question 1
Which of the following cloud computing service models involves the provider managing hardware and offering a platform for customers to develop applications?
A. SaaS
B. PaaS
C. IaaS
D. DaaS

correct answer: B. PaaS
explanation: Platform as a Service (PaaS) provides hardware and software tools (like OS, databases) managed by the provider, enabling users to develop and deploy applications without managing the underlying infrastructure.

---

question 2
In a cloud environment, who holds ultimate responsibility for data security?
A. Cloud provider
B. Cloud customer
C. Third-party auditors
D. Government regulators

correct answer: B. Cloud customer
explanation: The customer always retains responsibility for their data security in the cloud, even though providers manage infrastructure and services.

---

question 3
Which document formally defines security roles and responsibilities between cloud providers and customers?
A. SLA
B. BPA
C. NDA
D. MOU

correct answer: A. SLA
explanation: A Service Level Agreement (SLA) defines performance, security, and service expectations between a cloud provider and a customer.

---

question 4
Which type of encryption is most efficient for securing large amounts of cloud-stored data at rest?
A. Asymmetric encryption
B. Hashing
C. Symmetric encryption
D. Public key encryption

correct answer: C. Symmetric encryption
explanation: Symmetric encryption is fast and efficient for encrypting large datasets, making it ideal for securing data at rest.

---

question 5
Which cloud deployment model is owned and operated by the organization itself?
A. Public cloud
B. Private cloud
C. Hybrid cloud
D. Community cloud

correct answer: B. Private cloud
explanation: A private cloud is operated solely for a single organization, offering greater control over security and compliance.

---

question 6
What is a major advantage of multitenancy in cloud computing?
A. Data encryption is unnecessary
B. Reduced cost through shared resources
C. Elimination of data loss
D. Dedicated resources for each user

correct answer: B. Reduced cost through shared resources
explanation: Multitenancy allows multiple customers to share computing resources, reducing overall costs.

---

question 7
Which security control ensures that users can only access resources necessary for their job?
A. Non-repudiation
B. Least Privilege
C. Segregation of Duties
D. Access Recertification

correct answer: B. Least Privilege
explanation: Least Privilege ensures users are granted the minimum levels of access — or permissions — needed to perform their tasks.

---

question 8
Which law is most concerned with protecting healthcare-related information?
A. GDPR
B. PCI DSS
C. HIPAA
D. SOX

correct answer: C. HIPAA
explanation: HIPAA (Health Insurance Portability and Accountability Act) focuses on protecting sensitive healthcare information.

---

question 9
A company stores encrypted customer data in the cloud. What is the best place to store the encryption keys?
A. In the same cloud environment as the data
B. With the customer’s legal team
C. In a separate, secured key management service
D. Hard-coded into the application

correct answer: C. In a separate, secured key management service
explanation: Storing encryption keys separately from the encrypted data enhances security by preventing simultaneous compromise.

---

question 10
Which cloud security certification standard is specifically developed for cloud providers?
A. ISO 27001
B. SOC 1
C. CSA STAR
D. NIST 800-53

correct answer: C. CSA STAR
explanation: The Cloud Security Alliance’s STAR program certifies cloud providers against a comprehensive set of security controls.

question 11
What is the primary goal of tokenization in cloud security?
A. Encrypt all data before storage
B. Mask sensitive data by replacing it with non-sensitive placeholders
C. Increase performance of databases
D. Improve application speed

correct answer: B. Mask sensitive data by replacing it with non-sensitive placeholders
explanation: Tokenization replaces sensitive data elements with non-sensitive equivalents (tokens) to protect the original data.

---

question 12
Which of the following is a logical control in cloud security?
A. Fire suppression systems
B. Biometrics
C. Encryption
D. Security guards

correct answer: C. Encryption
explanation: Logical (technical) controls like encryption protect systems and data electronically, unlike physical controls.

---

question 13
Which framework provides a shared responsibility model for cloud security?
A. ISO 9001
B. CSA CCM
C. ITIL
D. COBIT

correct answer: B. CSA CCM
explanation: The Cloud Controls Matrix (CCM) by the Cloud Security Alliance outlines responsibilities shared between cloud providers and customers.

---

question 14
In a cloud environment, what does “vendor lock-in” refer to?
A. The inability to access cloud services after termination
B. Being forced to use a specific network service provider
C. Difficulty migrating from one provider to another
D. Requirement to renew contracts annually

correct answer: C. Difficulty migrating from one provider to another
explanation: Vendor lock-in happens when moving workloads and data to another provider is complex, costly, or impractical.

---

question 15
Which type of backup strategy would provide the fastest recovery time for cloud services?
A. Full backup
B. Differential backup
C. Incremental backup
D. Continuous replication

correct answer: D. Continuous replication
explanation: Continuous replication allows near-instantaneous failover and recovery by constantly copying data to a secondary system.

---

question 16
Which cloud computing attribute provides unlimited and automatic resource scalability?
A. Broad network access
B. Rapid elasticity
C. Measured service
D. On-demand self-service

correct answer: B. Rapid elasticity
explanation: Rapid elasticity allows resources to be quickly scaled up or down to meet demand.

---

question 17
Which mechanism ensures that changes to cloud systems are tracked and approved appropriately?
A. Configuration management
B. Change management
C. Patch management
D. Incident response

correct answer: B. Change management
explanation: Change management ensures all changes are formally evaluated, approved, tracked, and implemented properly.

