D320 Managing Cloud Security - Set 3 - Part 1

Correct Answer: Collecting only the necessary personal data

Data Minimization under GDPR means collecting only the personal data necessary for the specified purpose. Other options relate to other GDPR principles, such as Lawfulness and Fairness.

Correct Answer: Community Cloud

A Community Cloud involves multiple organizations with shared resources and interests. A Private Cloud serves a single organization, while Public Cloud involves sharing resources with unrelated customers.

Correct Answer: Data Masking

Data Masking involves replacing sensitive data with useless characters to protect it while still allowing the data to be used. Tokenization and Hashing are different methods of protecting data, and Encryption secures data in transit or at rest.

Correct Answer: Multi-Cloud

A Multi-Cloud environment involves using resources from multiple cloud providers. Hybrid Cloud combines private and public clouds, while Private Cloud and Public Cloud refer to single cloud models.

Correct Answer: To protect web applications from common threats

A WAF protects web applications from threats like cross-site scripting (XSS) and SQL injection. Managing access, encrypting data, and distributing traffic are handled by different systems.

Correct Answer: SSL/TLS

SSL/TLS is used to secure communication between a web browser and a cloud service by encrypting data in transit. Symmetric and Asymmetric Encryption are methods of encrypting data, and Hashing is for ensuring data integrity.

Correct Answer: Integrity

Integrity ensures that data is protected from unauthorized modification. Availability ensures data is accessible when needed, Confidentiality protects data from unauthorized access, and Non-repudiation ensures that a transaction or action cannot be denied by its initiator.

Correct Answer: To create a secure connection over a public network

A VPN is used to create a secure and encrypted connection over a public network, ensuring the confidentiality of the data transmitted. Data encryption, tenant isolation, and access detection are handled by other systems.

Correct Answer: Hybrid Cloud

A Hybrid Cloud combines private and public cloud resources to meet different organizational needs. Community Cloud involves shared resources, and Multi-Cloud uses resources from multiple providers.

Correct Answer: Homomorphic Encryption

Homomorphic Encryption allows data to be processed while still encrypted, preventing unauthorized users from accessing it. Disk Encryption protects data at rest, while Data Masking and Tokenization protect data by obscuring or substituting it.

Correct Answer: Problem Management

Problem Management focuses on identifying and addressing the root cause of incidents to prevent them from recurring. Incident Management deals with resolving incidents as they occur, while Disaster Recovery focuses on restoring services.

Correct Answer: Risk Avoidance

Risk Avoidance involves eliminating a risk by discontinuing the associated activity. Risk Mitigation reduces the risk, Risk Transference shifts it to another party, and Risk Acceptance involves accepting the potential consequences.

Correct Answer: ISO/IEC 27001

ISO/IEC 27001 is an international standard for information security management systems. PCI DSS focuses on payment card data, HIPAA addresses healthcare data, and NIST SP 800-53 is for federal information systems.

Correct Answer: Biba Model

The Biba Model is designed to protect data integrity by ensuring that only authorized individuals can modify it. Bell-LaPadula focuses on confidentiality, DAC allows data owners to control access, and RBAC assigns access based on roles.

Correct Answer: To centralize and analyze security logs

A SIEM system centralizes and analyzes security logs to identify and respond to potential threats. It does not manage access, encrypt data, or configure firewalls directly, but it helps monitor the cloud environment for security threats.

Correct Answer: IaaS

IaaS (Infrastructure as a Service) provides customers with virtual machines, storage, and networking resources. SaaS provides software, PaaS provides a platform for application development, and DaaS refers to desktop virtualization services.

Correct Answer: Risk Transference

Risk Transference involves sharing or transferring the risk to another party, such as through outsourcing or insurance. Risk Mitigation reduces the risk, Risk Acceptance involves taking no action, and Risk Avoidance eliminates the risk.

Correct Answer: Disk Encryption

Disk Encryption secures data at rest in a cloud environment. Homomorphic Encryption allows data to be processed while encrypted, SSL/TLS secures data in transit, and Tokenization replaces sensitive data with tokens.

Correct Answer: Service Level Management

Service Level Management ensures that cloud services meet or exceed the terms defined in the SLa) Change Management handles modifications, Incident Management resolves incidents, and Capacity Management ensures resources meet demand.

Correct Answer: Risk Assessment

Risk Assessment involves identifying, analyzing, and prioritizing risks based on their potential impact and likelihood. Risk Mitigation, Transference, and Avoidance are strategies for managing risks after they have been assessed.