D320 Managing Cloud Security - Set 5 - Part 1

Correct Answer: Allowing data to be processed while encrypted

Homomorphic Encryption allows data to be processed while still encrypted, protecting it during use. Data at rest and in transit is secured by other encryption methods.

Correct Answer: Risk Avoidance

Risk Avoidance involves eliminating a risky activity altogether to prevent risk. Risk Acceptance tolerates risk, Risk Mitigation reduces it, and Risk Transference shifts it to another party.

Correct Answer: SSL/TLS

SSL/TLS protocols encrypt data during communication between cloud services and users, ensuring secure transmission. Firewalls, VPN, and MFA serve different security purposes.

Correct Answer: Capacity Management

Capacity Management ensures cloud resources are efficiently used to meet current and future demand. Incident Management addresses immediate issues, Problem Management identifies root causes, and Change Management handles modifications.

Correct Answer: Risk Acceptance

Risk Acceptance means choosing to tolerate the risk without taking steps to mitigate, avoid, or transfer it.

Correct Answer: Centralizing and analyzing security logs

SIEM systems centralize and analyze security logs to detect potential threats. They do not handle encryption, identity management, or firewall configuration directly.

Correct Answer: FERPA

FERPA (Family Educational Rights and Privacy Act) protects the privacy of student educational records. HIPAA protects health information, SOX focuses on corporate governance, and GLBA addresses financial data.

Correct Answer: Change Management

Change Management involves tracking, documenting, and approving changes to cloud infrastructure. Incident Management addresses issues, Problem Management handles root causes, and Capacity Management ensures efficient resource use.

Correct Answer: SSL/TLS

SSL/TLS is the most commonly used method to secure data during transmission. Disk Encryption secures data at rest, and Homomorphic Encryption allows data processing while encrypted.

Correct Answer: Ensuring only authorized devices connect to the network

NAC controls which devices can connect to the cloud network. It does not handle encryption or firewall configuration directly.

Correct Answer: Disk Encryption

Disk Encryption is commonly used to secure data at rest. SSL/TLS secures data in transit, while Homomorphic and Symmetric Encryption are used in other contexts.

Correct Answer: Risk Transference

Risk Transference involves shifting the financial consequences of a risk, such as by purchasing insurance, to another party.

Correct Answer: Ensuring cloud resources are sufficient to meet demand

Capacity Management focuses on ensuring that cloud resources meet current and future demand. Incident Management deals with resolving immediate issues, and monitoring security events falls under SIEM.

Correct Answer: Qualitative Risk Assessment

Qualitative Risk Assessment uses non-numerical descriptions like "high" or "low" to rank risks. Quantitative Risk Assessment uses numerical values, and Scenario Analysis explores potential impacts.

Correct Answer: Securing access by requiring multiple forms of verification

MFA strengthens security by requiring multiple forms of verification to prevent unauthorized access. It does not directly handle encryption or event monitoring.

Correct Answer: GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop information security plans for customer data protection.

Correct Answer: Configuration Management

Configuration Management ensures systems are correctly configured. Capacity Management optimizes resource use, and Incident Management and Disaster Recovery focus on addressing and recovering from disruptions.

Correct Answer: Securing communication between users and cloud services

VPN secures communication between users and cloud services by encrypting traffic. Other technologies handle tenant isolation, encryption at rest, and identity management.

Correct Answer: HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of health records in the United States.

Correct Answer: IaaS

IaaS (Infrastructure as a Service) gives customers control over the operating system and applications. SaaS and PaaS offer more managed services, while Public Cloud is a deployment model.