[Feb 06, 2023] ISC CCSP Exam Dumps Files, Q239/709: What does the REST API support that SOAP does NOT support?

40%off

CCSP Premium Bundle

Latest CCSP Exam Premium Dumps provide by TrainingDump.com to help you Passing CCSP Exam! TrainingDump.com offers the updated CCSP exam dumps, the TrainingDump.com CCSP exam questions has been updated to correct Answer. Get the latest TrainingDump.com CCSP pdf dumps with Exam Engine here:

(827 Q&As Dumps, 40%OFF Special Discount: DumpsFiles)

Join the discussion

Question 239/709

What does the REST API support that SOAP does NOT support?

A. Caching

B. Encryption

C. Acceleration

D. Redundancy

Add Comments

Other Question (709q): Q1. A DLP solution/implementation has three main components. Which of the following is NOT one...; Q2. Which of the following is NOT one of the official risk rating categories?...; Q3. You are the data manager for a retail company; you anticipate a much higher volume of sale...; Q4. What does the REST API use to protect data transmissions?...; Q5. Which component of ITIL involves planning for the restoration of services after an unexpec...; Q6. Which of the following threat types involves an application that does not validate authori...; Q7. What provides the information to an application to make decisions about the authorization ...; Q8. All of the following are activities that should be performed when capturing and maintainin...; Q9. When a system needs to be exposed to the public Internet, what type of secure system would...; Q10. Your company operates in a highly competitive market, with extremely high-value data asset...; Q11. Which of the following systems is used to employ a variety of different techniques to disc...; Q12. All of the following are activities that should be performed when capturing and maintainin...; Q13. Which ITIL component focuses on ensuring that system resources, processes, and personnel a...; Q14. Which of the following service capabilities gives the cloud customer the most control over...; Q15. What type of storage structure does object storage employ to maintain files?...; Q16. Which of the following is considered an external redundancy for a data center?...; Q17. Which is the lowest level of the CSA STAR program?...; Q18. Which of the following is not a factor an organization might use in the cost-benefit analy...; Q19. Which data state would be most likely to use TLS as a protection mechanism?...; Q20. What concept does the D represent within the STRIDE threat model?...; Q21. Which of the following in a federated environment is responsible for consuming authenticat...; Q22. What concept does the "T" represent in the STRIDE threat model?...; Q23. What are the two protocols that TLS uses?; Q24. You are the security manager for a software development firm. Your company is interested i...; Q25. Your IT steering committee has, at a high level, approved your project to begin using clou...; Q26. Which cloud storage type is typically used to house virtual machine images that are used t...; Q27. What is the federal agency that accepts applications for new patents?...; Q28. What does dynamic application security testing (DAST) NOT entail?...; Q29. What type of masking would you employ to produce a separate data set for testing purposes ...; Q30. Gathering business requirements can aid the organization in determining all of this inform...; Q31. BCDR strategies typically do not involve the entire operations of an organization, but onl...; Q32. Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to ea...; Q33. Which of the following concepts is NOT one of the core components to an encryption system ...; Q34. Different security testing methodologies offer different strategies and approaches to test...; Q35. Managed cloud services exist because the service is less expensive for each customer than ...; Q36. What is a standard configuration and policy set that is applied to systems and virtual mac...; Q37. Which of the cloud deployment models offers the most control and input to the cloud custom...; Q38. Which value refers to the amount of time it takes to recover operations in a BCDR situatio...; Q39. IRM solutions allow an organization to place different restrictions on data usage than wou...; Q40. Which aspect of cloud computing pertains to cloud customers only paying for the resources ...; Q41. Which of the following is the concept of segregating information or processes, within the ...; Q42. Which of the following is considered a technological control?...; Q43. Which of the following is NOT an application or utility to apply and enforce baselines on ...; Q44. Which aspect of cloud computing will be most negatively impacted by vendor lock-in?...; Q45. Which crucial aspect of cloud computing can be most threatened by insecure APIs?...; Q46. What is the primary reason that makes resolving jurisdictional conflicts complicated?...; Q47. Which of the following threat types involves an application that does not validate authori...; Q48. Many of the traditional concepts of systems and services for a traditional data center als...; Q49. A user signs on to a cloud-based social media platform. In another browser tab, the user f...; Q50. Which one of the following threat types to applications and services involves the sending ...; Q51. Which of the following methods of addressing risk is most associated with insurance? Respo...; Q52. Each of the following is an element of the Identification phase of the identity and access...; Q53. Although encryption can help an organization to effectively