Which of the following is a common risk factor related to misconfiguration and inadequate change control in cybersecurity?
Which aspect of a Cloud Service Provider's (CSPs) infrastructure security involves protecting the interfaces used to manage configurations and resources?
Which approach is essential in identifying compromised identities in cloud environments where attackers utilize automated methods?
Which governance domain focuses on proper and adequate incident detection, response, notification, and remediation?
What is a common characteristic of default encryption provided by cloud providers for data at rest?
What is the most effective way to identify security vulnerabilities in an application?
In the cloud provider and consumer relationship, which entity
manages the virtual or abstracted infrastructure?
What are the primary security responsibilities of the cloud provider in the management infrastructure?
Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?
In volume storage, what method is often used to support resiliency and security?
In the context of cloud security, which approach prioritizes incoming data logsfor threat detection by applying multiple sequential filters?
Which AI workload mitigation strategy best addresses model inversion attacks that threaten data confidentiality?
Which approach is commonly used by organizations to manage identities in the cloud due to the complexity of scaling across providers?
Which principle reduces security risk by granting users only the permissions essential for their role?
Which of the following best describes compliance in the context of cybersecurity?
ENISA: Which is not one of the five key legal issues common across all scenarios:
In the initial stage of implementing centralized identity management, what is the primary focus of cybersecurity measures?
CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s cloud service?
In the context of cloud security, what is the primary benefit of implementing Identity and Access Management (IAM) with attributes and user context for access decisions?
In securing virtual machines (VMs), what is the primary role of using an “image factory" in VM deployment?
Which of the following best describes the primary purpose of cloud security frameworks?
Which activity is a critical part of the Post-Incident Analysis phase in cybersecurity incident response?
What key activities are part of the preparation phase in incident response planning?
Which type of security tool is essential for enforcing controls in a cloud environment to protect endpoints?
Which of the following best describes an aspect of PaaS services in relation to network security controls within a cloud environment?
Which of the following BEST describes a benefit of Infrastructure as Code (IaC) in cybersecurity contexts?
When designing a cloud-native application that requires scalable and durable data storage, which storage option should be primarily considered?
Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?
Which feature in cloud enhances security by isolating deployments similar to deploying in distinct data centers?
What is a key benefit of using customer-managed encryption keys with cloud key management service (KMS)?
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.
Sending data to a provider’s storage over an API is likely as much more reliable and secure than setting up your own SFTP server on a VM in the same provider
Which practice minimizes human error in long-running cloud workloads’ security management?
In the shared security model, how does the allocation of responsibility vary by service?
A company plans to shift its data processing tasks to the cloud. Which type of cloud workload best describes the use of software emulations of physical computers?
What is the purpose of the "Principle of Least Privilege" in Identity and Access Management (IAM)?
When comparing different Cloud Service Providers (CSPs), what should a cybersecurity professional be mindful of regarding their organizational structures?
When mapping functions to lifecycle phases, which functions are required to successfully process data?
How does cloud sprawl complicate security monitoring in an enterprise environment?
Which resilience tool helps distribute network or application traffic across multiple servers to ensure reliability and availability?
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?
Why is it important to control traffic flows between networks in a cybersecurity context?
What is a primary benefit of implementing micro-segmentation within a Zero Trust Architecture?
Which factors primarily drive organizations to adopt cloud computing solutions?
In the context of incident response, which phase involves alerts validation to reduce false positives and estimates the incident's scope?
In federated identity management, what role does the identity provider (IdP) play in relation to the relying party?
Which aspect is crucial for crafting and enforcing CSP (Cloud Service Provider) policies?
Which of the following enhances Platform as a Service (PaaS) security by regulating traffic into PaaS components?
What is a primary benefit of using Identity and Access Management (IAM) roles/identities provided by cloud providers instead of static secrets?
An organization deploys an AI application for fraud detection. Which threat is MOST likely to affect its AI model’s accuracy?
How should an SDLC be modified to address application security in a Cloud Computing environment?
If the management plane has been breached, you should confirm the templates/configurations for your infrastructure or applications have not also been compromised.
Which of the following best describes the primary benefit of utilizing cloud telemetry sources in cybersecurity?
Which Identity and Access Management (IAM) principle focuses on implementing multiple security layers to dilute access power, thereby averting a misuse or compromise?
Which of the following best describes a primary risk associated with the use of cloud storage services?
What are the essential characteristics of cloud computing as defined by the NIST model?
What is the primary function of Privileged Identity Management (PIM) and Privileged Access Management (PAM)?
Which of the following best describes the shared responsibility model in cloud security?
In which deployment model should the governance strategy consider the minimum common set of controls comprised of the Cloud Service Provider contract and the organization's internal governance agreements?
Which two key capabilities are required for technology to be considered cloud computing?
Which of the following is a common security issue associated with serverless computing environments?
Which Cloud Service Provider (CSP) security measure is primarily used to filter and monitor HTTP requests to protect against SQL injection and XSS attacks?
Which statement best describes why it is important to know how data is being accessed?
What process involves an independent examination of records, operations, processes, and controls within an organization to ensure compliance with cybersecurity policies, standards, and regulations?
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?
In a containerized environment, what is fundamental to ensuring runtime protection for deployed containers?
CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?
Which of the following statements is true in regards to Data Loss Prevention (DLP)?
How can the use of third-party libraries introduce supply chain risks in software development?
Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?
Why is consulting with stakeholders important for ensuring cloud security strategy alignment?