Managing Cloud Security (D320)

Correct Answer

B) Requirements definition

Explanation

In the requirements definition phase of the SDLC, the project manager works with the customer to gather and define the project's requirements. This includes understanding the desired features, their priorities, and criticality for the customer. The goal is to establish clear and comprehensive requirements before moving on to development.

Why other options are wrong

A) Planning The planning phase involves creating a project plan, including resource allocation, timeline, and risk management. While it might involve some high-level feature discussion, the focus is more on logistics and execution rather than detailed requirements gathering.

C) Development The development phase is when actual coding and implementation of the software take place. At this point, the requirements should already be defined.

D) Ongoing operations Ongoing operations involve the maintenance and monitoring of the software after it is deployed, which occurs long after the requirements have been defined and the development phase has concluded.

Correct Answer

D) Avoidance

Explanation

Avoidance is a risk management strategy where an organization changes its business practices to completely eliminate the potential for a particular risk. This could involve discontinuing a high-risk activity, adopting new processes, or even restructuring operations to prevent the occurrence of the risk. The goal is to entirely eliminate the risk before it can impact the organization.

Why other options are wrong

A) Acceptance In risk acceptance, an organization acknowledges the risk and decides to continue with its operations without taking action to eliminate it. The risk is recognized, but no steps are taken to avoid or mitigate it.

B) Transference Risk transference involves shifting the responsibility for managing a risk to a third party, typically through insurance or outsourcing. The risk is not eliminated but managed by another party.

C) Mitigation Mitigation focuses on reducing the severity or impact of a risk rather than eliminating it entirely. It involves taking actions to lessen the likelihood of the risk occurring or reducing its impact if it does occur.

Correct Answer

D. Electronic discovery

Explanation

Electronic discovery (eDiscovery) is the process used to identify, collect, and present electronic records, often in legal or regulatory contexts. This process allows security professionals to collect the relevant data from databases, emails, documents, and other digital sources in a way that complies with legal requirements, making it suitable for court cases.

Why other options are wrong

A. Electronic communication

Electronic communication refers to the transmission of information through electronic devices such as emails or messaging systems. It is not a process for identifying or collecting data for legal purposes.

B. Error correcting code (ECC) memory

Error correcting code (ECC) memory is a type of computer memory that can detect and correct errors automatically. It is unrelated to the process of identifying or collecting information for legal purposes.

C. Cyclic redundancy check (CRC)

Cyclic redundancy check (CRC) is an error-detecting code used to ensure the integrity of data. While useful for data verification, it is not a process used for legal data collection or presentation in court.

Correct Answer

An IPS detects and stops malicious traffic, while an IDS detects and alerts about malicious traffic.

Explanation

An Intrusion Prevention System (IPS) actively monitors network traffic and can stop or block malicious activity in real-time. In contrast, an Intrusion Detection System (IDS) only detects and alerts security personnel about potential malicious traffic, but it does not have the capability to stop or block it.

Why other options are wrong

An IPS detects and alerts about malicious traffic, while an IDS detects and stops malicious traffic. This is incorrect because the IPS has the capability to stop malicious traffic, while the IDS only detects and alerts.

An IDS tells an IPS what malicious traffic it detects, and then the IPS blocks that traffic. This is not how the two systems function. While they may work in conjunction, the IDS does not instruct the IPS to block traffic. The IPS independently handles blocking.

An IPS tells an IDS what malicious traffic it detects, and then the IDS blocks that traffic. This is incorrect because the IDS does not have the ability to block traffic. The IPS performs the blocking, not the IDS.

Correct Answer

D) Full-disk encryption

Explanation

Full-disk encryption encrypts the entire contents of the drive, ensuring that all data on the disk is unreadable without the proper decryption key. This method provides protection in case the physical disk is lost or stolen by preventing unauthorized access to the data.

Why other options are wrong

A) File-level encryption

File-level encryption encrypts individual files, but if the entire disk is lost or stolen, the unencrypted areas of the disk or files may still be vulnerable. Full-disk encryption provides more comprehensive protection.

B) Transport Layer Security (TLS)

TLS is a protocol for securing communication over networks, primarily used for encrypting data in transit. It does not protect data at rest on a physical drive, making it unsuitable for protecting against physical theft.