---

question 18
Which of the following would best help prevent data breaches due to misconfigured cloud storage?
A. Penetration testing
B. Firewall installation
C. Encryption
D. Automated configuration auditing

correct answer: D. Automated configuration auditing
explanation: Automated tools regularly check for misconfigurations, helping detect and fix insecure settings before they cause breaches.

---

question 19
Which concept ensures that once a transaction is recorded, it cannot be altered without detection?
A. Redundancy
B. Integrity
C. Confidentiality
D. Availability

correct answer: B. Integrity
explanation: Integrity ensures that data is accurate and has not been tampered with.

---

question 20
Which one of the following terms refers to the capability to run systems across multiple geographic locations for disaster recovery?
A. Redundancy
B. Resiliency
C. Geodiversity
D. Elasticity

correct answer: C. Geodiversity
explanation: Geodiversity involves deploying systems across multiple geographic regions to enhance disaster recovery and service availability.

question 21
In cloud computing, what is the term for users automatically provisioning resources without human interaction?
A. Rapid elasticity
B. On-demand self-service
C. Resource pooling
D. Broad network access

correct answer: B. On-demand self-service
explanation: On-demand self-service allows customers to provision computing capabilities as needed automatically without requiring human interaction with the service provider.

---

question 22
Which of the following refers to combining data from multiple sources into a cloud system?
A. Data classification
B. Data aggregation
C. Data segmentation
D. Data encryption

correct answer: B. Data aggregation
explanation: Data aggregation is the process of gathering data from different sources into a centralized cloud environment.

---

question 23
Who is primarily responsible for implementing identity and access management (IAM) in a public cloud?
A. Cloud provider
B. Customer
C. Shared responsibility
D. Third-party consultant

correct answer: B. Customer
explanation: In a public cloud, customers are responsible for configuring and managing IAM to control access to their resources.

---

question 24
Which concept ensures that a cloud service continues to function even after a component failure?
A. Confidentiality
B. Availability
C. Redundancy
D. Integrity

correct answer: C. Redundancy
explanation: Redundancy refers to having multiple systems or components in place so that failure of one does not impact service delivery.

---

question 25
Which regulation primarily applies to financial reporting and internal controls?
A. HIPAA
B. SOX
C. GDPR
D. PCI DSS

correct answer: B. SOX
explanation: The Sarbanes-Oxley Act (SOX) focuses on improving the accuracy of corporate disclosures and financial reporting.

---

question 26
Which backup method captures only the data that has changed since the last backup?
A. Full backup
B. Differential backup
C. Incremental backup
D. Mirror backup

correct answer: C. Incremental backup
explanation: Incremental backup saves only the data that has changed since the last backup, making it faster and more storage-efficient.

---

question 27
Which tool is specifically designed to evaluate cloud providers’ security controls?
A. CSA STAR Registry
B. OWASP Top 10
C. ISO 9001 Certification
D. ITIL Service Catalog

correct answer: A. CSA STAR Registry
explanation: The Cloud Security Alliance’s STAR Registry provides public assessments of cloud providers’ security postures.

---

question 28
Which model describes when multiple organizations share cloud resources and have similar concerns?
A. Private cloud
B. Public cloud
C. Community cloud
D. Hybrid cloud

correct answer: C. Community cloud
explanation: Community clouds are shared by several organizations with common needs and compliance requirements.

---

question 29
Which is the best method for controlling and managing user authentication across multiple cloud services?
A. Separate credentials for each service
B. Single Sign-On (SSO)
C. Two-Factor Authentication (2FA)
D. Federated Identity Management

correct answer: D. Federated Identity Management
explanation: Federated Identity Management (FIM) allows users to use the same authentication credentials across different cloud services.

---

question 30
In cloud computing, which term describes monitoring the usage of resources to ensure compliance and efficiency?
A. Resource pooling
B. Measured service
C. Broad network access
D. Elasticity

correct answer: B. Measured service
explanation: Measured service means that cloud systems automatically control and optimize resource use by leveraging a metering capability.

---

question 31
Which attack involves exploiting gaps in multitenant cloud environments?
A. Hyperjacking
B. Session hijacking
C. Side-channel attack
D. SQL Injection

correct answer: C. Side-channel attack
explanation: Side-channel attacks exploit information leaked through physical implementations, often an issue in multitenant environments.

---

question 32
Which ISO standard focuses specifically on cloud computing security?
A. ISO 27001
B. ISO 27017
C. ISO 9001
D. ISO 14001

correct answer: B. ISO 27017
explanation: ISO 27017 provides guidelines for information security controls applicable to the provision and use of cloud services.

---

question 33
What does data sovereignty refer to in cloud computing?
A. Encrypting data before sending to the cloud
B. Locating data in specific jurisdictions to comply with local laws
C. Using private cloud infrastructure
D. Tokenizing all sensitive data

correct answer: B. Locating data in specific jurisdictions to comply with local laws
explanation: Data sovereignty means data is subject to the laws of the country where it is physically stored.

---

question 34
What does virtualization primarily enable in cloud computing?
A. Faster internet speeds
B. Easier physical server upgrades
C. Multiple operating systems running on a single hardware platform
D. Greater licensing costs

correct answer: C. Multiple operating systems running on a single hardware platform
explanation: Virtualization allows multiple virtual machines to run on one physical server, maximizing resource use.

---

question 35
What key advantage does Infrastructure as Code (IaC) provide in cloud environments?
A. Increased licensing requirements
B. Manual configuration of servers
C. Automation of infrastructure deployment
D. Better social engineering defenses

correct answer: C. Automation of infrastructure deployment
explanation: IaC allows infrastructure to be provisioned and managed through code, improving consistency and speed.

