1. In most redundant array of independent disks (RAID) configurations, data is stored across different disks. Which method of storing data is described?
A. Striping Correct
B. Crypto-shredding
C. Archiving
D. Mapping
Explanation
Striping is the technique used in RAID systems where data is divided into segments and distributed across multiple disks to enhance performance and provide redundancy in certain RAID levels like RAID 0, RAID 5, or RAID 6. This allows for parallel read/write operations. Crypto-shredding refers to securely deleting data by destroying encryption keys, archiving involves long-term storage of inactive data, and mapping typically refers to associating logical addresses to physical locations, which is not specific to data distribution across disks in RAID.
2. Which phase of the cloud data life cycle involves activities such as data categorization and classification, including data labeling, marking, tagging, and assigning metadata?
A. Store
B. Create Correct
C. Destroy
D. Use
Explanation
In the standard cloud data lifecycle model (often defined by frameworks like those from the Cloud Security Alliance), the Create phase is where data is generated or ingested, and it is the appropriate stage to perform initial categorization, classification, labeling, tagging, and metadata assignment. This ensures that data is properly identified and handled from the outset, enabling appropriate security controls in subsequent phases. The Store phase focuses on persistent storage, Use on processing or accessing, and Destroy on secure deletion.
3. Which phase of the cloud data life cycle involves the process of crypto-shredding?
A. Archive
B. Create
C. Destroy Correct
D. Store
Explanation
Crypto-shredding is a secure data destruction technique where encryption keys are deliberately deleted, making the encrypted data irrecoverable without decrypting it first. This aligns with the Destroy phase of the cloud data lifecycle, which encompasses all activities related to the permanent and secure removal of data to prevent unauthorized recovery or access.
4. An engineer has been given the task of assuring all of the keys used to encrypt archival data are securely stored according to industry standards. Which location is a secure option for the engineer to store encryption keys for decrypting data?
A. An escrow that is kept separate from the data it is tied to Correct
B. A repository that is made public
C. An escrow that is kept local to the data it is tied to
D. A repository that is made private
Explanation
Storing encryption keys in a key escrow service that is separate from the encrypted data follows industry best practices (e.g., NIST guidelines) for key management. Separation reduces the risk of simultaneous compromise; if an attacker accesses the data, they still cannot decrypt it without the keys from the escrow. A public repository exposes keys to risks, a local escrow risks co-location vulnerabilities, and a private repository lacks the specialized secure handling of an escrow.
5. Which threat prohibits the use of data by preventing access to it?
A. Rainbow tables
B. Brute force
C. Encryption
D. Denial of service Correct
Explanation
A denial of service (DoS) attack overwhelms systems or networks, making data or services unavailable to legitimate users, thus prohibiting access. Rainbow tables are precomputed hashes for cracking passwords, brute force involves exhaustive trial-and-error attacks on credentials or encryption, and encryption is a protective measure, not a threat.