Join the discussion
Question 101/709
All the following are data analytics modes, except:
Correct Answer: C
All the others are data analytics methods, but "refractory iterations" is a nonsense term thrown in as a red herring.
Add Comments
- Other Question (709q)
- Q1. A DLP solution/implementation has three main components. Which of the following is NOT one...
- Q2. Which of the following is NOT one of the official risk rating categories?...
- Q3. You are the data manager for a retail company; you anticipate a much higher volume of sale...
- Q4. What does the REST API use to protect data transmissions?...
- Q5. Which component of ITIL involves planning for the restoration of services after an unexpec...
- Q6. Which of the following threat types involves an application that does not validate authori...
- Q7. What provides the information to an application to make decisions about the authorization ...
- Q8. All of the following are activities that should be performed when capturing and maintainin...
- Q9. When a system needs to be exposed to the public Internet, what type of secure system would...
- Q10. Your company operates in a highly competitive market, with extremely high-value data asset...
- Q11. Which of the following systems is used to employ a variety of different techniques to disc...
- Q12. All of the following are activities that should be performed when capturing and maintainin...
- Q13. Which ITIL component focuses on ensuring that system resources, processes, and personnel a...
- Q14. Which of the following service capabilities gives the cloud customer the most control over...
- Q15. What type of storage structure does object storage employ to maintain files?...
- Q16. Which of the following is considered an external redundancy for a data center?...
- Q17. Which is the lowest level of the CSA STAR program?...
- Q18. Which of the following is not a factor an organization might use in the cost-benefit analy...
- Q19. Which data state would be most likely to use TLS as a protection mechanism?...
- Q20. What concept does the D represent within the STRIDE threat model?...
- Q21. Which of the following in a federated environment is responsible for consuming authenticat...
- Q22. What concept does the "T" represent in the STRIDE threat model?...
- Q23. What are the two protocols that TLS uses?
- Q24. You are the security manager for a software development firm. Your company is interested i...
- Q25. Your IT steering committee has, at a high level, approved your project to begin using clou...
- Q26. Which cloud storage type is typically used to house virtual machine images that are used t...
- Q27. What is the federal agency that accepts applications for new patents?...
- Q28. What does dynamic application security testing (DAST) NOT entail?...
- Q29. What type of masking would you employ to produce a separate data set for testing purposes ...
- Q30. Gathering business requirements can aid the organization in determining all of this inform...
- Q31. BCDR strategies typically do not involve the entire operations of an organization, but onl...
- Q32. Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to ea...
- Q33. Which of the following concepts is NOT one of the core components to an encryption system ...
- Q34. Different security testing methodologies offer different strategies and approaches to test...
- Q35. Managed cloud services exist because the service is less expensive for each customer than ...
- Q36. What is a standard configuration and policy set that is applied to systems and virtual mac...
- Q37. Which of the cloud deployment models offers the most control and input to the cloud custom...
- Q38. Which value refers to the amount of time it takes to recover operations in a BCDR situatio...
- Q39. IRM solutions allow an organization to place different restrictions on data usage than wou...
- Q40. Which aspect of cloud computing pertains to cloud customers only paying for the resources ...
- Q41. Which of the following is the concept of segregating information or processes, within the ...
- Q42. Which of the following is considered a technological control?...
- Q43. Which of the following is NOT an application or utility to apply and enforce baselines on ...
- Q44. Which aspect of cloud computing will be most negatively impacted by vendor lock-in?...
- Q45. Which crucial aspect of cloud computing can be most threatened by insecure APIs?...
- Q46. What is the primary reason that makes resolving jurisdictional conflicts complicated?...
- Q47. Which of the following threat types involves an application that does not validate authori...
- Q48. Many of the traditional concepts of systems and services for a traditional data center als...
- Q49. A user signs on to a cloud-based social media platform. In another browser tab, the user f...
- Q50. Which one of the following threat types to applications and services involves the sending ...
- Q51. Which of the following methods of addressing risk is most associated with insurance? Respo...
- Q52. Each of the following is an element of the Identification phase of the identity and access...
- Q53. Although encryption can help an organization to effectively decrease the possibility of da...
- Q54. Data labels could include all the following, except:...
- Q55. With a federated identity system, what does the identity provider send information to afte...
- Q56. What is the best source for information about securing a physical asset's BIOS?...
- Q57. Which of the following is the best and only completely secure method of data destruction?...
- Q58. With finite resources available within a cloud, even the largest cloud providers will at t...
- Q59. Which European Union directive pertains to personal data privacy and an individual's contr...
- Q60. Which of the following storage types are used with an Infrastructure as a Service (IaaS) s...
- Q61. What aspect of data center planning occurs first? Response:...
- Q62. Which cloud deployment model would be ideal for a group of universities looking to work to...
- Q63. Which component of ITIL pertains to planning, coordinating, executing, and validating chan...
- Q64. Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP...
- Q65. Which of the following is the sole responsibility of the cloud provider, regardless of whi...
- Q66. As a result of scandals involving publicly traded corporations such as Enron, WorldCom, an...
- Q67. Your company has just been served with an eDiscovery order to collect event data and other...
- Q68. What concept does the "T" represent in the STRIDE threat model?...
- Q69. Which of the following is a widely used tool for code development, branching, and collabor...
- Q70. With the rapid emergence of cloud computing, very few regulations were in place that perta...
- Q71. Which value refers to the percentage of production level restoration needed to meet BCDR o...
- Q72. Firewalls are used to provide network security throughout an enterprise and to control wha...
- Q73. Which security concept would business continuity and disaster recovery fall under?...
- Q74. Which of the following best describes SAML?
- Q75. What is the experimental technology that might lead to the possibility of processing encry...
- Q76. Which of the following storage types is most closely associated with a traditional file sy...
- Q77. The tasks performed by the hypervisor in the virtual environment can most be likened to th...
- Q78. Which of the following is NOT a factor that is part of a firewall configuration?...
- Q79. With software-defined networking, what aspect of networking is abstracted from the forward...
- Q80. Which data sanitation method is also commonly referred to as "zeroing"?...
- Q81. Which of the following systems is used to employ a variety of different techniques to disc...
- Q82. Which of the following can be useful for protecting cloud customers from a denial-of-servi...
- Q83. What concept does the "A" represent in the DREAD model?...
- Q84. A honeypot can be used for all the following purposes except ____________....
- Q85. Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, ...
- Q86. Although the United States does not have a single, comprehensive privacy and regulatory fr...
- Q87. Which of the following might make crypto-shredding difficult or useless? Response:...
