D320 Managing Cloud Security - Set 1 - Part 1

Correct Answer: PCI DSS

PCI DSS is specifically designed to secure credit card data and transactions. ISO/IEC 27001 is a general information security standard, HIPAA focuses on healthcare data, and NIST SP 800-53 provides security controls for federal information systems.

Correct Answer: Homomorphic Encryption

Homomorphic Encryption allows data to be processed while still encrypted, protecting it while in use. Data Masking and Tokenization protect data at rest or in transit, and Disk Encryption secures data at rest.

Correct Answer: Problem Management

Problem Management identifies and resolves issues before they lead to incidents. Incident Management deals with incidents as they occur, Capacity Management ensures resources meet demands, and Change Management handles modifications to the environment.

Correct Answer: Risk Transference

Risk Transference involves sharing the risk with another party, such as an insurer or outsourced service provider. Risk Mitigation reduces risks, Risk Acceptance involves accepting them, and Risk Avoidance eliminates them.

Correct Answer: FERPA

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student educational records. HIPAA protects health information, SOX focuses on corporate governance, and GLBA addresses financial information.

Correct Answer: Centralizing and analyzing security logs

A SIEM system centralizes and analyzes security logs to identify and respond to potential security threats. It does not directly manage user identities, encrypt data, or configure firewalls, but it helps monitor and secure the environment.

Correct Answer: Service Level Management

Service Level Management ensures that cloud services meet or exceed the terms set out in the SLa) Change Management, Incident Management, and Capacity Management are related processes but do not directly ensure SLA compliance.

Correct Answer: Risk Assessment

Risk Assessment involves identifying, analyzing, and prioritizing risks based on their potential impact and likelihood. Risk Mitigation, Transference, and Acceptance are strategies for managing risks after they have been assessed.

Correct Answer: GDPR

The General Data Protection Regulation (GDPR) governs the protection of personal data within the EU and regulates cross-border transfers. Safe Harbor was a previous framework, now replaced by the EU-U.S. Privacy Shield, but GDPR is the current standard.

Correct Answer: SSL/TLS

SSL/TLS protocols encrypt data during transmission to protect it from interception or tampering. Disk Encryption secures data at rest, Data Masking obscures data in use, and Biometric Authentication controls access to systems.

Correct Answer: SOC 2

SOC 2 reports provide assurance about a cloud provider's internal controls, particularly those related to security, availability, processing integrity, confidentiality, and privacy. ISO/IEC 27001 and PCI DSS are certifications, and HIPAA reports are specific to healthcare.

Correct Answer: Involves ranking risks based on their severity

Qualitative risk assessments involve ranking risks based on their severity, often using subjective judgment. Quantitative assessments use numerical values, Risk Transfer involves insurance, and Risk Avoidance involves eliminating risks.

Correct Answer: Data Protection by Design

Data Protection by Design requires organizations to implement appropriate safeguards throughout the data lifecycle. Data Minimization limits data collection, Data Integrity ensures accuracy, and Data Breach Notification involves informing individuals when their data is compromised.

Correct Answer: Isolating tenants using VLANs

VLANs (Virtual Local Area Networks) can isolate tenants in a multi-tenant environment, ensuring that data and resources are separated. Shared virtual machines could compromise security, while access control and encryption protect data but do not provide isolation.

Correct Answer: Capacity Management

Capacity Management ensures that cloud resources are used efficiently and can meet future demand. Incident Management addresses immediate issues, Problem Management identifies root causes of incidents, and Change Management controls modifications to the environment.

Correct Answer: Risk Avoidance

Risk Avoidance involves discontinuing an activity that poses a high risk, effectively eliminating the risk altogether. Risk Acceptance involves taking no action, Risk Transference shifts the risk, and Risk Mitigation reduces it.

Correct Answer: Purpose Limitation

The Purpose Limitation principle under GDPR mandates that personal data be collected only for specific, legitimate purposes and not be further processed in a manner incompatible with those purposes. Data Minimization limits data collection, Accuracy ensures correctness, and Integrity and Confidentiality protect data.

Correct Answer: SSL/TLS

SSL/TLS is used to secure communication between a web browser and a cloud service by encrypting data in transit. Symmetric and Asymmetric encryption are encryption methods, while Hashing is used for data integrity, not for securing communication.

Correct Answer: Load Testing

Load Testing evaluates a cloud service's ability to handle heavy traffic or demand, ensuring resilience and reliability. Penetration Testing identifies security vulnerabilities, Functional Testing checks if the service meets requirements, and Compliance Testing ensures it meets legal standards.

Correct Answer: Risk Appetite Statement

The Risk Appetite Statement defines the acceptable levels of risk that an organization is willing to tolerate and guides risk management efforts. A Risk Register tracks identified risks, an Incident Response Plan addresses incidents, and a Business Continuity Plan ensures operations during disruptions.