---

question 36
Which of the following is a security risk when using APIs in the cloud?
A. Malware infection
B. API credential leakage
C. Physical theft
D. Poor air conditioning in data centers

correct answer: B. API credential leakage
explanation: Poorly managed APIs can expose authentication credentials, leading to security breaches.

---

question 37
What does the term “cloud bursting” refer to?
A. Cloud data being destroyed
B. Moving workloads to a private cloud during peak demand
C. Scaling services automatically during heavy load
D. Ending a cloud service contract

correct answer: C. Scaling services automatically during heavy load
explanation: Cloud bursting is when on-premises resources overflow into a public cloud to handle spikes in demand.

---

question 38
Which cloud service model provides customers with control over operating systems and deployed applications but not underlying infrastructure?
A. SaaS
B. IaaS
C. PaaS
D. DaaS

correct answer: B. IaaS
explanation: Infrastructure as a Service (IaaS) offers virtualized computing resources over the internet, where customers manage OS and apps.

---

question 39
What is the most effective method to protect data during transmission over a public network?
A. Hashing
B. Firewall installation
C. VPN or encryption
D. Network segmentation

correct answer: C. VPN or encryption
explanation: Encrypting data or using a VPN secures information transmitted across public networks.

---

question 40
Which one of the following ensures cloud service providers and customers have mutual legal protection for confidential data?
A. MOU
B. NDA
C. SLA
D. BPA

correct answer: B. NDA
explanation: A Non-Disclosure Agreement (NDA) legally binds both parties to keep confidential information protected.

question 41
Which of the following ensures that system activities can be traced to an individual?
A. Authorization
B. Accountability
C. Integrity
D. Availability

correct answer: B. Accountability
explanation: Accountability ensures actions can be traced to users, providing transparency and auditability.

---

question 42
Which cloud deployment model combines private and public clouds?
A. Public cloud
B. Private cloud
C. Community cloud
D. Hybrid cloud

correct answer: D. Hybrid cloud
explanation: A hybrid cloud integrates private and public cloud systems, allowing data and applications to move between them.

---

question 43
In cloud security, what does a CASB (Cloud Access Security Broker) primarily do?
A. Encrypt cloud storage
B. Act as a gatekeeper between cloud users and providers
C. Block malware on local devices
D. Monitor financial transactions

correct answer: B. Act as a gatekeeper between cloud users and providers
explanation: CASBs enforce security policies between users and cloud services to ensure compliance and security.

---

question 44
Which process ensures only authorized changes are made to cloud infrastructure?
A. Access control
B. Incident response
C. Change management
D. Asset management

correct answer: C. Change management
explanation: Change management ensures that any modifications to systems are authorized, documented, and reviewed.

---

question 45
Which of the following is an example of SaaS?
A. Microsoft Azure
B. Salesforce
C. Amazon EC2
D. Google Kubernetes Engine

correct answer: B. Salesforce
explanation: Salesforce delivers software as a service (SaaS), providing users with access to its CRM platform over the internet.

---

question 46
Which technology separates applications and workloads onto isolated environments on a shared operating system?
A. Hypervisor
B. Containerization
C. Virtual Machines
D. Cloud orchestration

correct answer: B. Containerization
explanation: Containers isolate applications and their dependencies while sharing the host OS kernel.

---

question 47
What is the primary focus of GDPR?
A. Payment security
B. Health information protection
C. Financial reporting
D. Data privacy and protection

correct answer: D. Data privacy and protection
explanation: GDPR regulates how personal data of EU citizens must be handled and protected.

---

question 48
Which of the following best describes due diligence in cloud computing?
A. Relying fully on the provider’s assurances
B. Reviewing providers’ security controls and contracts carefully
C. Trusting industry certifications
D. Automating contract signing

correct answer: B. Reviewing providers’ security controls and contracts carefully
explanation: Due diligence requires careful evaluation of the provider’s security, privacy, and contractual agreements before engagement.

---

question 49
Which key management practice involves customers controlling their own encryption keys?
A. KMS
B. BYOK
C. PKI
D. TLS

correct answer: B. BYOK
explanation: Bring Your Own Key (BYOK) allows customers to manage their own encryption keys even when using cloud services.

---

question 50
Which of the following most directly addresses cloud resource misuse?
A. Firewall
B. DLP system
C. Threat intelligence
D. Resource usage monitoring

correct answer: D. Resource usage monitoring
explanation: Monitoring usage helps detect anomalies and misuse of cloud resources.

---

question 51
What is the primary concern when dealing with multi-tenancy in cloud environments?
A. Performance
B. Compliance
C. Data leakage
D. Cost

correct answer: C. Data leakage
explanation: Multi-tenancy risks data leakage between different customers sharing the same physical resources.

---

question 52
What is the major advantage of private clouds for sensitive data?
A. Cost reduction
B. Public access
C. Greater control and security
D. Easier scalability

correct answer: C. Greater control and security
explanation: Private clouds offer organizations better control and security over their data and infrastructure.

---

question 53
Which cloud storage architecture stores multiple copies of data across several locations?
A. Monolithic storage
B. Distributed storage
C. RAID 5
D. Localized storage

correct answer: B. Distributed storage
explanation: Distributed storage replicates data across different locations to ensure availability and resilience.