- Q88. A virtual network interface card (NIC) exists at layer __________ of the OSI model. Respon...
- Q89. What is a serious complication an organization faces from the perspective of compliance wi...
- Q90. Which of the following characteristics is associated with digital rights management (DRM) ...
- Q91. Penetration testing is a(n) __________ form of security assessment....
- Q92. A UPS should have enough power to last how long?...
- Q93. Just like the risk management process, the BCDR planning process has a defined sequence of...
- Q94. Which aspect of security is DNSSEC designed to ensure?...
- Q95. For performance purposes, OS monitoring should include all of the following except:...
- Q96. Which of the following aspects of cloud computing would make it more likely that a cloud p...
- Q97. Firewalls are used to provide network security throughout an enterprise and to control wha...
- Q98. Which of the following threat types can occur when an application does not properly valida...
- Q99. What is the best source for information about securing a physical asset's BIOS?...
- Q100. Which aspect of cloud computing would make the use of a cloud the most attractive as a BCD...
- Q101. All the following are data analytics modes, except:...
- Q102. SOC Type 1 reports are considered "restricted use," in that they are intended only for lim...
- Q103. A honeypot can be used for all the following purposes except ____________. Response:...
- Q104. Resolving resource contentions in the cloud will most likely be the job of the ___________...
- Q105. The cloud deployment model that features joint ownership of assets among an affinity group...
- Q106. Which of the following best describes a sandbox?...
- Q107. Although host-based and network-based IDSs perform similar functions and have similar capa...
- Q108. What are the U.S. State Department controls on technology exports known as?...
- Q109. What strategy involves replacing sensitive data with opaque values, usually with a means o...
- Q110. Which of the following roles is responsible for peering with other cloud services and prov...
- Q111. In order to comply with regulatory requirements, which of the following secure erasure met...
- Q112. During the assessment phase of a risk evaluation, what are the two types of tests that are...
- Q113. Which United States law is focused on accounting and financial practices of organizations?...
- Q114. The BCDR plan/process should be written and documented in such a way that it can be used b...
- Q115. DAST checks software functionality in ____________....
- Q116. Maintenance mode requires all of these actions except:...
- Q117. Which is the lowest level of the CSA STAR program?...
- Q118. A web application firewall (WAF) can understand and act on ________ traffic. Response:...
- Q119. Which of the following roles involves overseeing billing, purchasing, and requesting audit...
- Q120. Which aspect of cloud computing serves as the biggest challenge to using DLP to protect da...
- Q121. Which attribute of data poses the biggest challenge for data discovery?...
- Q122. A UPS should have enough power to last how long?...
- Q123. One of the main components of system audits is the ability to track changes over time and ...
- Q124. Which of the following is not included in the OWASP Top Ten web application security threa...
- Q125. What type of storage structure does object storage employ to maintain files?...
- Q126. The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats ...
- Q127. Who will determine data classifications for the cloud customer?...
- Q128. You are the security manager for an online retail sales company with 100 employees and a p...
- Q129. Federation should be __________ to the users.
- Q130. Many of the traditional concepts of systems and services for a traditional data center als...
- Q131. According to the (ISC)2 Cloud Secure Data Life Cycle, which phase comes soon after (or at ...
- Q132. When a system needs to be exposed to the public Internet, what type of secure system would...
- Q133. Which of the following represents a minimum guaranteed resource within a cloud environment...
- Q134. Which of the following concepts is NOT one of the core components to an encryption system ...
- Q135. The European Union passed the first major regulation declaring data privacy to be a human ...
- Q136. Which of the following is NOT an application or utility to apply and enforce baselines on ...
- Q137. Although the United States does not have a single, comprehensive privacy and regulatory fr...
- Q138. Which European Union directive pertains to personal data privacy and an individual's contr...
- Q139. Log data should be protected ____________. Response:...
- Q140. You are working for a cloud service provider and receive an eDiscovery order pertaining to...
- Q141. Which of the following methods of addressing risk is most associated with insurance?...
- Q142. Audits are either done based on the status of a system or application at a specific time o...
- Q143. Modern web service systems are designed for high availability and resiliency. Which concep...
- Q144. Which type of software is most likely to be reviewed by the most personnel, with the most ...
- Q145. A poorly negotiated cloud service contract could result in all the following detrimental e...
- Q146. Which of the following roles is responsible for peering with other cloud services and prov...
- Q147. All of the following are terms used to described the practice of obscuring original raw da...
- Q148. Which of the following actions will NOT make data part of the create phase of the cloud da...
- Q149. DLP can be combined with what other security technology to enhance data controls?...
- Q150. Which of the following roles involves the connection and integration of existing systems a...
- Q151. Which of the following types of organizations is most likely to make use of open source so...
- Q152. Which of the following statements about Type 1 hypervisors is true?...
- Q153. Which of the following is NOT a commonly used communications method within cloud environme...
- Q154. Which of the following is a possible negative aspect of bit-splitting?...
- Q155. In order to comply with regulatory requirements, which of the following secure erasure met...
- Q156. What type of masking strategy involves replacing data on a system while it passes between ...
- Q157. Which of the following best describes a cloud carrier?...
- Q158. A cloud provider is looking to provide a higher level of assurance to current and potentia...
- Q159. Along with humidity, temperature is crucial to a data center for optimal operations and pr...
- Q160. From the perspective of compliance, what is the most important consideration when it comes...
- Q161. Which of the following is a commonly used tool for maintaining system configurations?...
- Q162. Which of the cloud deployment models requires the cloud customer to be part of a specific ...
- Q163. You were recently hired as a project manager at a major university to implement cloud serv...
- Q164. Which of the following are distinguishing characteristics of a managed service provider?...
- Q165. The application normative framework is best described as which of the following?...
- Q166. The tasks performed by the hypervisor in the virtual environment can most be likened to th...
- Q167. Which of the following report is most aligned with financial control audits?...
- Q168. With a federated identity system, where would a user perform their authentication when req...
- Q169. Tokenization requires two distinct _________________ ....
- Q170. Which of the following is NOT something that an HIDS will monitor?...
- Q171. The SOC Type 2 reports are divided into five principles. Which of the five principles must...
- Q172. Which of the following is a widely used tool for code development, branching, and collabor...
- Q173. Which security certification serves as a general framework that can be applied to any type...
- Q174. If a company needed to guarantee through contract and SLAs that a cloud provider would alw...
- Q175. What type of security threat is DNSSEC designed to prevent?...
- Q176. Which value refers to the amount of data an organization would need to recover in the even...
- Q177. Which of the following is a method for apportioning resources that involves setting maximu...
