Question 91: What percentage of workloads were executed in the cloud in 2019?
A. 29%
B. 48%
C. 56%
D. 71%
Correct Answer: C. 56%
Explanation: According to a Nemertes Research study, 56% of workloads were executed in the cloud in 2019, compared to 44% executed on premises. This marked the first time in history that more workloads resided in the cloud than on premises.
Question 92: Cloud security analytics can help enterprises:
A. Predict account hijacking
B. Detect malware with unknown signatures
C. Monitor data for access
D. All of the above
Correct Answer: D. All of the above
Explanation: There are numerous use cases for cloud security analytics, including threat intelligence analysis, such as predicting account hijacking; performing malware detection, including those without known signatures; providing data classification; and monitoring for access.
Question 93: Which of the following is not a benefit of multi-cloud over single cloud?
A. It eliminates a single point of failure
B. It simplifies to the least common denominator
C. It makes shifting workloads between clouds easier
D. It reduces costs
Correct Answer: A. It eliminates a single point of failure
Explanation: Although some claim using a single cloud vendor creates a single point of failure, it is not always the case. For example, it would be wasteful for enterprises to have two separate ERP or CRM systems. Likewise, many enterprises have separate cloud vendors for backup and redundancy. Therefore, a multi-cloud deployment is no more a single point of failure than a single cloud provider.
Question 94: AWS CloudTrail, Azure Activity Log and Azure Monitor, and Google Cloud Platform (GCP) Operations are all examples of:
A. Serverless platforms
B. Cloud logging tools
C. Cloud antimalware
D. Data protection services
Correct Answer: A. Serverless platforms
Explanation: AWS CloudTrail, Azure Activity Log and Azure Monitor, and GCP Operations are all examples of tools that provide central logging in cloud environments.
Question 95: Securing input, code and execution in serverless applications is critical because:
A. You need a third-party provider for static code review
B. Predefined database layer logic is required
C. The container host platform is largely out of scope
D. All of the above
Correct Answer: C. The container host platform is largely out of scope
Explanation: Serverless computing offloads the entire workload, including the container and OS instance, to the provider’s backplane. As such, the container host platform is largely out of scope, so teams must focus on securing input, code and execution.
Question 96: Which is not true of the SASE model?
A. It acts as a VPN replacement
B. It relies on switching, routing and proxies for cloud access
C. It integrates web application firewall policies and services using a brokered approach
D. It unifies numerous threat detection capabilities into one fabric
Correct Answer: B. It relies on switching, routing and proxies for cloud access
Explanation: Traditional network models rely on switching, routing and proxies for access control to cloud resources. SASE services rely on API integration and request introspection for access control to cloud resources.
Question 97: What is the cloud control plane?
A. A service fabric of cloud tools
B. A unified hub of security and monitoring tools
C. A collection of administrative consoles and interfaces
D. A vendor-neutral security service
Correct Answer: C. A collection of administrative consoles and interfaces
Explanation: Each cloud service generally comes with its own administrative console and/or interface. Collectively, these are known as the cloud control plane.
Question 98: Which is not an example of a cloud workload?
A. A VM
B. A containerized application
C. An API
D. None of the above
Correct Answer: D. None of the above
Explanation: The term workload refers to any unit of functionality or capability, as well as what is required to run it. Cloud workloads can be practically anything, including VMs, containerized applications and APIs.
Question 99: Which of the following is not a control in privacy-preserving machine learning?
A. Federated learning
B. Differential privacy
C. Decentralized identity
D. Homomorphic encryption
Correct Answer: C. Decentralized identity
Explanation: Privacy-preserving machine learning is a set of security-focused controls that include federated learning, differential privacy and homomorphic encryption.
Question 100: Which factor is the most important item when it comes to ensuring security is successful in an organization?
A. Senior management support
B. Effective controls and implementation methods
C. Updated and relevant security policies and procedures
D. Security awareness by all employees
Correct Answer: A. Senior management support
Explanation: Without senior management’s support, a security program will not receive the necessary attention, funds, resources, and enforcement capabilities.