decrease the possibility of da...; Q54. Data labels could include all the following, except:...; Q55. With a federated identity system, what does the identity provider send information to afte...; Q56. What is the best source for information about securing a physical asset's BIOS?...; Q57. Which of the following is the best and only completely secure method of data destruction?...; Q58. With finite resources available within a cloud, even the largest cloud providers will at t...; Q59. Which European Union directive pertains to personal data privacy and an individual's contr...; Q60. Which of the following storage types are used with an Infrastructure as a Service (IaaS) s...; Q61. What aspect of data center planning occurs first? Response:...; Q62. Which cloud deployment model would be ideal for a group of universities looking to work to...; Q63. Which component of ITIL pertains to planning, coordinating, executing, and validating chan...; Q64. Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP...; Q65. Which of the following is the sole responsibility of the cloud provider, regardless of whi...; Q66. As a result of scandals involving publicly traded corporations such as Enron, WorldCom, an...; Q67. Your company has just been served with an eDiscovery order to collect event data and other...; Q68. What concept does the "T" represent in the STRIDE threat model?...; Q69. Which of the following is a widely used tool for code development, branching, and collabor...; Q70. With the rapid emergence of cloud computing, very few regulations were in place that perta...; Q71. Which value refers to the percentage of production level restoration needed to meet BCDR o...; Q72. Firewalls are used to provide network security throughout an enterprise and to control wha...; Q73. Which security concept would business continuity and disaster recovery fall under?...; Q74. Which of the following best describes SAML?; Q75. What is the experimental technology that might lead to the possibility of processing encry...; Q76. Which of the following storage types is most closely associated with a traditional file sy...; Q77. The tasks performed by the hypervisor in the virtual environment can most be likened to th...; Q78. Which of the following is NOT a factor that is part of a firewall configuration?...; Q79. With software-defined networking, what aspect of networking is abstracted from the forward...; Q80. Which data sanitation method is also commonly referred to as "zeroing"?...; Q81. Which of the following systems is used to employ a variety of different techniques to disc...; Q82. Which of the following can be useful for protecting cloud customers from a denial-of-servi...; Q83. What concept does the "A" represent in the DREAD model?...; Q84. A honeypot can be used for all the following purposes except ____________....; Q85. Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, ...; Q86. Although the United States does not have a single, comprehensive privacy and regulatory fr...; Q87. Which of the following might make crypto-shredding difficult or useless? Response:...; Q88. A virtual network interface card (NIC) exists at layer __________ of the OSI model. Respon...; Q89. What is a serious complication an organization faces from the perspective of compliance wi...; Q90. Which of the following characteristics is associated with digital rights management (DRM) ...; Q91. Penetration testing is a(n) __________ form of security assessment....; Q92. A UPS should have enough power to last how long?...; Q93. Just like the risk management process, the BCDR planning process has a defined sequence of...; Q94. Which aspect of security is DNSSEC designed to ensure?...; Q95. For performance purposes, OS monitoring should include all of the following except:...; Q96. Which of the following aspects of cloud computing would make it more likely that a cloud p...; Q97. Firewalls are used to provide network security throughout an enterprise and to control wha...; Q98. Which of the following threat types can occur when an application does not properly valida...; Q99. What is the best source for information about securing a physical asset's BIOS?...; Q100. Which aspect of cloud computing would make the use of a cloud the most attractive as a BCD...; Q101. All the following are data analytics modes, except:...; Q102. SOC Type 1 reports are considered "restricted use," in that they are intended only for lim...; Q103. A honeypot can be used for all the following purposes except ____________. Response:...; Q104. Resolving resource contentions in the cloud will most likely be the job of the ___________...; Q105. The cloud deployment model that features joint ownership of assets among an affinity group...; Q106. Which of the following best describes a sandbox?...; Q107. Although host-based and network-based IDSs perform similar functions and have similar capa...; Q108. What are the U.S. State Department controls on technology exports known as?...; Q109. What strategy involves replacing sensitive data with opaque values, usually with a means o...; Q110. Which of the following roles is responsible for peering with other cloud services and prov...; Q111. In order to comply with regulatory requirements, which of the following secure erasure met...; Q112. During the assessment phase of a risk evaluation, what are the two types of tests that are...; Q113. Which United States law is focused on accounting and financial practices of organizations?...; Q114. The BCDR plan/process should be written and documented in