D320 Managing Cloud Security - Set 2 - Part 1

Correct Answer: PCI DSS

PCI DSS is specifically designed to secure credit card data and transactions. HIPAA focuses on healthcare information, NIST SP 800-53 provides security guidelines for federal systems, and ISO/IEC 27001 is a general information security standard.

Correct Answer: Homomorphic Encryption

Homomorphic Encryption enables data to be processed while still encrypted, protecting it while in use. Tokenization and Disk Encryption protect data at rest, and Symmetric Encryption is not designed to process data in use.

Correct Answer: Problem Management

Problem Management focuses on identifying and resolving issues before they escalate into incidents. Incident Management addresses issues as they occur, Capacity Management ensures sufficient resources, and Change Management oversees modifications to the environment.

Correct Answer: Risk Transference

Risk Transference involves sharing the risk with another party, such as through insurance or outsourcing. Risk Avoidance eliminates the risk, Risk Mitigation reduces the risk, and Risk Acceptance involves accepting the risk.

Correct Answer: FERPA

FERPA (Family Educational Rights and Privacy Act) protects the privacy of student educational records. HIPAA deals with healthcare information, SOX focuses on corporate governance, and GLBA addresses financial data protection.

Correct Answer: Centralizing and analyzing security logs

SIEM systems centralize and analyze security logs to detect and respond to security threats. They do not directly manage access controls, encrypt data, or configure firewall rules.

Correct Answer: Service Level Management

Service Level Management ensures that cloud services meet or exceed SLA terms. Change Management handles service modifications, Incident Management addresses incidents, and Capacity Management ensures adequate resources.

Correct Answer: Risk Assessment

Risk Assessment involves identifying, analyzing, and prioritizing risks based on their potential impact and likelihood. Risk Mitigation reduces risks, Risk Acceptance involves accepting risks, and Risk Transference shifts risk to another party.

Correct Answer: GDPR

The GDPR (General Data Protection Regulation) governs the protection of personal data in the EU and regulates cross-border transfers. The Safe Harbor Framework has been replaced by the EU-U.S. Privacy Shield.

Correct Answer: SSL/TLS

SSL/TLS encrypts data during transmission, protecting it from interception or tampering. Disk Encryption secures data at rest, Data Masking hides data in use, and Biometric Authentication controls access to systems.

Correct Answer: SOC 2

A SOC 2 report provides assurance about a cloud provider's internal controls, particularly related to security, availability, processing integrity, confidentiality, and privacy. HIPAA and PCI DSS focus on specific industries, and ISO/IEC 27001 certifies information security management systems.

Correct Answer: Qualitative Risk Assessment

Qualitative Risk Assessment involves ranking risks based on their severity using subjective judgment. Quantitative Risk Assessment uses numerical values to estimate impact.

Correct Answer: Data Protection by Design

Data Protection by Design requires organizations to implement appropriate safeguards throughout the data lifecycle. Data Minimization limits data collection, Data Integrity ensures data accuracy, and Data Breach Notification informs individuals when their data is compromised.

Correct Answer: VLANs

VLANs (Virtual Local Area Networks) can isolate tenants in a multi-tenant cloud environment, ensuring data separation. Shared Virtual Machines could compromise security, while Data Masking and Encryption protect data but do not provide isolation.

Correct Answer: Capacity Management

Capacity Management ensures that cloud resources are used efficiently and meet current and future demand. Incident Management deals with resolving issues, Problem Management identifies root causes, and Service Level Management focuses on meeting SLA requirements.

Correct Answer: Risk Avoidance

Risk Avoidance involves discontinuing a risky activity, eliminating the risk entirely. Risk Mitigation reduces risks, Risk Transference shifts them to another party, and Risk Acceptance means accepting the risks.

Correct Answer: Purpose Limitation

The Purpose Limitation principle under GDPR mandates that personal data be collected for specified, legitimate purposes and not be further processed in a manner incompatible with those purposes.

Correct Answer: SSL/TLS

SSL/TLS is the encryption protocol used to secure communication between a web browser and a cloud service. Hashing is used for data integrity, while Symmetric and Asymmetric Encryption are used for data protection.

Correct Answer: Load Testing

Load Testing evaluates a cloud service's ability to handle heavy traffic or demand. Penetration Testing identifies security vulnerabilities, Functional Testing checks that the service meets requirements, and Compliance Testing ensures it meets legal standards.

Correct Answer: Risk Appetite Statement

The Risk Appetite Statement defines the acceptable levels of risk that an organization is willing to tolerate and guides risk management efforts. A Risk Register tracks identified risks, and the Incident Response Plan and Business Continuity Plan ensure operations during disruptions.