NEW QUESTION 1
Which of the following best describes SAML? Response:

• A. A standard for developing secure application management logistics
• B. A standard for exchanging authentication and authorization data between security domains
• C. A standard for exchanging usernames and passwords across devices
• D. A standard used for directory synchronization

Answer: B

NEW QUESTION 2
What are SOCI/SOCII/SOCIII? Response:

• A. Risk management frameworks
• B. Access controls
• C. Audit reports
• D. Software development phases

Answer: C

NEW QUESTION 3
Which concept pertains to cloud customers paying only for the resources they use and consume, and only for the duration they are using them?
Response:

• A. Measured service
• B. Auto-scaling
• C. Portability
• D. Elasticity

Answer: A

NEW QUESTION 4
Devices in the cloud datacenter should be secure against attack. All the following are means of hardening devices, except:
Response:

• A. Using a strong password policy
• B. Removing default passwords
• C. Strictly limiting physical access
• D. Removing all admin accounts

Answer: D

NEW QUESTION 5
Which cloud storage type uses an opaque value or descriptor to categorize and organize data? Response:

• A. Volume
• B. Object
• C. Structured
• D. Unstructured

Answer: D

NEW QUESTION 6
You are the security manager for a software development firm. Your company is interested in using a managed cloud service provider for hosting its testing environment. Management is interested in adopting an Agile development style.
This will be typified by which of the following traits? Response:

• A. Reliance on a concrete plan formulated during the Define phase
• B. Rigorous, repeated security testing
• C. Isolated programming experts for specific functional elements
• D. Short, iterative work periods

Answer: D

NEW QUESTION 7
SOX was enacted because of which of the following? Response:

• A. Poor BOD oversight
• B. Lack of independent audits
• C. Poor financial controls
• D. All of the above

Answer: D

NEW QUESTION 8
Which of the following BCDR testing methodologies is least intrusive? Response:

• A. Walk-through
• B. Simulation
• C. Tabletop
• D. Full test

Answer: C

NEW QUESTION 9
Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except:
Response:

• A. The cloud provider’s suppliers
• B. The cloud provider’s vendors
• C. The cloud provider’s utilities
• D. The cloud provider’s resellers

Answer: D

NEW QUESTION 10
Aside from the fact that the cloud customer probably cannot locate/reach the physical storage assets of the cloud provider, and that wiping an entire storage space would impact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud?
Response:

• A. All the data storage space in the cloud is already gaussed.
• B. Cloud data storage may not be affected by degaussing.
• C. Federal law prohibits it in the United States.
• D. The blast radius is too wide.

Answer: B

NEW QUESTION 11
Which type of software is most likely to be reviewed by the most personnel, with the most varied perspectives?
Response:

• A. Database management software
• B. Open source software
• C. Secure software
• D. Proprietary software

Answer: B

NEW QUESTION 12
Firewalls can detect attack traffic by using all these methods except ______.
Response:

• A. Known past behavior in the environment
• B. Identity of the malicious user
• C. Point of origination
• D. Signature matching

Answer: B

NEW QUESTION 13
The physical layout of a cloud data center campus should include redundancies of all the following except
______ .
Response:

• A. Physical perimeter security controls (fences, lights, walls, etc.)
• B. The administration/support staff building
• C. Electrical utility lines
• D. Communications connectivity lines

Answer: B

NEW QUESTION 14
Your organization has made it a top priority that any cloud environment being considered to host production systems have guarantees that resources will always be available for allocation when needed.
Which of the following concepts will you need to ensure is part of the contract and SLA? Response:

• A. Limits
• B. Shares
• C. Resource pooling
• D. Reservations

Answer: D

NEW QUESTION 15
Which network protocol is essential for allowing automation and orchestration within a cloud environment? Response:

• A. DNSSEC
• B. DHCP
• C. IPsec
• D. VLANs

Answer: B

NEW QUESTION 16
Which of the following is not an enforceable governmental request? Response:

• A. Warrant
• B. Subpoena
• C. Court order
• D. Affidavit

Answer: D

NEW QUESTION 17
Bob is staging an attack against Alice’s website. He is able to embed a link on her site that will execute malicious code on a visitor’s machine, if the visitor clicks on the link. This is an example of which type of attack?
Response:

• A. Cross-site scripting
• B. Broken authentication/session management
• C. Security misconfiguration
• D. Insecure cryptographic storage

Answer: A