such a way that it can be used b...; Q115. DAST checks software functionality in ____________....; Q116. Maintenance mode requires all of these actions except:...; Q117. Which is the lowest level of the CSA STAR program?...; Q118. A web application firewall (WAF) can understand and act on ________ traffic. Response:...; Q119. Which of the following roles involves overseeing billing, purchasing, and requesting audit...; Q120. Which aspect of cloud computing serves as the biggest challenge to using DLP to protect da...; Q121. Which attribute of data poses the biggest challenge for data discovery?...; Q122. A UPS should have enough power to last how long?...; Q123. One of the main components of system audits is the ability to track changes over time and ...; Q124. Which of the following is not included in the OWASP Top Ten web application security threa...; Q125. What type of storage structure does object storage employ to maintain files?...; Q126. The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats ...; Q127. Who will determine data classifications for the cloud customer?...; Q128. You are the security manager for an online retail sales company with 100 employees and a p...; Q129. Federation should be __________ to the users.; Q130. Many of the traditional concepts of systems and services for a traditional data center als...; Q131. According to the (ISC)2 Cloud Secure Data Life Cycle, which phase comes soon after (or at ...; Q132. When a system needs to be exposed to the public Internet, what type of secure system would...; Q133. Which of the following represents a minimum guaranteed resource within a cloud environment...; Q134. Which of the following concepts is NOT one of the core components to an encryption system ...; Q135. The European Union passed the first major regulation declaring data privacy to be a human ...; Q136. Which of the following is NOT an application or utility to apply and enforce baselines on ...; Q137. Although the United States does not have a single, comprehensive privacy and regulatory fr...; Q138. Which European Union directive pertains to personal data privacy and an individual's contr...; Q139. Log data should be protected ____________. Response:...; Q140. You are working for a cloud service provider and receive an eDiscovery order pertaining to...; Q141. Which of the following methods of addressing risk is most associated with insurance?...; Q142. Audits are either done based on the status of a system or application at a specific time o...; Q143. Modern web service systems are designed for high availability and resiliency. Which concep...; Q144. Which type of software is most likely to be reviewed by the most personnel, with the most ...; Q145. A poorly negotiated cloud service contract could result in all the following detrimental e...; Q146. Which of the following roles is responsible for peering with other cloud services and prov...; Q147. All of the following are terms used to described the practice of obscuring original raw da...; Q148. Which of the following actions will NOT make data part of the create phase of the cloud da...; Q149. DLP can be combined with what other security technology to enhance data controls?...; Q150. Which of the following roles involves the connection and integration of existing systems a...; Q151. Which of the following types of organizations is most likely to make use of open source so...; Q152. Which of the following statements about Type 1 hypervisors is true?...; Q153. Which of the following is NOT a commonly used communications method within cloud environme...; Q154. Which of the following is a possible negative aspect of bit-splitting?...; Q155. In order to comply with regulatory requirements, which of the following secure erasure met...; Q156. What type of masking strategy involves replacing data on a system while it passes between ...; Q157. Which of the following best describes a cloud carrier?...; Q158. A cloud provider is looking to provide a higher level of assurance to current and potentia...; Q159. Along with humidity, temperature is crucial to a data center for optimal operations and pr...; Q160. From the perspective of compliance, what is the most important consideration when it comes...; Q161. Which of the following is a commonly used tool for maintaining system configurations?...; Q162. Which of the cloud deployment models requires the cloud customer to be part of a specific ...; Q163. You were recently hired as a project manager at a major university to implement cloud serv...; Q164. Which of the following are distinguishing characteristics of a managed service provider?...; Q165. The application normative framework is best described as which of the following?...; Q166. The tasks performed by the hypervisor in the virtual environment can most be likened to th...; Q167. Which of the following report is most aligned with financial control audits?...; Q168. With a federated identity system, where would a user perform their authentication when req...; Q169. Tokenization requires two distinct _________________ ....; Q170. Which of the following is NOT something that an HIDS will monitor?...; Q171. The SOC Type 2 reports are divided into five principles. Which of the five principles must...; Q172. Which of the following is a widely used tool for code development, branching, and collabor...; Q173. Which security certification serves as a general framework that can be applied to any type...; Q174. If a company needed to guarantee through contract and SLAs that a cloud provider would