NEW QUESTION 1

Which document will enforce uptime and availability requirements between the cloud customer and cloud provider?
Response:

• A. Contract
• B. Operational level agreement
• C. Service level agreement
• D. Regulation

Answer: C

NEW QUESTION 2

Penetration testing is a(n) ______ form of security assessment.
Response:

• A. Active
• B. Comprehensive
• C. Total
• D. Inexpensive

Answer: A

NEW QUESTION 3

Which of the following is not an enforceable governmental request? Response:

• A. Warrant
• B. Subpoena
• C. Court order
• D. Affidavit

Answer: D

NEW QUESTION 4

Which of the following is considered an administrative control?

• A. Access control process
• B. Keystroke logging
• C. Door locks
• D. Biometric authentication

Answer: A

NEW QUESTION 5

The cloud deployment model that features joint ownership of assets among an affinity group is known as: Response:

• A. Private
• B. Public
• C. Hybrid
• D. Community

Answer: D

NEW QUESTION 6

Which kind of SSAE audit reviews controls dealing with the organization’s controls for assuring the confidentiality, integrity, and availability of data?
Response:

• A. SOC 1
• B. SOC 2
• C. SOC 3
• D. SOC 4

Answer: B

NEW QUESTION 7

Designers making applications for the cloud have to take into consideration risks and operational constraints that did not exist or were not as pronounced in the legacy environment.
Which of the following is an element cloud app designers may have to consider incorporating in software for the cloud that might not have been as important in the legacy environment?
Response:

• A. IAM capability
• B. DDoS resistance
• C. Encryption for data at rest and in motion
• D. Field validation

Answer: C

NEW QUESTION 8

Digital rights management (DRM) tools can be combined with ______, to enhance security capabilities. Response:

• A. Roaming identity services (RIS)
• B. Egress monitoring solutions (DLP)
• C. Internal hardware settings (BIOS)
• D. Remote Authentication Dial-In User Service (RADIUS)

Answer: B

NEW QUESTION 9

You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
What should you not expect the tool to address? Response:

• A. Sensitive data sent inadvertently in user emails
• B. Sensitive data captured by screen shots
• C. Sensitive data moved to external devices
• D. Sensitive data in the contents of files sent via FTP

Answer: B

NEW QUESTION 10

Which of the following is not typically included as a basic phase of the software development life cycle?

• A. Define
• B. Design
• C. Describe
• D. Develop

Answer: C

NEW QUESTION 11

Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?

• A. The user
• B. The subject
• C. The cloud provider
• D. The cloud customer

Answer: D

NEW QUESTION 12

When designing a cloud data center, which of the following aspects is not necessary to ensure continuity of operations during contingency operations?
Response:

• A. Access to clean water
• B. Broadband data connection
• C. Extended battery backup
• D. Physical access to the data center

Answer: C

NEW QUESTION 13

What is a data custodian responsible for? Response:

• A. The safe custody, transport, storage of the data, and implementation of business rules
• B. Data content, context, and associated business rules
• C. Logging and alerts for all data
• D. Customer access and alerts for all data

Answer: A

NEW QUESTION 14

What is the main reason virtualization is used in the cloud? Response:

• A. VMs are easier to administer
• B. If a VM is infected with malware, it can be easily replaced
• C. With VMs, the cloud provider does not have to deploy an entire hardware device for every new user
• D. VMs are easier to operate than actual devices

Answer: C

NEW QUESTION 15
What is a key component of GLBA? Response:

• A. The right to be forgotten
• B. EU Data Directives
• C. The information security program
• D. The right to audit

Answer: C

NEW QUESTION 16

Which cloud storage type uses an opaque value or descriptor to categorize and organize data? Response:

• A. Volume
• B. Object
• C. Structured
• D. Unstructured

Answer: D

NEW QUESTION 17

Which of the following methods is often used to obscure data from production systems for use in test or development environments?
Response:

• A. Tokenization
• B. Encryption
• C. Masking
• D. Classification

Answer: C

NEW QUESTION 18

What aspect of a Type 2 hypervisor involves additional security concerns that are not relevant with a Type 1 hypervisor?
Response:

• A. Reliance on a host operating system
• B. Auditing
• C. Proprietary software
• D. Programming languages

Answer: A

NEW QUESTION 19

Which of the following best describes a cloud carrier?

• A. A person or entity responsible for making a cloud service available to consumers
• B. The intermediary who provides connectivity and transport of cloud services between cloud providers and cloud consumers
• C. The person or entity responsible for keeping cloud services running for customers
• D. The person or entity responsible for transporting data across the Internet

Answer: B

NEW QUESTION 20

Cloud environments pose many unique challenges for a data custodian to properly adhere to policies and the use of data. What poses the biggest challenge for a data custodian with a PaaS implementation, over and above the same concerns with IaaS?
Response:

• A. Access to systems
• B. Knowledge of systems
• C. Data classification rules
• D. Contractual requirements

Answer: B

NEW QUESTION 21

What are the phases of a software development lifecycle process model? Response:

• A. Planning and requirements analysis, define, design, develop, testing, and maintenance
• B. Define, planning and requirements analysis, design, develop, testing, and maintenance
• C. Planning and requirements analysis, define, design, testing, develop, and maintenance
• D. Planning and requirements analysis, design, define, develop, testing, and maintenance

Answer: A

NEW QUESTION 22

The tasks performed by the hypervisor in the virtual environment can most be likened to the tasks of the
______ in the legacy environment.
Response:

• A. Central processing unit (CPU)
• B. Security team
• C. OS
• D. PGP

Answer: A

NEW QUESTION 23

During the assessment phase of a risk evaluation, what are the two types of tests that are performed? Response:

• A. Internal and external
• B. Technical and managerial
• C. Physical and logical
• D. Qualitative and quantitative

Answer: D

NEW QUESTION 24

Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?

• A. Concurrently Maintainable Site Infrastructure
• B. Fault-Tolerant Site Infrastructure
• C. Basic Site Infrastructure
• D. Redundant Site Infrastructure Capacity Components

Answer: D

NEW QUESTION 25

The nature of cloud computing and how it operates make complying with data discovery and disclosure orders more difficult. Which of the following concepts provides the biggest challenge in regard to data collection, pursuant to a legal order?
Response:

• A. Portability
• B. Multitenancy
• C. Reversibility
• D. Auto-scaling

Answer: B

NEW QUESTION 26

Which cloud service category is MOST likely to use a client-side key management system? Response:

• A. IaaS
• B. SaaS
• C. PaaS
• D. DaaS

Answer: B

NEW QUESTION 27

Which of the following is not one of the types of controls? Response:

• A. Transitional
• B. Administrative
• C. Technical
• D. Physical

Answer: A

NEW QUESTION 28
......