Engineering Questions with Answers - Multiple Choice Questions
MCQs on Security Data
1 - Question
Which of the following is a compliance standard?
a) PCI-DSS
b) HIPPA
c) GLBA
d) All of the mentioned
View Answer
Answer: d
Explanation: A compliance standard can be any government regulatory framework.
2 - Question
Point out the correct statement.
a) The cloud service model you choose does not determine the variety of security features, compliance auditing, and other requirements
b) To determine the particular security mechanisms you need, you must perform a mapping of the particular cloud service model to the particular application you are deploying
c) A security control model includes the security that you normally use for your applications only
d) All of the mentioned
View Answer
Answer: b
Explanation: These mechanisms must be supported by the various controls that are provided by your service provider, your organization, or a third party.
3 - Question
Which of the following is a key mechanism for protecting data?
a) Access control
b) Auditing
c) Authentication
d) All of the mentioned
View Answer
Answer: d
Explanation: Whatever service model you choose should have mechanisms operating in all above mentioned areas that meet your security requirements.
4 - Question
How many security accounts per client is provided by Microsoft?
a) 1
b) 3
c) 5
d) 7
View Answer
Answer: c
Explanation: On Amazon Web Service, you can create multiple keys and rotate those keys during different sessions.
5 - Question
Point out the wrong statement.
a) Securing data sent to, received from, and stored in the cloud is the single largest security concern
b) The problem with the data you store in the cloud is that it can be located anywhere in the cloud service provider’s system
c) One and only approach to isolating storage in the cloud from direct client access is to create layered access to the data
d) All of the mentioned
View Answer
Answer: c
Explanation: The location of the proxy and the broker is not important.
6 - Question
Which of the following are a common means for losing encrypted data?
a) lose the keys
b) lose the encryption standard
c) lose the account
d) all of the mentioned
View Answer
Answer: a
Explanation: Keys should have a defined life cycle.
7 - Question
Which of the following is the standard for interoperable cloud-based key management?
a) KMIP
b) PMIK
c) AIMK
d) None of the mentioned
View Answer
Answer: a
Explanation: KMIP stands for Key Management Interoperability Protocol.
8 - Question
Which of the following was one of the weaker aspects of early cloud computing service offerings?
a) Logging
b) Integrity checking
c) Consistency checking
d) None of the mentioned
View Answer
Answer: a
Explanation: Cloud service providers often have proprietary log formats.
9 - Question
Which of the following is one of the most actively developing and important areas of cloud computing technology?
a) Logging
b) Auditing
c) Regulatory compliance
d) None of the mentioned
View Answer
Answer: c
Explanation: For any company with clients in multiple countries, the burden of regulatory compliance is onerous.
10 - Question
Amazon Web Services supports ________ Type II Audits.
a) SAS70
b) SAS20
c) SAS702
d) None of the mentioned
View Answer
Answer: a
Explanation: Becoming a cloud service provider requires a large investment.