- Q178. Clustered systems can be used to ensure high availability and load balancing across indivi...
- Q179. Your boss has tasked your team with getting your legacy systems and applications connected...
- Q180. Which of the following are attributes of cloud computing?...
- Q181. What type of host is exposed to the public Internet for a specific reason and hardened to ...
- Q182. Humidity levels for a data center are a prime concern for maintaining electrical and compu...
- Q183. In a federated identity arrangement using a trusted third-party model, who is the identity...
- Q184. What controls the formatting and security settings of a volume storage system within a clo...
- Q185. Which of the following aspects of cloud computing would make it more likely that a cloud p...
- Q186. You are the security policy lead for your organization, which is considering migrating fro...
- Q187. Which of the following security technologies is commonly used to give administrators acces...
- Q188. Your IT steering committee has, at a high level, approved your project to begin using clou...
- Q189. What is the best approach for dealing with services or utilities that are installed on a s...
- Q190. You are the security subject matter expert (SME) for an organization considering a transit...
- Q191. Which of the following is essential for getting full security value from your system basel...
- Q192. Which of the following concepts refers to a cloud customer paying only for the resources a...
- Q193. Patches do all the following except ____________. Response:...
- Q194. What is the biggest negative to leasing space in a data center versus building or maintain...
- Q195. Which of the following is NOT one of the main intended goals of a DLP solution?...
- Q196. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats t...
- Q197. What is the cloud service model in which the customer is responsible for administration of...
- Q198. When reviewing the BIA after a cloud migration, the organization should take into account ...
- Q199. Which of the following roles involves the connection and integration of existing systems a...
- Q200. Before deploying a specific brand of virtualization toolset, it is important to configure ...
- Q201. Which of the following service categories entails the least amount of support needed on th...
- Q202. Which of the following threat types can occur when baselines are not appropriately applied...
- Q203. What is the data encapsulation used with the SOAP protocol referred to?...
- Q204. What are SOCI/SOCII/SOCIII?
- Q205. Software-defined networking (SDN) is intended to separate different network capabilities a...
- Q206. Which of the following is a method for apportioning resources that involves setting guaran...
- Q207. When using a PaaS solution, what is the capability provided to the customer?...
- Q208. You are working for a cloud service provider and receive an eDiscovery order pertaining to...
- Q209. Which of the following is not an enforceable governmental request? Response:...
- Q210. What is the biggest challenge to data discovery in a cloud environment?...
- Q211. On large distributed systems with pooled resources, cloud computing relies on extensive or...
- Q212. What sort of legal enforcement may the Payment Card Industry (PCI) Security Standards Coun...
- Q213. Countermeasures for protecting cloud operations against external attackers include all of ...
- Q214. What type of masking strategy involves making a separate and distinct copy of data with ma...
- Q215. What category of PII data can carry potential fines or even criminal charges for its impro...
- Q216. Which of the following is NOT a major regulatory framework?...
- Q217. Which jurisdiction lacks specific and comprehensive privacy laws at a national or top leve...
- Q218. All of the following are activities that should be performed when capturing and maintainin...
- Q219. Which ITIL component focuses on ensuring that system resources, processes, and personnel a...
- Q220. Which of the following does NOT relate to the hiding of sensitive data from data sets?...
- Q221. Which type of software is most likely to be reviewed by the most personnel, with the most ...
- Q222. Which of the following is the recommended operating range for temperature and humidity in ...
- Q223. Which of the following in a federated environment is responsible for consuming authenticat...
- Q224. The Brewer-Nash security model is also known as which of the following? Response:...
- Q225. Which of the following publishes the most commonly used standard for data center design in...
- Q226. You are a consultant performing an external security review on a large manufacturing firm....
- Q227. Which value refers to the amount of time it takes to recover operations in a BCDR situatio...
- Q228. Proper implementation of DLP solutions for successful function requires which of the follo...
- Q229. Every cloud service provider that opts to join the CSA STAR program registry must complete...
- Q230. A cloud provider is looking to provide a higher level of assurance to current and potentia...
- Q231. An audit scope statement defines the limits and outcomes from an audit. Which of the follo...
- Q232. What are the four cloud deployment models? Response:...
- Q233. Which strategy involves using a fake production system to lure attackers in order to learn...
- Q234. Which protocol operates at the network layer and provides for full point-to-point encrypti...
- Q235. Within a SaaS environment, what is the responsibility on the part of the cloud customer in...
- Q236. When a system needs to be exposed to the public Internet, what type of secure system would...
- Q237. Which data state would be most likely to use digital signatures as a security protection m...
- Q238. Which of the following aspects of security is solely the responsibility of the cloud provi...
- Q239. What does the REST API support that SOAP does NOT support?...
- Q240. Which aspect of SaaS will alleviate much of the time and energy organizations spend on com...
- Q241. Many tools and technologies are available for securing or monitoring data in transit withi...
- Q242. Which of the following is the sole responsibility of the cloud customer, regardless of whi...
- Q243. Which of the following service capabilities gives the cloud customer the least amount of c...
- Q244. In the cloud motif, the data owner is usually:...
- Q245. Limits for resource utilization can be set at different levels within a cloud environment ...
- Q246. Which ITIL component is an ongoing, iterative process of tracking all deployed and configu...
- Q247. Which component of ITIL pertains to planning, coordinating, executing, and validating chan...
- Q248. Digital investigations have adopted many of the same methodologies and protocols as other ...
- Q249. Which of the following are the storage types associated with IaaS?...
- Q250. Which component of ITIL involves the creation of an RFC ticket and obtaining official appr...
- Q251. What is the intellectual property protection for a confidential recipe for muffins?...
- Q252. Which of the following is the biggest concern or challenge with using encryption?...
- Q253. A crucial decision any company must make is in regard to where it hosts the data systems i...
- Q254. Which of the following types of data would fall under data rights management (DRM) rather ...
- Q255. Which of the following is not a component of contractual PII?...
- Q256. Cloud environments pose many unique challenges for a data custodian to properly adhere to ...
- Q257. Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and role...
- Q258. The REST API is a widely used standard for communications of web-based services between cl...
- Q259. What is the most secure form of code testing and review?...
- Q260. Which of the following is not a way to manage risk?...
- Q261. Which of the following are the storage types associated with PaaS?...
- Q262. Which of the following is an example of useful and sufficient data masking of the string "...
- Q263. In a cloud environment, encryption should be used for all the following, except:...
- Q264. Which of the cloud deployment models involves spanning multiple cloud environments or a mi...
- Q265. Which one of the following is not one of the three common threat modeling techniques? Resp...
