Chapter 3 ■ Cloud Data Security

Data hiding

Naomi is working on a list that will include data obfuscation options for her organization. Which of the following is not a type of data obfuscation technique?

Performance enhancement

The goals of SIEM solution implementations include all of the following

except___________________.

Ephemeral

Wei’s organization uses Lambda functions as part of a serverless application inside of its Amazon-­hosted environment. What storage type should Wei consider the storage associated with the instances to be?

A cloud HSM

Selah wants to securely store her organization’s encryption keys. What solution should she ask her cloud service provider about?

The version of the executable run

Jim’s organization wants to ensure that it has the right information available in case of an attack against its web server. Which of the following data elements is not commonly used and thus shouldn’t be expected to be logged?

Scan for credit card numbers based on a pattern match or algorithm.

Susan wants to ensure that files containing credit card numbers are not stored in her organization’s cloud-­based file storage. If she deploys a DLP system, what method should she use to identify files with credit card numbers to have the best chance of finding them, even if she may encounter some false positives?

Privilege reuse

Rhonda is outlining the threats to her cloud storage environment. Which of the following is not a common threat to cloud storage?

Databases

Ben wants to implement tokenization for his organization’s data. What will he need to be able to implement it?

Testing data in sandboxed environments

Yasmine’s organization has identified data masking as a key security control. Which of the following functions will it provide?

IRM

Megan wants to improve the controls provided by her organization’s data loss prevention (DLP) tool. What additional tool can be combined with her DLP to most effectively enhance data controls?

Create

What phase of the cloud data lifecycle involves data labeling?

Hashing

Charles wants to ensure that files in his cloud file system have not been changed. What technique can he use to compare files to determine if changes have been made?

The same or greater than the data that the certificates protect.

Liam wants to store the private keys used to generate certificates for his organization. What security level should he apply to those keys?

Ensuring multifactor authentication

Best practices for key management include all of the following except___________________.

Tokenization

Valerie wants to be able to refer to data contained in a database without having the actual values in use. What obfuscation technique should she select?

The username

Samuel wants to check what country a file was accessed from. What information can he use to make a guess as accurate as possible, given information typically available in log entries?

Create, Store, Use, Share, Archive, Destroy

What is the correct order of the phases of the data lifecycle?

UserIDs

Stanislaw wants to use log information to create accountability for data events. Which of the following data elements would be most useful for his purpose?

Masking

Nina replaces all but the last four digits of credit card numbers stored in a database with asterisks. What data obfuscation technique has she used?

Log volume

Greg has implemented logging for his company’s worldwide web services implementation running in Azure. What concern should Greg address when he enables logging of all web requests?