NEW QUESTION 1

The cloud customer’s trust in the cloud provider can be enhanced by all of the following except:

• A. SLAs
• B. Shared administration
• C. Audits
• D. real-time video surveillance

Answer: D

Explanation:
Video surveillance will not provide meaningful information and will not enhance trust. All the others will do it.

NEW QUESTION 2

What type of segregation and separation of resources is needed within a cloud environment for multitenancy purposes versus a traditional data center model?

• A. Virtual
• B. Security
• C. Physical
• D. Logical

Answer: D

Explanation:
Cloud environments lack the ability to physically separate resources like a traditional data center can. To compensate, cloud computing logical segregation concepts are employed. These include VLANs, sandboxing, and the use of virtual network devices such as firewalls.

NEW QUESTION 3

Which of the following storage types is most closely associated with a database-type storage implementation?

• A. Object
• B. Unstructured
• C. Volume
• D. Structured

Answer: D

Explanation:
Structured storage involves organized and categorized data, which most closely resembles and operates like a database system would.

NEW QUESTION 4

Which of the following is not a risk management framework?

• A. COBIT
• B. Hex GBL
• C. ISO 31000:2009
• D. NIST SP 800-37

Answer: B

Explanation:
Hex GBL is a reference to a computer part in Terry Pratchett’s fictional Discworld universe. The rest are not.

NEW QUESTION 5

Cloud systems are increasingly used for BCDR solutions for organizations. What aspect of cloud computing makes their use for BCDR the most attractive?

• A. On-demand self-service
• B. Measured service
• C. Portability
• D. Broad network access

Answer: B

Explanation:
Business continuity and disaster recovery (BCDR) solutions largely sit idle until they are actually needed. This traditionally has led to increased costs for an organization because physical hardware must be purchased and operational but is not used. By using a cloud system, an organization will only pay for systems when they are being used and only for the duration of use, thus eliminating the need for extra hardware and costs. Portability is the ability to easily move services among different cloud providers. Broad network access allows access to users and staff from anywhere and from different clients, and although this would be important for a BCDR situation, it is not the best answer in this case. On-demand self-service allows users to provision services automatically and when needed, and although this too would be important for BCDR situations, it is not the best answer because it does not address costs or the biggest benefits to an organization.

NEW QUESTION 6

Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers.
Which of the following is NOT a unit covered by limits?

• A. Hypervisor
• B. Cloud customer
• C. Virtual machine
• D. Service

Answer: A

Explanation:
The hypervisor level, as a backend cloud infrastructure component, is not a unit where limits may be applied to control resource utilization. Limits can be placed at the service, virtual machine, and cloud customer levels within a cloud environment.

NEW QUESTION 7

What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed?

• A. Dynamic clustering
• B. Dynamic balancing
• C. Dynamic resource scheduling
• D. Dynamic optimization

Answer: D

Explanation:
Dynamic optimization is the process through which the cloud environment is constantly maintained to ensure resources are available when and where needed, and that physical nodes do not become overloaded or near capacity, while others are underutilized.

NEW QUESTION 8

Which audit type has been largely replaced by newer approaches since 2011?

• A. SOC Type 1
• B. SSAE-16
• C. SAS-70
• D. SOC Type 2

Answer: C

Explanation:
SAS-70 reports were replaced in 2011 with the SSAE-16 reports throughout the industry.

NEW QUESTION 9

Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?

• A. Hybrid
• B. Community
• C. Private
• D. Public

Answer: D

Explanation:
Because the public cloud model is available to everyone, in most instances all a customer will need to do to gain access is set up an account and provide a credit card number through the service's web portal. No additional contract negotiations, agreements, or specific group memberships are typically needed to get started.

NEW QUESTION 10

In the wake of many scandals with major corporations involving fraud and the deception of investors and regulators, which of the following laws was passed to govern accounting and financial records and disclosures?

• A. GLBA
• B. Safe Harbor
• C. HIPAA
• D. SOX

Answer: D

Explanation:
The Sarbanes-Oxley Act (SOX) regulates the financial and accounting practices used by organizations in order to protect shareholders from improper practices and accounting errors.The Health Insurance Portability and Accountability Act (HIPAA) pertains to the protection of patient medical records and privacy. The Gramm-Leach-Bliley Act (GLBA) focuses on the use of PII within financial institutions. The Safe Harbor program was designed by the US government as a way for American companies to comply with European Union privacy laws.

NEW QUESTION 11

In a federated identity arrangement using a trusted third-party model, who is the identity provider and who is the relying party?

• A. The users of the various organizations within the federations within the federation/a CASB
• B. Each member organization/a trusted third party
• C. Each member organization/each member organization
• D. A contracted third party/the various member organizations of the federation

Answer: D

Explanation:
In a trusted third-party model of federation, each member organization outsources the review and approval task to a third party they all trust. This makes the third party the identifier (it issues and manages identities for all users in all organizations in the federation), and the various member organizations are the relying parties (the resource providers that share resources based on approval from the third party).

NEW QUESTION 12

All of these are methods of data discovery, except:

• A. Label-based
• B. User-based
• C. Content-based
• D. Metadata-based

Answer: B

Explanation:
All the others are valid methods of data discovery; user-based is a red herring with no meaning.

NEW QUESTION 13

Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except:

• A. The cloud provider’s utilities
• B. The cloud provider’s suppliers
• C. The cloud provider’s resellers
• D. The cloud provider’s vendors

Answer: C

Explanation:
The cloud provider’s resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer.

NEW QUESTION 14

Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP network traffic instead?

• A. SATA
• B. iSCSI
• C. TLS
• D. SCSI

Answer: B

Explanation:
iSCSI is a protocol that allows for the transmission and use of SCSI commands and features over a TCP-based network. iSCSI allows systems to use block-level storage that looks and behaves as a SAN would with physical servers, but to leverage the TCP network within a virtualized environment and cloud.

NEW QUESTION 15

Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data.
Which concept encapsulates this?

• A. Validity
• B. Integrity
• C. Accessibility
• D. Confidentiality

Answer: B

Explanation:
Integrity refers to the trustworthiness of data and whether its format and values are true and have not been corrupted or otherwise altered through unauthorized means. Confidentiality refers to keeping data from being access or viewed by unauthorized parties. Accessibility means that data is available and ready when needed by a user or service. Validity can mean a variety of things that are somewhat similar to integrity, but it's not the most appropriate answer in this case.

NEW QUESTION 16

Which cloud service category would be most ideal for a cloud customer that is developing software to test its applications among multiple hosting providers to determine the best option for its needs?

• A. DaaS
• B. PaaS
• C. IaaS
• D. SaaS

Answer: B

Explanation:
Platform as a Service would allow software developers to quickly and easily deploy their applications among different hosting providers for testing and validation in order to determine the best option. Although IaaS would also be appropriate for hosting applications, it would require too much configuration of application servers and libraries in order to test code. Conversely, PaaS would provide a ready-to-use environment from the onset. DaaS would not be appropriate in any way for software developers to use to deploy applications. IaaS would not be appropriate in this scenario because it would require the developers to also deploy and maintain the operating system images or to contract with another firm to do so. SaaS, being a fully functional software platform, would not be appropriate for deploying applications into.

NEW QUESTION 17
......