- Q266. Which of the following terms is NOT a commonly used category of risk acceptance?...
- Q267. Which of the following is NOT one of the cloud computing activities, as outlined in ISO/IE...
- Q268. Which of the following jurisdictions lacks a comprehensive national policy on data privacy...
- Q269. When using a SaaS solution, what is the capability provided to the customer?...
- Q270. Which of the following is a widely used tool for code development, branching, and collabor...
- Q271. Which type of testing tends to produce the best and most comprehensive results for discove...
- Q272. Countermeasures for protecting cloud operations against internal threats include all of th...
- Q273. Which of the following are not examples of personnel controls? Response:...
- Q274. What strategy involves hiding data in a data set to prevent someone from identifying speci...
- Q275. Which of the following tasks within a SaaS environment would NOT be something the cloud cu...
- Q276. Log data should be protected ____________.
- Q277. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...
- Q278. A variety of security systems can be integrated within a network--some that just monitor f...
- Q279. How is an object stored within an object storage system?...
- Q280. Although much of the attention given to data security is focused on keeping data private a...
- Q281. Audits are either done based on the status of a system or application at a specific time o...
- Q282. Audits are either done based on the status of a system or application at a specific time o...
- Q283. Which of the following is the primary purpose of an SOC 3 report?...
- Q284. Maintenance mode requires all of these actions except:...
- Q285. In which cloud service model is the customer required to maintain the OS?...
- Q286. What principle must always been included with an SOC 2 report? Response:...
- Q287. Which regulatory system pertains to the protection of healthcare data?...
- Q288. Which value refers to the amount of data an organization would need to recover in the even...
- Q289. What is the most secure form of code testing and review? Response:...
- Q290. Cloud vendors are held to contractual obligations with specified metrics by: Response:...
- Q291. In addition to whatever audit results the provider shares with the customer, what other me...
- Q292. The SOC Type 2 reports are divided into five principles. Which of the five principles must...
- Q293. Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP...
- Q294. You are a consultant performing an external security review on a large manufacturing firm....
- Q295. Which of the following is not typically included in the list of critical assets specified ...
- Q296. When an organization is considering a cloud environment for hosting BCDR solutions, which ...
- Q297. Which of the following are considered to be the building blocks of cloud computing?...
- Q298. You are in charge of creating the BCDR plan and procedures for your organization. Your org...
- Q299. Which of the following roles would be responsible for managing memberships in federations ...
- Q300. Best practices for key management include all of the following, except:...
- Q301. Different types of audits are intended for different audiences, such as internal, external...
- Q302. Which audit type has been largely replaced by newer approaches since 2011?...
- Q303. Which aspect of SaaS will alleviate much of the time and energy organizations spend on com...
- Q304. Which phase of the cloud data lifecycle involves processing by a user or application?...
- Q305. Jurisdictions have a broad range of privacy requirements pertaining to the handling of per...
- Q306. Which of these characteristics of a virtualized network adds risks to the cloud environmen...
- Q307. In the wake of many scandals with major corporations involving fraud and the deception of ...
- Q308. A data custodian is responsible for which of the following?...
- Q309. With an application hosted in a cloud environment, who could be the recipient of an eDisco...
- Q310. A main objective for an organization when utilizing cloud services is to avoid vendor lock...
- Q311. Humidity levels for a data center are a prime concern for maintaining electrical and compu...
- Q312. Who would be responsible for implementing IPsec to secure communications for an applicatio...
- Q313. Which of the following threat types can occur when baselines are not appropriately applied...
- Q314. Which of the following attempts to establish an international standard for eDiscovery proc...
- Q315. Which of the following would probably best aid an organization in deciding whether to migr...
- Q316. Which concept BEST describes the capability for a cloud environment to automatically scale...
- Q317. Which United States law is focused on data related to health records and privacy?...
- Q318. When an API is being leveraged, it will encapsulate its data for transmission back to the ...
- Q319. What concept and operational process must be spelled out clearly, as far as roles and resp...
- Q320. Which of the following would NOT be considered part of resource pooling with an Infrastruc...
- Q321. Hardening the operating system refers to all of the following except:...
- Q322. The ISO/IEC 27001:2013 security standard contains 14 different domains that cover virtuall...
- Q323. Which of the following is not a way to manage risk?...
- Q324. Designers making applications for the cloud have to take into consideration risks and oper...
- Q325. The Cloud Security Alliance's (CSA's) Cloud Controls Matrix (CCM) addresses all the follow...
- Q326. You need to gain approval to begin moving your company's data and systems into a cloud env...
- Q327. In order to ensure ongoing compliance with regulatory requirements, which phase of the clo...
- Q328. Dynamic application security testing (DAST) is usually considered a ________ form of testi...
- Q329. Which ITIL component is focused on anticipating predictable problems and ensuring that con...
- Q330. Which of the following threat types involves the sending of untrusted data to a user's bro...
- Q331. What is the only data format permitted with the SOAP API?...
- Q332. DLP solutions can aid all of the following security-related efforts except ____________. R...
- Q333. Anonymization is the process of removing from data sets. Response:...
- Q334. Which of the following storage types is most closely associated with a traditional file sy...
- Q335. What is the term that describes the situation when a malicious user/attacker can exit the ...
- Q336. BCDR strategies typically do not involve the entire operations of an organization, but onl...
- Q337. A DLP solution/implementation has three main components. Which of the following is NOT one...
- Q338. Fiber-optic lines are considered part of layer __________ of the OSI model. Response:...
- Q339. Which of the following is the least challenging with regard to eDiscovery in the cloud?...
- Q340. What is the best approach for dealing with services or utilities that are installed on a s...
- Q341. What type of storage structure does object storage employ to maintain files?...
- Q342. Modern web service systems are designed for high availability and resiliency. Which concep...
- Q343. When a user accesses a system, what process determines the roles and privileges that user ...
- Q344. You are the security director for a chain of automotive repair centers across several stat...
- Q345. You are the security manager of a small firm that has just purchased a DLP solution to imp...
- Q346. Which of the following best describes the purpose and scope of ISO/IEC 27034-1?...
- Q347. The SOC Type 2 reports are divided into five principles. Which of the five principles must...
- Q348. The most pragmatic option for data disposal in the cloud is which of the following?...
- Q349. Where is a DLP solution generally installed when utilized for monitoring data in use?...
- Q350. What are the U.S. State Department controls on technology exports known as?...
- Q351. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...
- Q352. You work for a government research facility. Your organization often shares data with othe...
