NEW QUESTION 1

From a legal perspective, what is the most important first step after an eDiscovery order has been received by the cloud provider?

• A. Notification
• B. Key identification
• C. Data collection
• D. Virtual image snapshots

Answer: A

Explanation:
The contract should include requirements for notification by the cloud provider to the cloud customer upon the receipt of such an order. This serves a few important purposes. First, it keeps communication and trust open between the cloud provider and cloud customers. Second, and more importantly, it allows the cloud customer to potentially challenge the order if they feel they have the grounds or desire to do so.

NEW QUESTION 2

Which of the following terms is NOT a commonly used category of risk acceptance?

• A. Moderate
• B. Critical
• C. Minimal
• D. Accepted

Answer: D

Explanation:

Accepted is not a risk acceptance category. The risk acceptance categories are minimal, low, moderate, high, and critical.

NEW QUESTION 3

Which of the following best describes data masking?

• A. A method for creating similar but inauthentic datasets used for software testing and user training.
• B. A method used to protect prying eyes from data such as social security numbers and credit card data.
• C. A method where the last few numbers in a dataset are not obscure
• D. These are often used for authentication.
• E. Data masking involves stripping out all digits in a string of numbers so as to obscure the original number.

Answer: A

Explanation:
All of these answers are actually correct, but A is the best answer, because it is the most general, includes the others, and is therefore the optimum choice. This is a good example of the type of question that can appear on the actual exam.

NEW QUESTION 4

What is a key capability or characteristic of PaaS?

• A. Support for a homogenous environment
• B. Support for a single programming language
• C. Ability to reduce lock-in
• D. Ability to manually scale

Answer: C

Explanation:
PaaS should have the following key capabilities and characteristics:
- Support multiple languages and frameworks: PaaS should support multiple programming languages and frameworks, thus enabling the developers to code in whichever language they prefer or the design requirements specify. In recent times, significant strides and efforts have been taken to ensure that open source stacks are both supported and utilized, thus reducing “lock-in” or issues with interoperability when changing CSPs.
- Multiple hosting environments: The ability to support a wide variety of underlying hosting environments for the platform is key to meeting customer requirements and demands. Whether public cloud, private cloud, local hypervisor, or bare metal, supporting multiple hosting environments allows the application developer or administrator to migrate the application when and as required. This can also be used as a form of contingency and continuity and to ensure the ongoing availability.
- Flexibility: Traditionally, platform providers provided features and requirements that they felt suited the client requirements, along with what suited their service offering and positioned them as the provider of choice, with limited options for the customers to move easily. This has changed drastically, with extensibility and flexibility now afforded to meeting the needs and requirements of developer audiences. This has been heavily influenced by open source, which allows relevant plug-ins to be quickly and efficiently introduced into the platform.
- Allow choice and reduce lock-in: PaaS learns from previous horror stories and restrictions, proprietary meant red tape, barriers, and restrictions on what developers could do when it came to migration or adding features and components to the platform. Although the requirement to code to specific APIs was made available by the providers, they could run their apps in various environments based on commonality and standard API structures, ensuring a level of consistency and quality for customers and users.
- Ability to auto-scale: This enables the application to seamlessly scale up and down as required to accommodate the cyclical demands of users. The platform will allocate resources and assign these to the application as required. This serves as a key driver for any seasonal organizations that experience spikes and drops in usage.

NEW QUESTION 5

What is the intellectual property protection for a confidential recipe for muffins?

• A. Patent
• B. Trademark
• C. Trade secret
• D. Copyright

Answer: C

Explanation:
Confidential recipes unique to the organization are trade secrets. The other answers listed are answers to other questions.

NEW QUESTION 6

Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?

• A. Reservations
• B. Measured service
• C. Limits
• D. Shares

Answer: A

Explanation:
Reservations ensure that a minimum level of resources will always be available to a cloud customer for them to start and operate their services. In the event of a DoS attack against one customer, they can guarantee that the other customers will still be able to operate.

