Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

10 Cards in this Set

  • Front
  • Back

What are the five essential characteristics of cloud computing as defined by NIST?

Broad Network Access
Rapid Elasticity
Measured Service
On-Demand Self Service
Resource Pooling

The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?

The value at risk

In the majority of data protection laws, when the data is transferred to a third party custodian, who is ultimately responsible for the security of the data?

The Data Controller

What is the most important reason for knowing where the cloud service provider will host the data?

So that it can address the specific restrictions that foreign data protection laws may impose.

What are the six phases of the data security lifecycle?


Why is the size of data sets a consideration in portability between cloud service providers?

The sheer size of data may cause an interruption of service during a transition, or a longer transition period than anticipated.

What are the four D's of perimeter security?


In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

In multi-tenant environments the operator or provider cannot normally accommodate visits by every customer to conduct an audit.

What measures could be taken by the cloud service provider (CSP) that might reduce the occurrence of application level incidents?

SaaS providers that generate extensive customer-specific application logs and provide secure storage as well as analysis facilities will ease the IR burden on the customer.

How should an SDLC be modified to address application security in a Cloud Computing environment?

Organizations must adopt best practices for development, either by having a good blend of processes, tools, and technologies of their own or adopting one of the maturity models.