- Q353. If a company needed to guarantee through contract and SLAs that a cloud provider would alw...
- Q354. When an organization implements an SIEM solution and begins aggregating event data, the co...
- Q355. What type of PII is regulated based on the type of application or per the conditions of th...
- Q356. A variety of security systems can be integrated within a network--some that just monitor f...
- Q357. You are the security manager for a company that is considering cloud migration to an IaaS ...
- Q358. What is one of the reasons a baseline might be changed?...
- Q359. Which of the following pertains to a macro level approach to data center design rather tha...
- Q360. Which of the following statements best describes a Type 1 hypervisor?...
- Q361. With a cloud service category where the cloud customer is responsible for deploying all se...
- Q362. All policies within the organization should include a section that includes all of the fol...
- Q363. Which of the following is NOT one of the cloud computing activities, as outlined in ISO/IE...
- Q364. Without the extensive funds of a large corporation, a small-sized company could gain consi...
- Q365. What is an often overlooked concept that is essential to protecting the confidentiality of...
- Q366. Which of the following is not typically included in the list of critical assets specified ...
- Q367. Which of the following is NOT a function performed by the handshake protocol of TLS?...
- Q368. All of the following are activities that should be performed when capturing and maintainin...
- Q369. Which type of testing uses the same strategies and toolsets that hackers would use?...
- Q370. When an organization is considering a cloud environment for hosting BCDR solutions, which ...
- Q371. Within a SaaS environment, what is the responsibility on the part of the cloud customer in...
- Q372. The management plane is used to administer a cloud environment and perform administrative ...
- Q373. What is a form of cloud storage where data is stored as objects, arranged in a hierarchal ...
- Q374. Which of the following cloud aspects complicates eDiscovery?...
- Q375. Which of the following statements accurately describes VLANs?...
- Q376. Which of the following is characterized by a set maximum capacity?...
- Q377. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...
- Q378. Which type of testing uses the same strategies and toolsets that hackers would use?...
- Q379. Which of the following actions will NOT make data part of the create phase of the cloud da...
- Q380. You are the security policy lead for your organization, which is considering migrating fro...
- Q381. Which of the following actions will NOT make data part of the "create" phase of the cloud ...
- Q382. Which technique involves replacing values within a specific data field to protect sensitiv...
- Q383. There are two general types of smoke detectors. Which type uses a small portion of radioac...
- Q384. Which of the following roles is responsible for obtaining new customers and securing contr...
- Q385. Which of the following is NOT a component of access control?...
- Q386. Digital investigations have adopted many of the same methodologies and protocols as other ...
- Q387. Which aspect of security is DNSSEC designed to ensure?...
- Q388. Which of the following roles is responsible for overseeing customer relationships and the ...
- Q389. Your organization is considering a move to a cloud environment and is looking for certific...
- Q390. Which of the following is not typically included as a basic phase of the software developm...
- Q391. Most APIs will support a variety of different data formats or structures. However, the SOA...
- Q392. Which of the following is not one of the types of controls?...
- Q393. Which of the following is a possible negative aspect of bit-splitting? Response:...
- Q394. Which of the following concepts is NOT one of the core components to an encryption system ...
- Q395. Which of the following standards primarily pertains to cabling designs and setups in a dat...
- Q396. What does static application security testing (SAST) offer as a tool to the testers?...
- Q397. Which of the following BCDR testing methodologies is least intrusive? Response:...
- Q398. Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP...
- Q399. Which of the following storage types is most closely associated with a database-type stora...
- Q400. Other than cost savings realized due to measured service, what is another facet of cloud c...
- Q401. What are the U.S. Commerce Department controls on technology exports known as?...
- Q402. Which OSI layer does IPsec operate at?
- Q403. Which security concept is based on preventing unauthorized access to data while also ensur...
- Q404. Implementing baselines on systems would take an enormous amount of time and resources if t...
- Q405. Which of the following is not a risk management framework?...
- Q406. Which of the following service capabilities gives the cloud customer the most control over...
- Q407. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...
- Q408. Which of the following involves assigning an opaque value to sensitive data fields to prot...
- Q409. Just like the risk management process, the BCDR planning process has a defined sequence of...
- Q410. Which protocol does the REST API depend on?
- Q411. Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, ...
- Q412. The use of which of the following technologies will NOT require the security dependency of...
- Q413. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats t...
- Q414. Resolving resource contentions in the cloud will most likely be the job of the ___________...
- Q415. DRM solutions should generally include all the following functions, except:...
- Q416. In order to prevent cloud customers from potentially consuming enormous amounts of resourc...
- Q417. Which of the following technologies is used to monitor network traffic and notify if any p...
- Q418. Which of the following roles is responsible for gathering metrics on cloud services and ma...
- Q419. Three central concepts define what type of data and information an organization is respons...
- Q420. What can tokenization be used for? Response:
- Q421. Which kind of SSAE audit reviews controls dealing with the organization's controls for ass...
- Q422. A virtual network interface card (NIC) exists at layer __________ of the OSI model....
- Q423. Which of the following does NOT fall under the "IT" aspect of quality of service (QoS)?...
- Q424. Data masking can be used to provide all of the following functionality, except:...
- Q425. Firewalls can detect attack traffic by using all these methods except ____________....
- Q426. Which of the following involves assigning an opaque value to sensitive data fields to prot...
- Q427. Which of the following is a restriction that can be enforced by information rights managem...
- Q428. According to OWASP recommendations, active software security testing should include all of...
- Q429. Apart from using encryption at the file system level, what technology is the most widely u...
- Q430. What aspect of data center planning occurs first?...
- Q431. Which cloud service category would be most ideal for a cloud customer that is developing s...
- Q432. A cloud data encryption situation where the cloud customer retains control of the encrypti...
- Q433. What concept does the "D" represent with the STRIDE threat model?...
- Q434. Which of the following provides assurance, to a predetermined acceptable level of certaint...
- Q435. Which of the following is NOT a key area for performance monitoring as far as an SLA is co...
- Q436. What strategy involves hiding data in a data set to prevent someone from identifying speci...
- Q437. Which of the following would NOT be used to determine the classification of data? Response...
- Q438. You are the security manager for a software development firm. Your company is interested i...
- Q439. Different types of cloud deployment models use different types of storage from traditional...
- Q440. Which type of controls are the SOC Type 1 reports specifically focused on?...
- Q441. Which of the following provides assurance, to a predetermined acceptable level of certaint...
- Q442. What does a cloud customer purchase or obtain from a cloud provider?...
- Q443. What is the biggest concern with hosting a key management system outside of the cloud envi...