---

question 54
Which best describes “shadow IT”?
A. IT systems with no official maintenance
B. IT resources deployed without organizational approval
C. Third-party support companies
D. Legacy systems

correct answer: B. IT resources deployed without organizational approval
explanation: Shadow IT refers to employees using unauthorized apps or services without IT’s knowledge or approval.

---

question 55
Which cloud security concept involves verifying users, devices, and apps continuously?
A. Perimeter security
B. Zero Trust Architecture
C. API security
D. Virtual Private Networks (VPNs)

correct answer: B. Zero Trust Architecture
explanation: Zero Trust assumes no implicit trust and verifies every access request regardless of source.

---

question 56
What does the term “immutable infrastructure” mean in cloud environments?
A. Servers can be modified anytime
B. Servers are never updated; they are replaced
C. Servers are manually patched
D. Servers have variable configurations

correct answer: B. Servers are never updated; they are replaced
explanation: In immutable infrastructure, any change results in deploying a new server instance instead of modifying the existing one.

---

question 57
Which technique helps prevent privilege escalation attacks in the cloud?
A. Least privilege principle
B. Logging
C. Availability zones
D. Cloud bursting

correct answer: A. Least privilege principle
explanation: Assigning users only the permissions they need minimizes the risk of privilege escalation.

---

question 58
Which technology supports secure communication between users and cloud applications?
A. SSL/TLS
B. Load balancers
C. Virtualization
D. API gateways

correct answer: A. SSL/TLS
explanation: SSL/TLS protocols encrypt communication between users and cloud applications, securing data in transit.

---

question 59
Which type of testing simulates attacks on a cloud system to find vulnerabilities?
A. Configuration testing
B. Compliance auditing
C. Penetration testing
D. Availability testing

correct answer: C. Penetration testing
explanation: Penetration testing evaluates security by simulating real-world attacks.

---

question 60
Which logging practice is crucial for incident response in cloud environments?
A. Deleting logs regularly
B. Centralized log aggregation
C. Encrypting logs without access
D. Keeping logs only for 1 day

correct answer: B. Centralized log aggregation
explanation: Aggregating logs centrally makes it easier to monitor, detect incidents, and respond quickly.

---

question 61
Which of the following would best protect cloud accounts from unauthorized access?
A. Password rotation every 60 days
B. Two-Factor Authentication (2FA)
C. Usernames with special characters
D. Network firewalls

correct answer: B. Two-Factor Authentication (2FA)
explanation: 2FA adds an extra layer of security, making account compromise more difficult even if passwords are stolen.

---

question 62
Which concept refers to ensuring a cloud provider can meet recovery time objectives (RTO) during disruptions?
A. Business Continuity Planning (BCP)
B. Service-Level Agreement (SLA)
C. Data loss prevention
D. Incident response planning

correct answer: A. Business Continuity Planning (BCP)
explanation: BCP ensures critical business functions continue during and after disruptions.

---

question 63
Which type of malware specifically targets cloud infrastructure by mining cryptocurrency?
A. Ransomware
B. Spyware
C. Cryptojacking
D. Worm

correct answer: C. Cryptojacking
explanation: Cryptojacking malware uses cloud resources to mine cryptocurrency without authorization.

---

question 64
Which of the following allows organizations to manage multiple cloud services from different providers?
A. Public cloud
B. Cloud orchestration
C. Cloud native security
D. Cloud audit log

correct answer: B. Cloud orchestration
explanation: Cloud orchestration coordinates and manages resources and services across multiple cloud providers.

---

question 65
Which standard focuses on auditing cloud service providers’ security controls?
A. SSAE 18 (SOC 2)
B. HIPAA
C. GDPR
D. PCI DSS

correct answer: A. SSAE 18 (SOC 2)
explanation: SOC 2 under SSAE 18 focuses on how service providers securely manage data to protect privacy and confidentiality.

---

question 66
Which data masking method generates fake but realistic data for testing purposes?
A. Encryption
B. Tokenization
C. Data anonymization
D. Synthetic data generation

correct answer: D. Synthetic data generation
explanation: Synthetic data generation creates realistic but fake datasets for safe testing and development.

---

question 67
Which organization promotes best practices for cloud computing security?
A. IEEE
B. IETF
C. Cloud Security Alliance (CSA)
D. ISO

correct answer: C. Cloud Security Alliance (CSA)
explanation: The CSA focuses on promoting best practices for security in cloud computing environments.

---

question 68
Which factor is most critical when selecting a cloud provider for regulated industries like healthcare or finance?
A. Marketing strategy
B. Available colors of user dashboard
C. Regulatory compliance certifications
D. Number of employees

correct answer: C. Regulatory compliance certifications
explanation: For industries like healthcare and finance, regulatory compliance (like HIPAA, PCI DSS) is crucial when choosing a provider.

---

question 69
Which aspect of cloud security involves knowing where your data resides?
A. Data sovereignty
B. Data encryption
C. Identity federation
D. Multitenancy

correct answer: A. Data sovereignty
explanation: Data sovereignty refers to the legal requirement that data be stored and managed according to the laws of the country where it resides.

---

question 70
Which disaster recovery strategy allows operations to continue almost immediately after a failure?
A. Cold site
B. Warm site
C. Hot site
D. Backup-only

correct answer: C. Hot site
explanation: A hot site is fully operational and can take over immediately if the primary site fails.

question 71
Which cloud security strategy focuses on reducing the impact of a successful breach?
A. Threat modeling
B. Defense in depth
C. Single sign-on
D. Immutable infrastructure

correct answer: B. Defense in depth
explanation: Defense in depth uses multiple layers of defense to minimize the impact of a breach if one layer fails.

