IS5503 WEEK 1 SOLUTIONS

  1. ____________________ is the continuous execution of the first three steps (dev, build, and test) in the application development life cycle.   Continuous integration
  2. A __________ is a standard of performance or point of reference for comparison   benchmark
  3. A client is negotiating an SLA with a CSP. Who is responsible for defining the recovery point objective (RPO) and recovery time objective (RTO)?   The client defines the RPO, and the CSP defines the RTO
  4. A medical company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend to use?   Community
  5. An organization purchases insurance for company vehicles. What kind of risk response is this?   Transfer
  6. Carl is learning about how cloud service providers allocate physical resources into a group. These resources are then dynamically associated with cloud services, as demand requires. Which of the following cloud characteristics is he learning?   Resource pooling
  7. Hazel is working as a cloud administrator at NilCo. Management has asked her to perform an analysis of on-premises resources and provide the correctly sized resources in the cloud such that the company pays only for the resources they are using. What points should she consider to accomplish this task?  –Focus on recent data
    -Separate the environments for development, testing, and production
  8. Identifying all the assets of an organization and documenting any risk and the response to the risk refers to a(n):  risk register
  9. In general, who is responsible for defining the recovery point objective (RPO) and the recovery time objective (RTO) in a service level agreement (SLA)?   The client defines both the RPO and the RTO
  10. In the Continuous Integration Continuous Delivery (CI/CD) pipeline, the four steps (develop, build, test, and release) are separated into ______ from each other, and the CI/CD attempts to remove them.  Silos
  11. In the shared responsibility model, what is the client responsible for?   Security in the cloud
  12. In which migration approach are applications optimized to make full use of cloud capabilities?   Rip and replace
  13. Jack is a cloud+ professional researching data replication options for his MySQL database. For redundancy reasons, he decided to create a backup replica in a different availability zone that could become master should the primary zone go offline. For performance reasons, he has decided to update the replica in near real-time after the initial write operation on the primary database. What will he use?  Asynchronous replication
  14. Joe is working as a product manager at NilCo. Management has asked him to deploy some new infrastructure with the updates and changes without implementing them directly on the production server. The deployment should occur in a procedural and repeatable fashion. Which of the following will he use to accomplish this task?   –Bootstrapping
    -Golden image
  15. John, a security analyst, is purchasing the DDoS protection service because while performing a risk assessment he considers the DDoS attack as a serious threat. What type of risk management strategy is John pursuing?   Mitigation
  16. Liza is a new cloud+ architect for BigCo Inc. She is using a cloud service that provides computing hardware, but the operating system is not included. Which of the following cloud services is she using?    Infrastructure as a service
  17. Lucas is the network administrator for a company. Management has asked him to prepare a report regarding the performance of the current environment so that they can manage or improve the performance of their environment. What will he use to accomplish this task?    Baseline
  18. Maria is a security analyst in the XYZ company. Management has asked her to implement a solution that helps users to authenticate themselves using two or more pieces of information. For that purpose, she is implementing multifactor authentication (MFA). Which of the following implementations should she deplooy?  Biometrics, smart cards, and strong passwords
  19. Marry a deployment manager works with a software development group to assess the security of a new version of the organization’s internally developed tool. The organization prefers focusing on assessing security throughout the life cycle. Which of the following methods should she perform to assess the security of the product?   Vulnerability scanning
  20. Meghan is working as a cloud analyst at Congruence Corp. Management has informed her about the data breach in the company’s datacenter. For this, she investigated the security of the datacenter and found that the data in transit are intercepted by an attacker. Which of the following has the attacker compromised during the attack?   Confidentiality
  21. Microsoft Azure is an example of which type of cloud deployment model?   Public
  22. Rhea, a network administrator, wants to create an entire virtual network with all of the virtual devices needed to support the service or application. Which of the following cloud models will she use to accomplish the task?   Platform as a service
  23. Risk is the probability of the occurrence of a _______.   Threat