- Q444. What are the objectives of change management? (Choose all that apply.) Response:...
- Q445. DLP can be combined with what other security technology to enhance data controls?...
- Q446. Many activities within a cloud environment are performed via programmatic means, where com...
- Q447. Which approach is typically the most efficient method to use for data discovery?...
- Q448. Which United States law is focused on PII as it relates to the financial industry?...
- Q449. Which of the following data protection methodologies maintains the ability to connect back...
- Q450. Within a federated identity system, which of the following would you be MOST likely to use...
- Q451. DNSSEC was designed to add a layer of security to the DNS protocol. Which type of attack w...
- Q452. Which phase of the cloud data lifecycle represents the first instance where security contr...
- Q453. What must SOAP rely on for security since it does not provide security as a built-in capab...
- Q454. Static software security testing typically uses __________ as a measure of how thorough th...
- Q455. For performance purposes, OS monitoring should include all of the following except:...
- Q456. Which of the following is NOT a focus or consideration of an internal audit?...
- Q457. You are the security manager of a small firm that has just purchased a DLP solution to imp...
- Q458. Which of the following roles is responsible for preparing systems for the cloud, administe...
- Q459. Which of the following threat types involves an application developer leaving references t...
- Q460. The different cloud service models have varying levels of responsibilities for functions a...
- Q461. What type of masking would you employ to produce a separate data set for testing purposes ...
- Q462. Within an Infrastructure as a Service model, which of the following would NOT be a measure...
- Q463. Which of the following roles involves testing, monitoring, and securing cloud services for...
- Q464. Although the REST API supports a wide variety of data formats for communications and excha...
- Q465. There is a large gap between the privacy laws of the United States and those of the Europe...
- Q466. In which cloud service model is the customer required to maintain the OS?...
- Q467. Using one cloud provider for your operational environment and another for your BCDR backup...
- Q468. Which of the following security measures done at the network layer in a traditional data c...
- Q469. Which component of ITIL involves handling anything that can impact services for either int...
- Q470. Which of the following roles involves the provisioning and delivery of cloud services?...
- Q471. Security best practices in a virtualized network environment would include which of the fo...
- Q472. Which format is the most commonly used standard for exchanging information within a federa...
- Q473. One of the main components of system audits is the ability to track changes over time and ...
- Q474. Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hyper...
- Q475. Which of the following is a valid risk management metric?...
- Q476. Which of the following threat types can occur when baselines are not appropriately applied...
- Q477. As part of the auditing process, getting a report on the deviations between intended confi...
- Q478. Because of multitenancy, specific risks in the public cloud that don't exist in the other ...
- Q479. What does the REST API support that SOAP does NOT support?...
- Q480. When an API is being leveraged, it will encapsulate its data for transmission back to the ...
- Q481. Identity and access management (IAM) is a security discipline that ensures which of the fo...
- Q482. What type of PII is regulated based on the type of application or per the conditions of th...
- Q483. Virtual machine (VM) configuration management (CM) tools should probably include _________...
- Q484. Which of the following is the least challenging with regard to eDiscovery in the cloud?...
- Q485. Which of the following is the optimal humidity level for a data center, per the guidelines...
- Q486. To protect data on user devices in a BYOD environment, the organization should consider re...
- Q487. You have been tasked with creating an audit scope statement and are making your project ou...
- Q488. Which of the following is NOT a criterion for data within the scope of eDiscovery?...
- Q489. Which of the following is perhaps the best method for reducing the risk of a specific appl...
- Q490. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...
- Q491. You are the security manager for a small application development company. Your company is ...
- Q492. Which kind of SSAE audit reviews controls dealing with the organization's controls for ass...
- Q493. Which if the following is NOT one of the three components of a federated identity system t...
- Q494. Which of the following roles is responsible for creating cloud components and the testing ...
- Q495. Many different common threats exist against web-exposed services and applications. One att...
- Q496. Apart from using encryption at the file system level, what technology is the most widely u...
- Q497. What does a cloud customer purchase or obtain from a cloud provider?...
- Q498. Which United States program was designed to enable organizations to bridge the gap between...
- Q499. What is the biggest negative to leasing space in a data center versus building or maintain...
- Q500. Many aspects and features of cloud computing can make eDiscovery compliance more difficult...
- Q501. Which cloud service category offers the most customization options and control to the clou...
- Q502. Which publication from the United States National Institute of Standards and Technology pe...
- Q503. Single sign-on systems work by authenticating users from a centralized location or using a...
- Q504. The Transport Layer Security (TLS) protocol creates a secure communications channel over p...
- Q505. Which aspect of archiving must be tested regularly for the duration of retention requireme...
- Q506. The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats ...
- Q507. Which of the following threat types can occur when baselines are not appropriately applied...
- Q508. Which of the following is NOT one of the components of multifactor authentication?...
- Q509. With the rapid emergence of cloud computing, very few regulations were in place that perta...
- Q510. Which United States law is focused on PII as it relates to the financial industry?...
- Q511. You are the data manager for a retail company; you anticipate a much higher volume of sale...
- Q512. Many tools and technologies are available for securing or monitoring data in transit withi...
- Q513. When an organization is considering the use of cloud services for BCDR planning and soluti...
- Q514. When using an IaaS solution, what is the capability provided to the customer?...
- Q515. Static software security testing typically uses __________ as a measure of how thorough th...
- Q516. Which is the appropriate phase of the cloud data lifecycle for determining the data's clas...
- Q517. Your boss has tasked your team with getting your legacy systems and applications connected...
- Q518. All the following are data analytics modes, except:...
- Q519. Which of the cloud deployment models involves spanning multiple cloud environments or a mi...
- Q520. Which attribute of data poses the biggest challenge for data discovery?...
- Q521. Which cloud service category most commonly uses client-side key management systems?...
- Q522. Egress monitoring solutions usually include a function that ____________. Response:...
- Q523. The physical layout of a cloud data center campus should include redundancies of all the f...
- Q524. Which of the following service capabilities gives the cloud customer an established and ma...
- Q525. Which aspect of cloud computing makes data classification even more vital than in a tradit...
- Q526. An audit scope statement defines the limits and outcomes from an audit. Which of the follo...
- Q527. Every cloud service provider that opts to join the CSA STAR program registry must complete...
- Q528. Why does the physical location of your data backup and/or BCDR failover environment matter...
- Q529. Which type of testing tends to produce the best and most comprehensive results for discove...
- Q530. What is the first stage of the cloud data lifecycle where security controls can be impleme...
- Q531. Which of the following may unilaterally deem a cloud hosting model inappropriate for a sys...