---

question 72
Which technology allows dynamic scaling of cloud resources based on load?
A. Resource tagging
B. Auto-scaling
C. Elastic IPs
D. Static routing

correct answer: B. Auto-scaling
explanation: Auto-scaling automatically adjusts compute resources to match workload demands.

---

question 73
What is the main purpose of tokenization?
A. Data backup
B. Data migration
C. Data protection
D. Data compression

correct answer: C. Data protection
explanation: Tokenization replaces sensitive data with unique tokens to protect the actual data from exposure.

---

question 74
In cloud service contracts, what does “uptime” usually refer to?
A. Number of active users
B. Time during which the service is operational
C. Number of downloads
D. Server speed

correct answer: B. Time during which the service is operational
explanation: Uptime measures the time that cloud services are accessible and functional for users.

---

question 75
Which cloud model offers the most control to the customer over the operating environment?
A. SaaS
B. PaaS
C. IaaS
D. FaaS

correct answer: C. IaaS
explanation: Infrastructure as a Service (IaaS) provides customers control over servers, networking, and storage.

---

question 76
Which tool allows developers to deploy infrastructure as code in cloud environments?
A. Docker
B. Terraform
C. Ansible
D. Kubernetes

correct answer: B. Terraform
explanation: Terraform enables infrastructure as code, allowing for automated provisioning and management of cloud resources.

---

question 77
What is one of the major risks associated with APIs in the cloud?
A. Load balancing
B. Identity theft
C. Credential exposure
D. Manual scaling

correct answer: C. Credential exposure
explanation: Improperly secured APIs can expose credentials, leading to unauthorized access.

---

question 78
Which security measure uses pattern recognition to detect cloud threats?
A. Signature-based detection
B. Behavior-based detection
C. Perimeter firewalls
D. Encryption

correct answer: B. Behavior-based detection
explanation: Behavior-based detection identifies anomalies by recognizing abnormal behavior patterns, often used in threat detection.

---

question 79
Which standard regulates payment card data security globally?
A. HIPAA
B. GDPR
C. ISO 27001
D. PCI DSS

correct answer: D. PCI DSS
explanation: PCI DSS ensures organizations securely handle cardholder information to prevent fraud and breaches.

---

question 80
Which threat involves attackers attempting to exhaust cloud resources to cause downtime?
A. Phishing
B. Man-in-the-middle
C. DDoS
D. Credential stuffing

correct answer: C. DDoS
explanation: Distributed Denial of Service (DDoS) attacks flood resources with traffic, causing service disruption.

---

question 81
Which process ensures that only necessary access rights are granted to users?
A. Identity federation
B. Role-based access control
C. Credential rotation
D. Account disablement

correct answer: B. Role-based access control
explanation: RBAC assigns users only the permissions necessary for their job functions.

---

question 82
Which principle requires that cloud providers maintain evidence of compliance for clients?
A. Transparency
B. Integrity
C. Authentication
D. Confidentiality

correct answer: A. Transparency
explanation: Transparency ensures that cloud providers offer proof of compliance and security measures to clients.

---

question 83
What is the purpose of cloud sandboxing?
A. Encrypt data
B. Monitor internet traffic
C. Test applications in isolated environments
D. Backup virtual machines

correct answer: C. Test applications in isolated environments
explanation: Sandboxing isolates applications to safely test and detect threats without impacting production systems.

---

question 84
What defines the maximum period a cloud provider commits to restoring services after a disruption?
A. SLA uptime guarantee
B. Recovery Point Objective (RPO)
C. Recovery Time Objective (RTO)
D. Penetration test

correct answer: C. Recovery Time Objective (RTO)
explanation: RTO defines how quickly services must be restored after an outage.

---

question 85
Which approach is recommended for encryption key management?
A. Store keys with the encrypted data
B. Rotate keys regularly
C. Publish keys on a public server
D. Use default system keys without changes

correct answer: B. Rotate keys regularly
explanation: Regular key rotation minimizes risk in case keys are compromised.

---

question 86
Which cloud environment shares infrastructure between multiple unrelated organizations?
A. Private cloud
B. Community cloud
C. Public cloud
D. Hybrid cloud

correct answer: C. Public cloud
explanation: Public clouds share resources among many different organizations.

---

question 87
What term describes the ability to move cloud workloads between environments without significant modification?
A. Portability
B. Elasticity
C. Fault tolerance
D. Load balancing

correct answer: A. Portability
explanation: Portability allows moving applications between different cloud providers with minimal changes.

---

question 88
What is the primary objective of implementing network segmentation in cloud environments?
A. To simplify billing
B. To enhance security
C. To reduce hardware costs
D. To increase marketing reach

correct answer: B. To enhance security
explanation: Network segmentation isolates sensitive areas, reducing the attack surface.

---

question 89
Which practice helps identify vulnerabilities in cloud configurations?
A. Continuous integration
B. Code obfuscation
C. Configuration scanning
D. Auto-scaling

correct answer: C. Configuration scanning
explanation: Configuration scanning detects misconfigurations and vulnerabilities in cloud settings.

---

question 90
Which aspect of cloud security is most concerned with protecting data while it is actively moving?
A. Data at rest
B. Data in transit
C. Data in use
D. Data archiving

correct answer: B. Data in transit
explanation: Data in transit is data moving across networks, needing encryption and protection.

