• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

10 Cards in this Set

  • Front
  • Back

What are the five essential characteristics of cloud computing as defined by NIST?

Broad Network Access
Rapid Elasticity
Measured Service
On-Demand Self Service
Resource Pooling

The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?

The value at risk

In the majority of data protection laws, when the data is transferred to a third party custodian, who is ultimately responsible for the security of the data?

The Data Controller

What is the most important reason for knowing where the cloud service provider will host the data?

So that it can address the specific restrictions that foreign data protection laws may impose.

What are the six phases of the data security lifecycle?


Why is the size of data sets a consideration in portability between cloud service providers?

The sheer size of data may cause an interruption of service during a transition, or a longer transition period than anticipated.

What are the four D's of perimeter security?


In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

In multi-tenant environments the operator or provider cannot normally accommodate visits by every customer to conduct an audit.

What measures could be taken by the cloud service provider (CSP) that might reduce the occurrence of application level incidents?

SaaS providers that generate extensive customer-specific application logs and provide secure storage as well as analysis facilities will ease the IR burden on the customer.

How should an SDLC be modified to address application security in a Cloud Computing environment?

Organizations must adopt best practices for development, either by having a good blend of processes, tools, and technologies of their own or adopting one of the maturity models.