- Q532. Your organization is considering a move to a cloud environment and is looking for certific...
- Q533. Configurations and policies for a system can come from a variety of sources and take a var...
- Q534. Humidity levels for a data center are a prime concern for maintaining electrical and compu...
- Q535. Countermeasures for protecting cloud operations against internal threats include all of th...
- Q536. Using one cloud provider for your operational environment and another for your BCDR backup...
- Q537. All policies within the organization should include a section that includes all of the fol...
- Q538. What concept does the "A" represent in the DREAD model?...
- Q539. Which of the following data-sanitation approaches are always available within a cloud envi...
- Q540. In the cloud motif, the data owner is usually:...
- Q541. Which of the following is NOT a function performed by the handshake protocol of TLS?...
- Q542. Which cloud storage type uses an opaque value or descriptor to categorize and organize dat...
- Q543. Tokenization requires two distinct _________________ ....
- Q544. What is the biggest negative to leasing space in a data center versus building or maintain...
- Q545. What does a cloud customer purchase or obtain from a cloud provider?...
- Q546. Which United States law is focused on data related to health records and privacy?...
- Q547. A crucial decision any company must make is in regard to where it hosts the data systems i...
- Q548. What are third-party providers of IAM functions for the cloud environment?...
- Q549. From a security perspective, what component of a cloud computing infrastructure represents...
- Q550. Which of the following is considered an internal redundancy for a data center?...
- Q551. Just like the risk management process, the BCDR planning process has a defined sequence of...
- Q552. Legal controls refer to which of the following?...
- Q553. If a company needed to guarantee through contract and SLAs that a cloud provider would alw...
- Q554. Which cloud service category would be most ideal for a cloud customer that is developing s...
- Q555. Which cloud deployment model is MOST likely to offer free or very cheap services to users?...
- Q556. Although performing BCDR tests at regular intervals is a best practice to ensure processes...
- Q557. All of the following entitles are required to use FedRAMP-accredited Cloud Service Provide...
- Q558. Whereas a contract articulates overall priorities and requirements for a business relation...
- Q559. Which audit type has been largely replaced by newer approaches since 2011?...
- Q560. Which of the following contract terms most incentivizes the cloud provider to meet the req...
- Q561. Which data sanitation method is also commonly referred to as "zeroing"?...
- Q562. Why does the physical location of your data backup and/or BCDR failover environment matter...
- Q563. While an audit is being conducted, which of the following could cause management and the a...
- Q564. At which phase of the SDLC process should security begin participating? Response:...
- Q565. Which cloud service category offers the most customization options and control to the clou...
- Q566. Which of the following actions will NOT make data part of the "create" phase of the cloud ...
- Q567. In order to comply with regulatory requirements, which of the following secure erasure met...
- Q568. All of the following are usually nonfunctional requirements except ____________....
- Q569. Which type of cloud service category would having a vendor-neutral encryption scheme for d...
- Q570. Which of the following approaches would NOT be considered sufficient to meet the requireme...
- Q571. Which type of controls are the SOC Type 1 reports specifically focused on?...
- Q572. Your company is in the planning stages of moving applications that have large data sets to...
- Q573. Proper implementation of DLP solutions for successful function requires which of the follo...
- Q574. What controls the formatting and security settings of a volume storage system within a clo...
- Q575. Which of the following characteristics is associated with digital rights management (DRM) ...
- Q576. When reviewing the BIA after a cloud migration, the organization should take into account ...
- Q577. It is important to include _______ in the design of underfloor plenums if they are also us...
- Q578. Where is a DLP solution generally installed when utilized for monitoring data in use?...
- Q579. Which networking concept in a cloud environment allows for network segregation and isolati...
- Q580. SOC 2 reports were intended to be ____________. Response:...
- Q581. All of the following methods can be used to attenuate the harm caused by escalation of pri...
- Q582. Although indirect identifiers cannot alone point to an individual, the more of them known ...
- Q583. What process is used within a clustered system to provide high availability and load balan...
- Q584. Which of the following is NOT a focus or consideration of an internal audit?...
- Q585. Which of the following could be used as a second component of multifactor authentication i...
- Q586. Key maintenance and security are paramount within a cloud environment due to the widesprea...
- Q587. Digital investigations have adopted many of the same methodologies and protocols as other ...
- Q588. Which of the following should occur at each stage of the SDLC?...
- Q589. What type of PII is controlled based on laws and carries legal penalties for noncompliance...
- Q590. Of the following, which is probably the most significant risk in a managed cloud environme...
- Q591. Which of the following is not an example of a highly regulated environment?...
- Q592. Which of the following security measures done at the network layer in a traditional data c...
- Q593. When beginning an audit, both the system owner and the auditors must agree on various aspe...
- Q594. The cloud customer will have the most control of their data and systems, and the cloud pro...
- Q595. Which of the following is a risk associated with manual patching especially in the cloud?...
- Q596. Which of the following would be a reason to undertake a BCDR test?...
- Q597. Which of the following threat types involves an application developer leaving references t...
- Q598. Which component of ITIL involves the creation of an RFC ticket and obtaining official appr...
- Q599. Deviations from the baseline should be investigated and __________________....
- Q600. All of the following are identity federation standards commonly found in use today except ...
- Q601. Which of the following approaches would NOT be considered sufficient to meet the requireme...
- Q602. The management plane is used to administer a cloud environment and perform administrative ...
- Q603. What does the management plane typically utilize to perform administrative functions on th...
- Q604. Your organization is developing software for wide use by the public. You have decided to t...
- Q605. Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and role...
- Q606. All of the following methods can be used to attenuate the harm caused by escalation of pri...
- Q607. What type of security threat is DNSSEC designed to prevent?...
- Q608. Which attribute of data poses the biggest challenge for data discovery?...
- Q609. What strategy involves replacing sensitive data with opaque values, usually with a means o...
- Q610. Which cloud storage type resembles a virtual hard drive and can be utilized in the same ma...
- Q611. Which of the following report is most aligned with financial control audits?...
- Q612. You are the IT director for a small contracting firm. Your company is considering migratin...
- Q613. With finite resources available within a cloud, even the largest cloud providers will at t...
- Q614. What type of masking strategy involves making a separate and distinct copy of data with ma...
- Q615. Your new CISO is placing increased importance and focus on regulatory compliance as your a...
- Q616. The Transport Layer Security (TLS) protocol creates a secure communications channel over p...
- Q617. Identity and access management (IAM) is a security discipline that ensures which of the fo...
- Q618. Which of the following standards primarily pertains to cabling designs and setups in a dat...