---

question 91
What does the term “cloud sprawl” refer to?
A. Expansion of on-premises infrastructure
B. Uncontrolled growth of cloud resources
C. Physical relocation of servers
D. Consolidation of cloud services

correct answer: B. Uncontrolled growth of cloud resources
explanation: Cloud sprawl happens when unmanaged cloud resources grow uncontrollably, increasing costs and risks.

---

question 92
Which concept ensures that data is accurate and unchanged during transmission?
A. Confidentiality
B. Integrity
C. Availability
D. Compliance

correct answer: B. Integrity
explanation: Integrity ensures data remains unaltered and trustworthy during transit or storage.

---

question 93
Which standard is specifically designed for information security management systems (ISMS)?
A. ISO 27001
B. ISO 14001
C. SOC 1
D. SOC 2

correct answer: A. ISO 27001
explanation: ISO 27001 outlines the requirements for establishing, maintaining, and continually improving an ISMS.

---

question 94
Which role is responsible for ensuring cloud service security compliance in an organization?
A. Cloud architect
B. Compliance officer
C. Systems administrator
D. Developer

correct answer: B. Compliance officer
explanation: Compliance officers ensure that cloud services meet regulatory and legal obligations.

---

question 95
Which practice limits exposure by ensuring users and systems only have minimal permissions?
A. Need to know
B. Role mirroring
C. Privilege escalation
D. Key sharing

correct answer: A. Need to know
explanation: The principle of “need to know” grants access only to necessary information or systems.

---

question 96
Which of the following would help prevent data exfiltration in cloud environments?
A. Penetration testing
B. Access control lists
C. Data loss prevention tools
D. Key management

correct answer: C. Data loss prevention tools
explanation: DLP tools detect and block unauthorized data transmissions.

---

question 97
Which service model provides pre-built applications maintained by the provider?
A. PaaS
B. SaaS
C. IaaS
D. DaaS

correct answer: B. SaaS
explanation: SaaS delivers ready-to-use software applications over the internet.

---

question 98
What is the biggest advantage of multi-cloud deployments?
A. Faster data retrieval
B. Vendor lock-in
C. Increased redundancy and flexibility
D. Higher single-provider dependency

correct answer: C. Increased redundancy and flexibility
explanation: Multi-cloud setups enhance redundancy and flexibility by spreading services across different providers.

---

question 99
Which authentication method uses a separate device to verify identity?
A. Biometrics
B. Token-based authentication
C. Single-factor authentication
D. Username and password

correct answer: B. Token-based authentication
explanation: Token-based methods (like hardware tokens or apps) provide a second layer of identity verification.

---

question 100
Which practice describes deploying security controls throughout every stage of development?
A. Secure SDLC
B. CI/CD
C. Cloud migration
D. Threat hunting

correct answer: A. Secure SDLC
explanation: Secure Software Development Life Cycle (SDLC) integrates security practices throughout development.

---

question 101
What is “federated identity management”?
A. Sharing one password across systems
B. Linking multiple identities under a single login
C. Different passwords for different systems
D. Anonymous access

correct answer: B. Linking multiple identities under a single login
explanation: Federated identity allows users to use a single set of credentials across multiple systems.

---

question 102
Which term describes a malicious insider leaking sensitive cloud data?
A. Insider threat
B. External threat
C. Malware attack
D. Denial of Service

correct answer: A. Insider threat
explanation: An insider threat involves employees or contractors intentionally harming organizational assets.

---

question 103
Which service primarily helps customers design and build secure cloud architectures?
A. CASB
B. CSPM
C. CDR
D. IDS

correct answer: B. CSPM
explanation: Cloud Security Posture Management (CSPM) tools help secure cloud configurations and architectures.

---

question 104
Which security attack involves forging ARP messages on a local network?
A. DDoS
B. SQL injection
C. ARP spoofing
D. Cross-site scripting

correct answer: C. ARP spoofing
explanation: ARP spoofing tricks devices on a local network to send traffic to the attacker’s machine.

---

question 105
Which security principle dictates that no single person should have complete control over critical operations?
A. Role rotation
B. Job enlargement
C. Separation of duties
D. Key escrow

correct answer: C. Separation of duties
explanation: Separation of duties reduces risks by dividing critical responsibilities among multiple people.

---

question 106
Which feature is commonly used to isolate workloads and minimize blast radius in the cloud?
A. Serverless architecture
B. Virtual Private Cloud (VPC)
C. Multi-threading
D. Auto-scaling groups

correct answer: B. Virtual Private Cloud (VPC)
explanation: VPCs logically isolate cloud resources to enhance security and reduce blast radius.

---

question 107
Which cloud security feature automatically blocks known malicious IPs?
A. Firewall rules
B. API Gateway
C. Virtual machine scaling
D. Data compression

correct answer: A. Firewall rules
explanation: Firewalls can be configured to block IP addresses associated with known threats.

---

question 108
Which data protection measure ensures information cannot be read if intercepted?
A. Hashing
B. Digital signatures
C. Encryption
D. Access controls

correct answer: C. Encryption
explanation: Encryption transforms readable data into unreadable format unless decrypted.

---

question 109
What security feature ensures non-repudiation?
A. Confidentiality
B. Integrity checks
C. Digital signatures
D. Two-factor authentication

correct answer: C. Digital signatures
explanation: Digital signatures prove the origin and integrity of data, ensuring non-repudiation.

