☁️ Securing the Cloud - SCOR Practice Questions

Understand cloud security models (IaaS, PaaS, SaaS), Cisco Umbrella, cloud access security brokers (CASB), and securing workloads in public and private clouds.

10Questions Available
1Exam Domains

Practice Cloud Security Questions Now

Start a timed practice session focusing on Securing the Cloud topics from the SCOR question bank.

Start SCOR Practice Quiz →

SCOR Cloud Security Question Bank (10 Questions)

Browse all 10 practice questions covering Securing the Cloud for the SCOR certification exam. Each question includes the full answer and a detailed explanation to help you understand the concepts.

  1. Question 1Securing the Cloud

    Which Cisco solution provides DNS-layer security to protect users from connecting to malicious domains, even when off the corporate network?

    ACisco Firepower
    BCisco Umbrella
    CCisco StealthWatch
    DCisco ISE
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Cisco Umbrella provides DNS-layer security that blocks requests to malicious domains before a connection is established. It works regardless of the user's location, protecting roaming users and branch offices.

  2. Question 2Content Security

    Which Cisco Umbrella component provides full web proxy functionality including SSL decryption for cloud-delivered security?

    ADNS-layer security
    BIntelligent Proxy
    CInvestigate console
    DCloud Firewall
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Cisco Umbrella's Intelligent Proxy selectively proxies risky domains for deeper inspection, including SSL decryption, URL filtering, and AMP file inspection. It provides full proxy capability without proxying all traffic.

  3. Question 3Network Security

    Which Cisco Umbrella capability provides a cloud-delivered firewall for non-web traffic such as SSH, RDP, and custom ports?

    ADNS-layer security
    BCloud Firewall
    CIntelligent Proxy
    DInvestigate
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Cisco Umbrella's Cloud Firewall (part of the SIG) provides Layer 3/4 firewall capabilities for all ports and protocols in the cloud, handling non-web traffic like SSH, RDP, and custom applications that DNS-layer and proxy cannot inspect.

  4. Question 4Securing the Cloud

    Which Cisco solution provides visibility and threat detection for public cloud environments (AWS, Azure, GCP)?

    ACisco DNA Center
    BCisco Stealthwatch Cloud
    CCisco ISE
    DCisco vManage
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Cisco Stealthwatch Cloud (now Secure Cloud Analytics) monitors public cloud environments for threats by analyzing network telemetry, detecting anomalies, and providing visibility across multi-cloud deployments.

  5. Question 5Securing the Cloud

    In a cloud shared responsibility model using IaaS, which security control is the customer's responsibility?

    APhysical data center security
    BHypervisor patching
    COperating system patching on virtual machines
    DNetwork backbone infrastructure
    Show Answer & Explanation
    Correct Answer: C
    Explanation:

    In IaaS, the customer is responsible for securing the operating system, applications, and data on their virtual machines. The cloud provider is responsible for physical security, hypervisor, and underlying infrastructure.

  6. Question 6Securing the Cloud

    What is the primary function of a Cloud Access Security Broker (CASB)?

    ATo provide DDoS mitigation for cloud services
    BTo enforce security policies between cloud consumers and cloud providers
    CTo manage cloud infrastructure provisioning
    DTo provide DNS-level security for cloud workloads
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    A CASB acts as a security policy enforcement point between cloud consumers and cloud service providers. It provides visibility, compliance, data security, and threat protection for cloud services.

  7. Question 7Securing the Cloud

    Which Cisco solution provides microsegmentation and workload protection for data center and cloud environments?

    ACisco Tetration (Secure Workload)
    BCisco Meraki MX
    CCisco DNA Center
    DCisco Prime Infrastructure
    Show Answer & Explanation
    Correct Answer: A
    Explanation:

    Cisco Tetration (now Cisco Secure Workload) provides microsegmentation, workload protection, and application dependency mapping for data center and multi-cloud environments. It enforces zero-trust policies at the workload level.

  8. Question 8Securing the Cloud

    What is a Cloud Access Security Broker (CASB) used for?

    ADNS filtering
    BEnforcing security policies between cloud users and cloud applications
    CVPN tunneling
    DPhysical security monitoring
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    A CASB sits between cloud users and cloud services, enforcing security policies including visibility, compliance, data security, and threat protection for SaaS, PaaS, and IaaS usage.

  9. Question 9Securing the Cloud

    What is CASB (Cloud Access Security Broker)?

    AA network switch
    BA security enforcement point between users and cloud services providing visibility, compliance, and data protection
    CA routing protocol
    DA cloud storage service
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    CASBs sit between users and cloud services to enforce security policies, provide visibility into shadow IT, detect anomalies, and protect sensitive data in cloud applications.

  10. Question 10Securing the Cloud

    What is a CASB (Cloud Access Security Broker)?

    AA cloud storage system
    BA security gateway between users and cloud services that enforces security policies, monitors activity, and prevents data loss
    CA cloud router
    DA load balancer
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    CASBs provide visibility and control over cloud usage: shadow IT discovery, DLP, access control, threat protection, and compliance monitoring across SaaS applications like O365, Salesforce, and Box.

Key Cloud Security Concepts for SCOR

cloudumbrellacasbiaaspaassaasawsazureworkload protection

SCOR Cloud Security Exam Tips

Securing the Cloud questions in SCOR are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: cloud, umbrella, casb, iaas, paas, saas.

What SCOR Expects

  • Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
  • Cloud Security scenarios for SCOR are frequently mapped to Domain 3 (15%), so read the objective carefully before picking controls or architecture.
  • Expect multi-service scenarios where Cloud Security interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated service question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and managed-service best practices.

High-Value Cloud Security Concepts

  • Know the core Cloud Security building blocks cold: cloud, umbrella, casb, iaas.
  • Review the edge-case features and limits for paas, saas; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Cloud Security pairs with Network Security, Content Security in real deployment patterns.
  • For SCOR, explain why the chosen Cloud Security design meets reliability, security, and cost expectations better than the alternatives.

Common SCOR Traps

  • Watch for answers that partially solve the requirement but miss operational constraints.
  • Questions in Securing the Cloud often include distractors that look correct for Cloud Security but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Cloud Security implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Securing the Cloud (15%) outcomes for SCOR?
  • Can you explain security and access boundaries for Cloud Security without relying on default-open assumptions?
  • Can you describe how Cloud Security integrates with Network Security and Content Security during failure, scaling, and monitoring events?

Exam Domains Covering Cloud Security

Domain 3Securing the Cloud15%

Related Resources

🎯 Free SCOR Mock Exam📝 Network Security Questions📝 Content Security Questions

More SCOR Study Resources

← SCOR Study Hub30-Day Study PlanFull Practice Exam