- Q619. Which aspect of data poses the biggest challenge to using automated tools for data discove...
- Q620. Deviations from the baseline should be investigated and __________________....
- Q621. What is used for local, physical access to hardware within a data center?...
- Q622. Your new CISO is placing increased importance and focus on regulatory compliance as your a...
- Q623. Which of the following APIs are most commonly used within a cloud environment?...
- Q624. Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to ea...
- Q625. Which of the following threat types involves an application developer leaving references t...
- Q626. Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, ...
- Q627. Which of the following cloud aspects complicates eDiscovery?...
- Q628. What process is used within a clustered system to provide high availability and load balan...
- Q629. What is the main reason virtualization is used in the cloud? Response:...
- Q630. What concept does the A represent within the DREAD model?...
- Q631. Which network protocol is essential for allowing automation and orchestration within a clo...
- Q632. What type of masking would you employ to produce a separate data set for testing purposes ...
- Q633. When using an Infrastructure as a Service (IaaS) solution, what is the capability provided...
- Q634. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...
- Q635. The BC/DR kit should include all of the following except:...
- Q636. ISO/IEC has established international standards for many aspects of computing and any proc...
- Q637. Which of the following roles is responsible for gathering metrics on cloud services and ma...
- Q638. BCDR strategies typically do not involve the entire operations of an organization, but onl...
- Q639. Because PaaS implementations are so often used for software development, what is one of th...
- Q640. Which of the following data sanitation methods would be the MOST effective if you needed t...
- Q641. Many activities within a cloud environment are performed via programmatic means, where com...
- Q642. One of the main components of system audits is the ability to track changes over time and ...
- Q643. Which of the following roles involves the provisioning and delivery of cloud services?...
- Q644. What controls the formatting and security settings of a volume storage system within a clo...
- Q645. For service provisioning and support, what is the ideal amount of interaction between a cl...
- Q646. You are the security manager of a small firm that has just purchased a DLP solution to imp...
- Q647. Data labels could include all the following, except:...
- Q648. All of these are reasons an organization may want to consider cloud migration except: Resp...
- Q649. Which of the following contract terms most incentivizes the cloud provider to meet the req...
- Q650. Which type of testing uses the same strategies and toolsets that hackers would use?...
- Q651. Many activities within a cloud environment are performed via programmatic means, where com...
- Q652. Which of the following is NOT one of the official risk rating categories?...
- Q653. The WS-Security standards are built around all of the following standards except which one...
- Q654. Under EU law, a cloud customer who gives sensitive data to a cloud provider is still legal...
- Q655. Your company operates in a highly competitive market, with extremely high-value data asset...
- Q656. Which of the following are considered to be the building blocks of cloud computing? Respon...
- Q657. What type of data does data rights management (DRM) protect?...
- Q658. In attempting to provide a layered defense, the security practitioner should convince seni...
- Q659. Which of the following would NOT be included as input into the requirements gathering for ...
- Q660. Which of the following is NOT a core component of an SIEM solution?...
- Q661. A main objective for an organization when utilizing cloud services is to avoid vendor lock...
- Q662. Which cloud service category most commonly uses client-side key management systems?...
- Q663. If you're using iSCSI in a cloud environment, what must come from an external protocol or ...
- Q664. You are the security manager for an online retail sales company with 100 employees and a p...
- Q665. At which stage of the BCDR plan creation phase should security be included in discussions?...
- Q666. An SLA contains the official requirements for contract performance and satisfaction betwee...
- Q667. Which of the following does NOT relate to the hiding of sensitive data from data sets?...
- Q668. Within a SaaS environment, what is the responsibility on the part of the cloud customer in...
- Q669. Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports...
- Q670. Key maintenance and security are paramount within a cloud environment due to the widesprea...
- Q671. Which of the following is considered an internal redundancy for a data center?...
- Q672. Which security concept is based on preventing unauthorized access to data while also ensur...
- Q673. Which security concept, if implemented correctly, will protect the data on a system, even ...
- Q674. What type of security threat is DNSSEC designed to prevent?...
- Q675. What is a cloud storage architecture that manages the data in a hierarchy of files?...
- Q676. Your organization has made it a top priority that any cloud environment being considered t...
- Q677. Of the following, which is probably the most significant risk in a managed cloud environme...
- Q678. A firewall can use all of the following techniques for controlling traffic except:...
- Q679. The REST API is a widely used standard for communications of web-based services between cl...
- Q680. What changes are necessary to application code in order to implement DNSSEC?...
- Q681. Which of the following is a valid risk management metric?...
- Q682. Which aspect of cloud computing would make the use of a cloud the most attractive as a BCD...
- Q683. The Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR) program h...
- Q684. Why might an organization choose to comply with the ISO 27001 standard? Response:...
- Q685. What masking strategy involves the replacing of sensitive data at the time it is accessed ...
- Q686. Within a federated identity system, which of the following would you be MOST likely to use...
- Q687. Which of the following concepts refers to a cloud customer paying only for the resources a...
- Q688. Which SSAE 16 audit report is simply an attestation of audit results?...
- Q689. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...
- Q690. The cloud deployment model that features organizational ownership of the hardware and infr...
- Q691. Which security certification serves as a general framework that can be applied to any type...
- Q692. Most APIs will support a variety of different data formats or structures. However, the SOA...
- Q693. Which of the following is a file server that provides data access to multiple, heterogeneo...
- Q694. Which data formats are most commonly used with the REST API?...
- Q695. An audit against the ________ will demonstrate that an organization has adequate security ...
- Q696. Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports...
- Q697. Without the extensive funds of a large corporation, a small-sized company could gain consi...
- Q698. Which of the following tools might be useful in data discovery efforts that are based on c...
- Q699. Which of the following is NOT one of the cloud computing activities, as outlined in ISO/IE...
- Q700. Which of the cloud deployment models offers the easiest initial setup and access for the c...
- Q701. Audits are either done based on the status of a system or application at a specific time o...
- Q702. Which aspect of cloud computing serves as the biggest challenge to using DLP to protect da...
- Q703. Which of the cloud cross-cutting aspects relates to the ability to reuse or move component...
- Q704. For optimal security, trust zones are used for network segmentation and isolation. They al...
- Q705. What can tokenization be used for?
- Q706. Security is a critical yet often overlooked consideration for BCDR planning. At which stag...
- Q707. Although the United States does not have a single, comprehensive privacy and regulatory fr...
- Q708. Which of the following is a management role, versus a technical role, as it pertains to da...
- Q709. What is the concept of isolating an application from the underlying operating system for t...
