Effective CISSP Questions

Your company intends to deploy the E-Commerce system to the cloud. As a security professional, you are exercising due diligence to assess privacy issues. Which of the following is most likely to trigger trans-border data flow and violate privacy laws?
A. Ephemeral storage
B. Content delivery network
C. Instance-level block storage
D. Elastic computing capabilities

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Content delivery network.

Content Delivery Network

A content delivery network, or content distribution network (CDN), is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users.

CDN is an umbrella term spanning different types of content delivery services: video streaming, software downloads, web and mobile content acceleration, licensed/managed CDN, transparent caching, and services to measure CDN performance, load balancing, Multi CDN switching and analytics and cloud intelligence.

Source: Wikipedia

Ephemeral storage

  • Ephemeral storage is the volatile temporary storage attached to your instances which is only present during the running lifetime of the instance. In the case that the instance is stopped or terminated or underlying hardware faces an issue, any data stored on ephemeral storage would be lost. Ephemeral storage is ideally used for any temporary data such as cache, buffers, session data, swap volume etc. (N2WS)
  • In addition to persistent storage, pods and containers can require ephemeral or transient local storage for their operation. The lifetime of this ephemeral storage does not extend beyond the life of the individual pod, and this ephemeral storage cannot be shared across pods. (OpenShift)

Block-level Storage

  • “Block-level storage is a concept in cloud-hosted data persistence where cloud services emulate the behaviour of a traditional block device, such as a physical hard drive.” (Wikipedia)
  • “Block-level storage is in contrast to an object store or ‘bucket store’, such as Amazon S3 (Simple Storage Service), or to a database.” (Wikipedia)

“Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes behave like raw, unformatted block devices. You can mount these volumes as devices on your instances. EBS volumes that are attached to an instance are exposed as storage volumes that persist independently from the life of the instance. You can create a file system on top of these volumes, or use them in any way you would use a block device (such as a hard drive). You can dynamically change the configuration of a volume attached to an instance.” (Amazon)

Instance Store

Amazon EC2 instance store is “an instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.” (Amazon)

Amazon EC2 instance store

Elastic Computing

Elastic computing is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the amount of resources actually needed without disrupting operations. With cloud elasticity, a company avoids paying for unused capacity or idle resources and doesn’t have to worry about investing in the purchase or maintenance of additional resources and equipment. (Microsoft Azure)



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您的公司打算將電子商務系統部署到雲端。 作為安全專家,您正在盡職調查以評估隱私問題。 以下哪項最有可能觸發跨境數據流並違反隱私法?
A. 臨時儲存 (ephemeral storage)
B. 內容交付網絡 (content delivery network)
C. 實例級區塊存儲 (instance-level block storage)
D. 彈性計算能力 (elastic computing capabilities)

Leave a Reply