---

question 110
What type of cloud attack attempts to guess passwords by systematically trying every combination?
A. Phishing
B. Brute force attack
C. SQL injection
D. Session hijacking

correct answer: B. Brute force attack
explanation: Brute force attacks systematically try all possible password combinations until they succeed.

question 111
What is the primary goal of data masking?
A. Backup data
B. Obscure sensitive information
C. Encrypt data
D. Prevent access to data

correct answer: B. Obscure sensitive information
explanation: Data masking hides sensitive data to protect it while maintaining usability for testing or analysis.

---

question 112
Which type of attack tricks a user into providing sensitive information?
A. Spoofing
B. Phishing
C. Man-in-the-middle
D. Malware

correct answer: B. Phishing
explanation: Phishing tricks users into revealing confidential information like passwords or account details.

---

question 113
Which regulation specifically addresses personal health information (PHI)?
A. HIPAA
B. GDPR
C. SOX
D. PCI DSS

correct answer: A. HIPAA
explanation: HIPAA regulates the protection and confidentiality of health information in the U.S.

---

question 114
What is the main risk associated with multi-tenancy in cloud computing?
A. Increased cost
B. Data leakage
C. Vendor lock-in
D. System performance

correct answer: B. Data leakage
explanation: In multi-tenant environments, improper isolation could lead to data exposure between customers.

---

question 115
Which method involves proving a user’s identity before granting access?
A. Authorization
B. Authentication
C. Accounting
D. Auditing

correct answer: B. Authentication
explanation: Authentication verifies the identity of users before granting them access.

---

question 116
Which cloud delivery model provides users with applications hosted and managed by a third-party vendor?
A. IaaS
B. SaaS
C. PaaS
D. DRaaS

correct answer: B. SaaS
explanation: Software as a Service (SaaS) delivers applications over the Internet without local installation.

---

question 117
Which document is a legally binding contract between two parties, outlining services and expectations?
A. MOU
B. SLA
C. NDA
D. BPA

correct answer: B. SLA
explanation: A Service Level Agreement (SLA) is a contract defining service standards and responsibilities.

---

question 118
What is a key advantage of encryption in cloud storage?
A. Faster uploads
B. Reduced storage costs
C. Protection of data confidentiality
D. Simpler backup processes

correct answer: C. Protection of data confidentiality
explanation: Encryption protects stored data from unauthorized access, maintaining confidentiality.

---

question 119
Which security principle states that users should have the minimum level of access needed?
A. Role-based access control
B. Separation of duties
C. Principle of least privilege
D. Need-to-know basis

correct answer: C. Principle of least privilege
explanation: This principle minimizes risks by limiting user access to only what is necessary for their role.

---

question 120
Which service model requires the customer to manage operating systems and applications?
A. SaaS
B. PaaS
C. IaaS
D. DaaS

correct answer: C. IaaS
explanation: In Infrastructure as a Service (IaaS), customers manage operating systems and applications, while providers manage the underlying hardware.

question 121
Which control type focuses on preventing an incident before it occurs?
A. Detective
B. Corrective
C. Preventive
D. Compensating

correct answer: C. Preventive
explanation: Preventive controls proactively stop incidents before they happen, like firewalls or authentication.

---

question 122
In cloud environments, who is generally responsible for physical security?
A. Customer
B. Cloud service provider
C. Government
D. Third-party auditor

correct answer: B. Cloud service provider
explanation: The provider manages physical security in cloud environments, especially in IaaS, PaaS, and SaaS models.

---

question 123
Which feature allows two or more organizations to share resources in a cloud deployment?
A. Public cloud
B. Community cloud
C. Private cloud
D. Hybrid cloud

correct answer: B. Community cloud
explanation: Community clouds are shared among organizations with common concerns like compliance.

---

question 124
What security measure protects against interception during remote administration?
A. VPN
B. NAT
C. SNMP
D. FTP

correct answer: A. VPN
explanation: VPNs encrypt remote sessions, preventing eavesdropping and interception.

---

question 125
Which term describes identifying assets that must be protected in risk management?
A. Threat modeling
B. Asset classification
C. Vulnerability assessment
D. Compliance audit

correct answer: B. Asset classification
explanation: Asset classification prioritizes which assets need protection based on their value and sensitivity.

---

question 126
Which type of agreement defines the technical and operational details between cloud providers and customers?
A. SLA
B. BPA
C. MOU
D. NDA

correct answer: A. SLA
explanation: A Service Level Agreement (SLA) specifies performance, availability, and support details between parties.

---

question 127
What cryptographic process ensures a message was not altered in transit?
A. Symmetric encryption
B. Public key encryption
C. Hashing
D. Tunneling

correct answer: C. Hashing
explanation: Hashing produces a unique output for data, making alterations detectable.

---

question 128
Which strategy helps to maintain availability during a Distributed Denial of Service (DDoS) attack?
A. Encryption
B. Traffic throttling
C. Geofencing
D. Rate limiting

correct answer: D. Rate limiting
explanation: Rate limiting restricts the number of requests, mitigating DDoS impacts.

---

question 129
What is an advantage of Infrastructure as Code (IaC)?
A. Manual updates
B. Predictable deployments
C. Increased downtime
D. Higher cost

correct answer: B. Predictable deployments
explanation: IaC ensures consistent and repeatable cloud infrastructure deployments.

---

question 130
Which term describes assessing the impact if an asset is compromised?
A. Threat analysis
B. Business impact analysis
C. Vulnerability scanning
D. Security auditing

correct answer: B. Business impact analysis
explanation: Business Impact Analysis (BIA) estimates the consequences of asset compromise on operations.