NEW QUESTION 7

Audits are either done based on the status of a system or application at a specific time or done as a study over a period of time that takes into account changes and processes.
Which of the following pairs matches an audit type that is done over time, along with the minimum span of time necessary for it?

• A. SOC Type 2, one year
• B. SOC Type 1, one year
• C. SOC Type 2, one month
• D. SOC Type 2, six months

Answer: D

Explanation:
SOC Type 2 audits are done over a period of time, with six months being the minimum duration. SOC Type 1 audits are designed with a scope that's a static point in time, and the other times provided for SOC Type 2 are incorrect.

NEW QUESTION 8

Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?

• A. Injection
• B. Missing function-level access control
• C. Cross-site scripting
• D. Cross-site request forgery

Answer: D

Explanation:
A cross-site request forgery (CSRF) attack forces a client that a user has used to authenticate to an application to send forged requests under the user's own credentials to execute commands and requests that the application thinks are coming from a trusted client and user. Although this type of attack cannot be used to steal data directly because the attacker has no way of seeing the results of the commands, it does open other ways to compromise an application. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes. An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries.

NEW QUESTION 9

Which of the following storage types is most closely associated with a database-type storage implementation?

• A. Object
• B. Unstructured
• C. Volume
• D. Structured

Answer: D

Explanation:
Structured storage involves organized and categorized data, which most closely resembles and operates like a database system would.

NEW QUESTION 10

In the cloud motif, the data owner is usually:

• A. The cloud provider
• B. In another jurisdiction
• C. The cloud customer
• D. The cloud access security broker

Answer: C

Explanation:
The data owner is usually considered the cloud customer in a cloud configuration; the data in question is the customer’s information, being processed in the cloud. The cloud provider is only leasing services and hardware to the customer. The cloud access security broker (CASB) only handles access control on behalf of the cloud customer, and is not in direct contact with the production data.

NEW QUESTION 11

Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.
Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?

• A. Data in transit
• B. Data in use
• C. Data at rest
• D. Data custodian

Answer: D

Explanation:
The jurisdictions where data is being stored, processed, or consumed are the ones that dictate the regulatory frameworks and compliance requirements, regardless of who the data owner or custodian might be. The other concepts for protecting data would all play a prominent role in regulatory compliance with a move to the cloud environment. Each concept needs to be evaluated based on the new configurations as well as any potential changes in jurisdiction or requirements introduced with the move to a cloud.

NEW QUESTION 12

Which of the following is NOT something that an HIDS will monitor?

• A. Configurations
• B. User logins
• C. Critical system files
• D. Network traffic

Answer: B

Explanation:
A host intrusion detection system (HIDS) monitors network traffic as well as critical system files and configurations.

NEW QUESTION 13

Which protocol does the REST API depend on?

• A. HTTP
• B. XML
• C. SAML
• D. SSH

Answer: A

Explanation:
Representational State Transfer (REST) is a software architectural scheme that applies the components, connectors, and data conduits for many web applications used on the Internet. It uses and relies on the HTTP protocol and supports a variety of data formats.

NEW QUESTION 14

Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?

• A. Security misconfiguration
• B. Insecure direct object references
• C. Unvalidated redirects and forwards
• D. Sensitive data exposure

Answer: A

Explanation:
Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner. This can be due to a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware or phishing attacks. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data.

NEW QUESTION 15

What does the management plane typically utilize to perform administrative functions on the hypervisors that it has access to?

• A. Scripts
• B. RDP
• C. APIs
• D. XML

Answer: C

Explanation:
The functions of the management plane are typically exposed as a series of remote calls and function executions and as a set of APIs. These APIs are typically leveraged through either a client or a web portal, with the latter being the most common.

NEW QUESTION 16

Which of the following roles involves the provisioning and delivery of cloud services?

• A. Cloud service deployment manager
• B. Cloud service business manager
• C. Cloud service manager
• D. Cloud service operations manager

Answer: C

Explanation:
The cloud service manager is responsible for the delivery of cloud services, the provisioning of cloud services, and the overall management of cloud services.

NEW QUESTION 17
......