization should include each of the following elements except _______________.The date on which

Скачать книгу