C) Secure Socket Layer (SSL)

SSL is an outdated protocol for encrypting data in transit over networks, similar to TLS, and does not offer protection for data stored on a physical device. Full-disk encryption is the correct approach for protecting data at rest.

Correct Answer

A) Master service agreement (MSA)

Explanation

A Master Service Agreement (MSA) outlines the general terms and conditions of a long-term relationship between a vendor and an organization. It typically includes various terms, such as security requirements, service expectations, responsibilities, and other contractual obligations that govern the vendor's work over time.

Why other options are wrong

B) Service level agreement (SLA)

An SLA outlines the specific service expectations, including performance, uptime, and response times, but it is typically not as broad as an MSA. SLAs usually focus on the level of service provided, not the overall contractual relationship or security requirements.

C) Nondisclosure agreement (NDA)

An NDA is designed to protect confidential information shared between parties and does not cover the full scope of work, responsibilities, or security requirements for vendor relationships over extended periods.

D) Business partnership agreement (BPA)

A BPA outlines the terms of a business partnership between two or more organizations but does not typically include the detailed vendor-specific clauses, such as security requirements, that an MSA would contain.

Correct Answer

A) Controlled entry point

Explanation

A controlled entry point refers to a security mechanism that monitors and regulates access to a facility. The visitor's sign-in process and the time-sensitive badge changing color is an example of controlling and tracking access to the office, ensuring that individuals stay within the premises for an acceptable amount of time. The badge color change acts as an additional control to monitor how long a visitor has been on-site.

Why other options are wrong

B) Monitoring systems Monitoring systems involve tracking events or activities within a system or facility, but in this case, the focus is on the controlled entry and tracking of visitors specifically. While monitoring systems could be involved, the security concept directly at play is the controlled entry.

C) Vehicular approach controls Vehicular approach controls manage the entry of vehicles into a facility but do not specifically address the monitoring of visitors within the building or premises.

D) Fire systems Fire systems are designed for safety in the event of a fire, not for controlling access or tracking the duration of a visitor's presence within a facility.

Correct Answer

D) The Clarifying Lawful Overseas Use of Data (CLOUD) Act

Explanation

The CLOUD Act allows U.S. law enforcement agencies to request data stored overseas, even if that data is stored in a foreign country where such disclosure would be illegal. The act enables U.S. authorities to compel U.S. service providers to hand over data that may be stored abroad, overcoming international legal barriers to provide access to data for law enforcement investigations.

Why other options are wrong

A) The Sarbanes-Oxley (SOX) Act

SOX focuses on financial reporting and corporate governance for U.S. companies. It mandates requirements for the retention and protection of financial records but does not address the issue of providing data to U.S. authorities stored outside the country.

B) The General Data Protection Regulation (GDPR)

The GDPR is a European Union regulation focused on data protection and privacy for individuals within the EU. It does not allow U.S. officials to access data stored outside the U.S. but provides guidelines for the protection of personal data across borders. It also prohibits the transfer of personal data to countries with inadequate data protection laws, which is contrary to the CLOUD Act's provisions.

C) The Gramm-Leach-Bliley Act (GLBA)

The GLBA applies to financial institutions and addresses the protection of consumers' personal financial information. It does not concern the U.S. government’s ability to access data stored overseas, which is the focus of the CLOUD Act.

Correct Answer

A. Labeling

Explanation

Labeling involves tagging data with metadata, including details such as the document owner, sensitivity level, and date of creation. This enables users and systems to quickly identify and manage documents appropriately. In this case, labeling helps immediately determine who owns a document, supporting effective data governance.

Why other options are wrong

B. Classification Classification organizes data based on sensitivity or importance (e.g., public, confidential, restricted). While it helps with access controls and compliance, it doesn’t specifically identify the document owner. Its purpose is broader and doesn’t fulfill the need for quick identification of ownership.

C. Mapping Mapping typically refers to identifying the relationships or locations of data within systems or workflows. It helps track where data resides or how it flows, but it is not useful for tagging data with ownership information. Hence, it does not help directly in identifying document ownership.

D. Categorization Categorization groups data based on similar characteristics or themes. Like classification, it is used for organization but does not assign specific ownership metadata. It is a higher-level grouping approach that lacks the granularity required to pinpoint a specific document owner.