  24. Security assessments that scan and review the source code for bugs and defects is an example of:  application scanning
  25. Stella, a cloud+ student, is learning the process of evaluating current resources used in on-premises data centers to determine the resources required in the cloud. What is she learning about   Right-sizing
  26. The network diagrams have finally been digitized, and the paper diagrams that have been hanging on the wall can be destroyed. Which data category and data security principles are being used?  Sensitive, confidentiality
  27. The only parking garage near your office building is across the street at a busy intersection, and all your employees must cross the intersection. There is a parking garage that is farther away on the same side of the street, but your employees either can’t or don’t want to use it because of the distance. The organization decides to purchase and offer a shuttle service from the distant parking garage free of charge to the employees. This is best described as what type of risk response technique?   Mitigation
  28. What are some of the benefits of using digital marketing?  -Better customer engagement
    -Real-time results, monitoring, and optimization
    -Enhanced analytics
    -Campaign automation and integration
    -Lower costs
  29. What are the principles for constructing a request for information?                                                                   -Make it as easy as possible for the vendor to complete
    -Be clear on the process, timelines, and next steps
    -Ask for information in a standard format
    -Keep the request high-level
    -Be clear on the project objectives
  30. What are the services do managed service providers (MSPs) deliver?  -Daily management and troubleshooting
    -Performance testing
    -Monitoring and reporting
    -Backup and recovery
  31. What are the steps involved in the continuous integration (CI) of the application development life cycle?  Dev, build, and test
  32. What is SSH used for within the cloud environment?  To remotely manage a Linux server
  33. What is the final step to take in the cloud assessment process?  Create documentation and diagrams
  34. What refers to a semi-public intermediary network located between two firewalls?  Demilitarized zone
  35. What storage type is best suited for databases and large scale, frequently accessed storage solutions?  Block
  36. Which cloud characteristic allows clients to access additional resources automatically?   Self-service
  37. Which cloud characteristic states that iOS, Android, and Windows users should all be able to use cloud resources?   Broad network access
  38. Which cloud computing model provides only low-level server resources to host applications for organizations?   Infrastructure as a service
  39. Which cloud concept makes networks more agile by separating the forwarding of network packets from logical decision-making process?   Software-defined networking
  40. Which International Organization of Standarization (ISO) standard covers the following topics?  27017
  41. Which licensing model has the following benefits:  Bring your own license
  42. Which of the following analyses is dependent on the monetary value of an asset?   Quantitative
  43. Which of the following analyses is dependent on the perceived value of an asset?   Qualitative
  44. Which of the following are aspects of human capital?   -Training
    -Professional development
  45. Which of the following are benefits of using an open-source cloud solution?                                                   -Faster updates
    -Flexibility in development
    -No vendor lock-in
  46. Which of the following are examples of digital marketing services offered within cloud environments?  -Social media posts
    -Email campaigns
  47. Which of the following are examples of infrastructure as a service (IaaS) that a cloud provider might offer?   -Storage
    -Compute
  48. Which of the following are the common infrastructure as a service (IaaS) use cases?                                       -Data storage, backup, and recovery
    -Hosting of websites and web apps
    -High performance computing
    -Testing and development
    -High security standards
  49. Which of the following cloud characteristics explains that a cloud provides services to serve multiple clients according to their priority?   Resource pooling
  50. Which of the following cloud networking services separates the forwarding of network packets from the logical decision-making process?  Software-defined networking
  51. Which of the following cloud resources will have a cost associated with any transfer of data out of the CSP’s infrastructure?  -Object storage
    -Network
  52. Which of the following cloud storage types allows an operating system to modify one portion of a file without opening without opening the entire file?  Block
  53. Which of the following cloud storage types allows files to be broken into more manageable chunks rather than being stored as one entity?   Block
  54. Which of the following data sovereignty laws will an organization consider for doing business internationally?  -The location of the organization that stores the data