---

question 131
Which component of cloud governance deals with resource provisioning and usage control?
A. Identity management
B. Resource orchestration
C. Configuration management
D. Policy enforcement

correct answer: D. Policy enforcement
explanation: Policy enforcement ensures that resource use complies with organizational standards and security policies.

---

question 132
Which backup strategy involves copying only the changes made since the last backup?
A. Full backup
B. Differential backup
C. Incremental backup
D. Snapshot backup

correct answer: C. Incremental backup
explanation: Incremental backups store only changed data, reducing backup size and time.

---

question 133
What is a common risk of using a single cloud provider?
A. Cloud portability
B. Vendor lock-in
C. Multi-tenancy
D. Data sovereignty

correct answer: B. Vendor lock-in
explanation: Relying on one provider can create challenges in switching vendors later, leading to lock-in.

---

question 134
Which concept ensures users can only access resources relevant to their role?
A. Security zoning
B. Role-Based Access Control (RBAC)
C. Security monitoring
D. Threat modeling

correct answer: B. Role-Based Access Control (RBAC)
explanation: RBAC assigns permissions based on roles rather than individuals.

---

question 135
Which type of audit focuses on verifying operational processes in cloud environments?
A. Financial audit
B. Compliance audit
C. Operational audit
D. Performance audit

correct answer: C. Operational audit
explanation: Operational audits assess the effectiveness and efficiency of operational processes.

---

question 136
Which document outlines responsibilities between a cloud provider and client beyond technical terms?
A. SLA
B. BPA
C. MOU
D. SoD

correct answer: B. BPA
explanation: A Business Partnership Agreement (BPA) defines general responsibilities and relationships beyond just technology.

---

question 137
Which of the following is NOT a primary cloud deployment model?
A. Private cloud
B. Public cloud
C. Community cloud
D. Legacy cloud

correct answer: D. Legacy cloud
explanation: Legacy cloud is not a recognized deployment model; private, public, community, and hybrid are.

---

question 138
Which cloud service offers virtual desktops to users over the Internet?
A. SaaS
B. DaaS
C. PaaS
D. IaaS

correct answer: B. DaaS
explanation: Desktop as a Service (DaaS) delivers virtual desktops from the cloud.

---

question 139
What is a benefit of serverless computing?
A. Increased hardware maintenance
B. Higher upfront cost
C. No need to manage underlying infrastructure
D. Manual scalability

correct answer: C. No need to manage underlying infrastructure
explanation: Serverless abstracts infrastructure management from the developer.

---

question 140
Which risk is heightened when using cloud services from multiple providers?
A. Cost reduction
B. Compliance complexity
C. Single point of failure
D. Reduced availability

correct answer: B. Compliance complexity
explanation: Using multiple providers complicates regulatory and compliance requirements.

---

question 141
Which standard addresses controls for personal information in cloud computing?
A. ISO 27001
B. ISO 27018
C. NIST 800-53
D. PCI DSS

correct answer: B. ISO 27018
explanation: ISO 27018 focuses on protecting personal data in the cloud.

---

question 142
Which cloud model allows combining on-premises infrastructure with cloud services?
A. Community cloud
B. Private cloud
C. Hybrid cloud
D. Public cloud

correct answer: C. Hybrid cloud
explanation: Hybrid clouds combine on-premises and cloud services for flexibility.

---

question 143
Which cryptographic technique ensures that sensitive data is only accessible by intended recipients?
A. Hashing
B. Encryption
C. Tokenization
D. Masking

correct answer: B. Encryption
explanation: Encryption secures data for authorized users only.

---

question 144
What is a common way attackers exploit cloud misconfigurations?
A. Phishing
B. Unauthorized access to storage buckets
C. Malware deployment
D. SQL injection

correct answer: B. Unauthorized access to storage buckets
explanation: Misconfigured storage often leads to public exposure and unauthorized access.

---

question 145
Which type of backup stores a complete copy of all data at each backup cycle?
A. Incremental backup
B. Snapshot backup
C. Full backup
D. Differential backup

correct answer: C. Full backup
explanation: Full backups copy all selected data every time.

---

question 146
Which cloud service is most appropriate for developers who want to deploy apps without worrying about underlying infrastructure?
A. SaaS
B. PaaS
C. IaaS
D. DaaS

correct answer: B. PaaS
explanation: Platform as a Service (PaaS) offers a platform for developers without infrastructure management.

---

question 147
What type of malware encrypts data and demands payment for decryption?
A. Spyware
B. Ransomware
C. Trojan
D. Worm

correct answer: B. Ransomware
explanation: Ransomware encrypts user data and demands payment for decryption keys.

---

question 148
What process involves finding vulnerabilities before an attacker does?
A. Threat hunting
B. Penetration testing
C. Incident response
D. Security monitoring

correct answer: B. Penetration testing
explanation: Penetration testing identifies vulnerabilities before they are exploited.

---

question 149
Which authentication method uses biometric data?
A. Passwords
B. Tokens
C. Fingerprints
D. Security questions

correct answer: C. Fingerprints
explanation: Biometrics like fingerprints are used for identity verification.

---

question 150
What does the “shared responsibility model” in cloud computing describe?
A. Providers handle all security
B. Customers handle all infrastructure
C. Both provider and customer share different security tasks
D. No responsibilities are shared

correct answer: C. Both provider and customer share different security tasks
explanation: In the shared responsibility model, providers manage infrastructure while customers secure data and access.