Reddit Practice questions

1. Which storage types stores the following types of data: relational, nonrelational, key-value 

a) Block storage

b) Object storage

c) Volume

d) Database

D

A disaster occurred at a data center. No lives were lost but the disaster recovery plan was put in place and the employees were relocated to an alternate location. What could be done to boost employee morale?

a) Relocate their spouses

b) Move them away from the disaster site

c) Enact a joint operating agreement

d) Provide them with specific and clear tasks 

D

Which threat modelling process would a security analyst use to test a new application from a malicious attacker’s perspective?

a) PASTA

b) STRIDE

c) ATASM

d) DREAD

a

What will secure the perimeter of a low security and a high security zone? 

a) Bastion host

b) Virtual client

c) Host isolation

d) SSH

A

What allows for data to be transferred in and out of the cloud?

a) Network

b) Security

c) Firewall

d) Privacy

A

A cloud customer requests that a cloud service provider delete all the customer’s data and destroy the hardware that was used to hold it. What should the cloud service provider do?

a) Use degaussing to destroy the hardware

b) Use cryptographic erasure to destroy the hardware

c) Only destroy the hardware if the contract includes hardware disposal insurance

d) Only destroy the hardware if hardware disposal is part of the contract 

D

How would you remove information from a USB while keeping the USB in-tact?

a) Degaussing

b) Cryptographic erasure

c) Physical destruction

d) Overwriting

D

What disadvantage of SaaS is overcome with PaaS?

a) Personnel attack

b) Natural disaster

c) Vendor lock out

d) Vendor lock in

D

An organization was advised by their cloud service provider that their data was collected as evidence for use in legal proceedings. The organization itself is not involved in any legal proceedings. Which characteristic of cloud service explains this?

a) Rapid elasticity

b) Resource pooling

c) Multitenancy

d) Scalability

C

What describes the process of collecting electronic evidence as part of an investigation/lawsuit?

a) Legal hold

b) Chain of custody

c) E-discovery

d) Multitenancy

C

Which primary security control should be used by all cloud accounts, including individual users, in order to defend against the widest range of attacks?

a) Multi-factor authentication

b) Logging and monitoring

c) Perimeter security

d) Redundant infrastructure

A

An auditor advises an organization that their audit was unreliable due to the fact that the organization failed to provide sufficient data/information. Which element of an audit was in question (not a great Q):

a) Scope of the audit

b) Non-repudiation

c) Chain of custody

d) Categorization

A

An organization wants to use a new vendor-specific API, however, some security analysts are against it. Which design principle of secure cloud computing explains the lack of support for the new API?

a) Portability

b) Scalability

c) On-demand self service

d) Broad network access

A

An organization requires employees trying to access the network to provide a password and complete multi-factor authentication. What element describes what they're trying to enforce?

a) Authorization

b) Authentication

c) Availability

d) Non-repudiation

B

An organization requires employees prove that they have access rights or privileges to information/systems. What element describes what they're trying to enforce?

a) Authorization

b) Authentication

c) Availability

d) Non-repudiation

A

Which type of cloud storage has the highest risk of losing forensic artifacts in the event of an incident response investigation?

a) Ephemeral storage

b) Long-term storage

c) Block storage

d) Object storage

A

What is the term used to describe the maximum amount of time that an organization can tolerate a system, application, or service being unavailable before it significantly impacts business operations?

a) RTO

b) MTD

c) MTTR

d) RPO

B

An accountant has access to a database containing all employee's personal information. S/he goes in and makes unauthorized modifications to an employee's data. Which of the following elements of STRIDE was exhibited?

a) Spoofing

b) Denial of service

c) Tampering

d) Escalation of privilege

C

An organization that collects PII is forwarding it to an external third party. What should they include when sending the PII?

a) Contractual obligations that could violate the privacy policy

b) A list of laws/regulations the third party must adhere to when dealing with PII

c) A copy of the organization's privacy policies

d) The organization's most recent audit report

B

What could you do, periodically, to ensure that old backups are viable?

a) Replace old backups with new backups

b) Test old backups

c) Delete old backups

d) Modify old backups

B

Which design pillar represents the ability of a workload to execute its intended function accurately and consistently when it is expected to?

a) Availability

b) Authentication

c) Scaling

d) Reliability

D

An organization wants to institute a 24/7 monitoring and response capability focused on security. What type of operations capability will they establish?

a) SIEM

b) NOC

c) SOC

d) IDS

C

An online store has declared a disaster situation because of a large storm in the area of its primary cloud data center location. The emergency plan has allowed the store to remain online and accept payments, but it has fallen out of compliance with its Payment Card Industry Data Security Standard (PCI DSS) practices.

What should the store implement?

a) Compensating control

b) Detective control

c) Risk management

d) Preventive controls

A

Olivia wants to ensure that her new data center cannot lose its internet connectivity due to a single event that damages the fiber optic cable run to her internet service providers. What term describes the solution Olivia is looking for?

a) Linear continuity

b) Multivendor pathway connectivity

c) Separation of networks

d) Redundant fiber assessment

B

An organization has devised a new use for the personal data that it stores about its customers. What should the organization do in this situation according to the Generally Accepted Privacy Principles (GAPP)?

a) Notify users once the updated data processing is in place

b) Obtain additional consent before using personal data in a different way

c) Take no further action as the users have already consented to data processing

d) Remove the data processing clause from its policy to avoid a conflict

B

What is a device called that can safely store and manage encryption keys and is used in servers, data transmission, and log files?

a) Private key

b) Hardware security module (HSM)

c) Public key

d) Trusted Operating System Module (TOS)

B

What phase of the cloud data lifecycle involves data labeling?

a) Create

b) Store

c) Use

d) Archive

A

Which form of BC/DR testing has the least impact on operations?

a) Full test

b) Dry run

c) Tabletop

d) Structured test

C

What is the most secure third-party method to store cryptographic keys?

a) In a repository linked to the data

b) In a repository separate from the data

c) With an escrow linked to the data

d) With an escrow separate from the data

B?

Classifying data based on the whether or not it includes the word "Any" is an example of:

a) Label-based discovery

b) Metadata-based discovery

c) Content-based discovery

d) E-discovery

C