    -The nation where the data is stored

    -The nationality of the user for whom the organization is storing data
  55. Which of the following documents are used to provide high-level guidance dictated by business goals and objectives?   Policy
  56. Which of the following features does a content delivery network (CDN) provide?                                        -Increased website performance
    -Increased reliability
    -Greater scalability
    -Decreased bandwidth costs
    -Increased security
  57. Which of the following helps to establish the identity of an entity with adequate assurance?  Authentication
  58. Which of the following International Organization of Standardization (ISO) establishes the criteria for a quality management system?   9001
  59. Which of the following International Organization of Standardization (ISO) standards mandates requirements that define how to implement, monitor, maintain, and continually improve an information security management system?  27001
  60. Which of the following International Organization of Standardization (ISO) standards is designed to be used as a reference for selecting cloud services information security controls?  27017
  61. Which of the following International Organization of Standardization (ISO) standards covers the following topics?  27017
  62. Which of the following International Organization of Standardization (ISO) standards is specific to CSPs and details information security?  27017
  63. Which of the following International Organization of Standardization (ISO) standards governs personally identifiable information (PII) in the cloud?   27018
  64. Which of the following is a key operating principle of blockchain?  -Decentralization
    -Transparency
    -Immutability
  65. Which of the following is a process of assigning costs of cloud resources to either individuals or departments that are responsible for the resources?  Chargeback
  66. Which of the following is a way to store all the components needed to execute a microservice in the same package?   Containerization
  67. Which of the following is primarily used when doing upgrades and patching on production infrastructure?     Blue/green deployment
  68. Which of the following is responsible for managing risk in an organization?    Asset owner
  69. Which of the following is the process of looking at threats against assets and past events to determine a plan of action that will improve the security posture of an organization?   Hardening
  70. Which of the following laws reforms the financial services industry and specifically addressed concerns about protecting consumer privacy?   Gramm-Leach-Bliley Act
  71. Which of the following laws requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results?  Sarbanes-Oxley Act
  72. Which of the following provides directions, guidance, and goals for an organization?   Policy
  73. Which of the following provides high-level guidance dictated by business goals and objectives?   Policy
  74. Which of the following provides the maximum downtime per day as 4.32 seconds in the cloud?  Four nines five
  75. Which of the following risk responses attempts to reduce or eliminate risk entirely through utilizing resources or changing the probability of threats?  Avoidance 
  76. Which of the following risk responses attempts to reduce the probability of a threat against an asset by utilizing resources?   Mitigation
  77. Which of the following risk responses decides to initiate actions to prevent any risk from taking place?   Mitigation
  78. Which of the following risks should be considered during and after the migration process while performing the right migration steps?                                                                                                                      -Security risks
    -Complexity creep
    -Application issues
  79. Which of the following risks will you consider during and after the migration process while performing the right migration steps?   –Application issues
    -Complexity creep
    -Security risks
  80. Which of the following sections should you include while constructing a contract?   -Privacy and security policy
    -Acceptable use policy (AUP)
    -Service level agreement (SLA)
    -Egress terms
  81. Which of the following security policies defines behaviors and activities that are acceptable in an organization?  Advisory
  82. Which of the following security policies defines the behaviors and activities that are acceptable in an organization?  Advisory
  83. Which of the following security policies provides reasoning about goals and mission statements for the organization?   Informative
  84. Which of the following should be included in the statement of work (SOW)?                                                              -Project objectives, including business, technical, security, administration, & others
    -Description & scope of services, including key deliverables & timelines
    -Key performance indicators
    -Roles & responsibilities of both the vendor & the client
    -Standards, compliance, & testing, if needed
    -Terms & conditions, such as how long the SOW will be valid for
    -Payment &/or billing terms
    -Points of contact for both parties
  85. Which of the following standards is concerned with HIPAA, GLBA, PCI DSS , and FINRA?  Industry-based
  86. Which of the following statements are correct regarding a gap analysis?  -It prioritizes the allocation of resources

    -It identifies which technical features or functions have been left out of the migration plan

    -It determines the compatibility issues between any components in the migration plan, but does not resolve it

    -It identifies policies or regulations that are not being met with the current migration plan
  87. Which of the following stipulates and outlines the books and record-keeping requirements?  Financial Industry Regulatory Authority
  88. Which of the following storage types stores individual files like a normal file system, but there is no hierarchy as there is in a file system   Object
  89. Which of the following strives to make automation efficient and manageable in the cloud?  Orchestration
  90. Which of the following things are determined by a feasibility study during cloud assessment?  -Compliance, security, and privacy guidelines
    -A migration path to the cloud
    -Which capabilities can and should be offloaded to the cloud
    -The level of availability your company needs
    -Support services needed, either internal or from the CSP
  91. Which storage type is used for OS boot partition of an instance running in the cloud?   Block
  92. Which term describes the process of automatic testing and deploying code to production?  Continuous delivery
  93. Which testing can be performed in both the user acceptance (UA) and dev/test environments?  Regression
  94. Which testing validates that new features and bug fixes don’t have a negative impact on the production code?  Regression
  95. Which virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it? Snapshot
  96. You are working as a software engineer at XYZ Inc. You just received an email reporting suspicious activity and immediately lock the account. You want to review the suspicious activity before manually locking the CEO’s account, so you click the first link. Which data security principle did you just violate?   Integrity
  97. You want to test a solution from a CSP to show that a new technology works properly. Which type of evaluation should you perform?    Proof of concept
  98. Your CTO wants to ensure that company users in Asia, Europe, and South America have access to cloud resources. Which cloud characteristic should be considered to meet the business need?  Scalability
  99. Your organization enforces new data privacy laws, like general data protection regulation (GDPR) which significantly restricts the information should be converted and stored in binary digital form. Which of the following concepts does this law encompass?  Data sovereignty

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 172

Leave a Reply

Your email address will not be published. Required fields are marked *