FREE CompTIA Cloud+ Cloud Security Controls Questions and Answers

Question 1

A cloud administrator is tasked with implementing a security solution to discover and control the use of unapproved SaaS applications by employees, a phenomenon known as 'Shadow IT'.
The solution must provide visibility into cloud application usage, enforce data security policies, and protect against cloud-based threats.
Which of the following cloud security controls is BEST suited for this purpose?

Accepted Answer

Cloud Access Security Broker (CASB)

Answer

Cloud Workload Protection Platform (CWPP)

Answer

Security Information and Event Management (SIEM)

Answer

Data Loss Prevention (DLP)

Question 2

A security team is concerned about misconfigurations in their public cloud environment, such as publicly exposed storage buckets and overly permissive IAM policies. They need a tool that continuously scans the cloud infrastructure to identify and remediate these types of policy violations and security risks. Which security tool would be MOST effective for this requirement?

Accepted Answer

Cloud Security Posture Management (CSPM)

Answer

Cloud Workload Protection Platform (CWPP)

Answer

Cloud Access Security Broker (CASB)

Answer

Intrusion Detection System (IDS)

Question 3

An organization wants to centralize the collection and analysis of log data from various cloud resources, including virtual machines, databases, and network components. The goal is to enable real-time threat detection, security incident investigation, and compliance reporting. Which of the following security controls should be implemented?

Accepted Answer

Security Information and Event Management (SIEM)

Answer

Network Access Control (NAC)

Answer

Web Application Firewall (WAF)

Answer

Cloud Workload Protection Platform (CWPP)

Question 4

A company is developing a cloud-native application using containers and serverless functions. They need a security solution that focuses specifically on protecting these ephemeral workloads during runtime. The solution should provide vulnerability scanning, malware detection, and integrity monitoring for the workloads themselves. Which of the following is the BEST choice?

Accepted Answer

Cloud Workload Protection Platform (CWPP)

Answer

Cloud Access Security Broker (CASB)

Answer

Data Loss Prevention (DLP)

Answer

Cloud Security Posture Management (CSPM)

Question 5

A financial services company needs to prevent sensitive customer data, such as credit card numbers and social security numbers, from being exfiltrated from their cloud environment via email or unauthorized file-sharing applications. They require a control that can identify and block the transmission of this specific data based on content analysis and predefined policies. Which security control directly addresses this need?

Accepted Answer

Data Loss Prevention (DLP)

Answer

Web Application Firewall (WAF)

Answer

Identity and Access Management (IAM)

Answer

Security Information and Event Management (SIEM)

Question 6

A cloud administrator is implementing security for a new virtual private cloud (VPC). To enforce the principle of least privilege, they need to define granular access rules for users and groups, specifying exactly which cloud resources they can access and what actions they can perform. Which of the following is the foundational security control for managing these permissions?

Accepted Answer

Identity and Access Management (IAM)

Answer

Encryption

Answer

Multi-Factor Authentication (MFA)

Answer

Network Segmentation