alw...; Q175. What type of security threat is DNSSEC designed to prevent?...; Q176. Which value refers to the amount of data an organization would need to recover in the even...; Q177. Which of the following is a method for apportioning resources that involves setting maximu...; Q178. Clustered systems can be used to ensure high availability and load balancing across indivi...; Q179. Your boss has tasked your team with getting your legacy systems and applications connected...; Q180. Which of the following are attributes of cloud computing?...; Q181. What type of host is exposed to the public Internet for a specific reason and hardened to ...; Q182. Humidity levels for a data center are a prime concern for maintaining electrical and compu...; Q183. In a federated identity arrangement using a trusted third-party model, who is the identity...; Q184. What controls the formatting and security settings of a volume storage system within a clo...; Q185. Which of the following aspects of cloud computing would make it more likely that a cloud p...; Q186. You are the security policy lead for your organization, which is considering migrating fro...; Q187. Which of the following security technologies is commonly used to give administrators acces...; Q188. Your IT steering committee has, at a high level, approved your project to begin using clou...; Q189. What is the best approach for dealing with services or utilities that are installed on a s...; Q190. You are the security subject matter expert (SME) for an organization considering a transit...; Q191. Which of the following is essential for getting full security value from your system basel...; Q192. Which of the following concepts refers to a cloud customer paying only for the resources a...; Q193. Patches do all the following except ____________. Response:...; Q194. What is the biggest negative to leasing space in a data center versus building or maintain...; Q195. Which of the following is NOT one of the main intended goals of a DLP solution?...; Q196. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats t...; Q197. What is the cloud service model in which the customer is responsible for administration of...; Q198. When reviewing the BIA after a cloud migration, the organization should take into account ...; Q199. Which of the following roles involves the connection and integration of existing systems a...; Q200. Before deploying a specific brand of virtualization toolset, it is important to configure ...; Q201. Which of the following service categories entails the least amount of support needed on th...; Q202. Which of the following threat types can occur when baselines are not appropriately applied...; Q203. What is the data encapsulation used with the SOAP protocol referred to?...; Q204. What are SOCI/SOCII/SOCIII?; Q205. Software-defined networking (SDN) is intended to separate different network capabilities a...; Q206. Which of the following is a method for apportioning resources that involves setting guaran...; Q207. When using a PaaS solution, what is the capability provided to the customer?...; Q208. You are working for a cloud service provider and receive an eDiscovery order pertaining to...; Q209. Which of the following is not an enforceable governmental request? Response:...; Q210. What is the biggest challenge to data discovery in a cloud environment?...; Q211. On large distributed systems with pooled resources, cloud computing relies on extensive or...; Q212. What sort of legal enforcement may the Payment Card Industry (PCI) Security Standards Coun...; Q213. Countermeasures for protecting cloud operations against external attackers include all of ...; Q214. What type of masking strategy involves making a separate and distinct copy of data with ma...; Q215. What category of PII data can carry potential fines or even criminal charges for its impro...; Q216. Which of the following is NOT a major regulatory framework?...; Q217. Which jurisdiction lacks specific and comprehensive privacy laws at a national or top leve...; Q218. All of the following are activities that should be performed when capturing and maintainin...; Q219. Which ITIL component focuses on ensuring that system resources, processes, and personnel a...; Q220. Which of the following does NOT relate to the hiding of sensitive data from data sets?...; Q221. Which type of software is most likely to be reviewed by the most personnel, with the most ...; Q222. Which of the following is the recommended operating range for temperature and humidity in ...; Q223. Which of the following in a federated environment is responsible for consuming authenticat...; Q224. The Brewer-Nash security model is also known as which of the following? Response:...; Q225. Which of the following publishes the most commonly used standard for data center design in...; Q226. You are a consultant performing an external security review on a large manufacturing firm....; Q227. Which value refers to the amount of time it takes to recover operations in a BCDR situatio...; Q228. Proper implementation of DLP solutions for successful function requires which of the follo...; Q229. Every cloud service provider that opts to join the CSA STAR program registry must complete...; Q230. A cloud provider is looking to provide a higher level of assurance to current and potentia...; Q231. An audit scope statement defines the limits and outcomes from an audit. Which of the follo...; Q232. What are the four cloud deployment models? Response:...; Q233. Which strategy involves using a fake production system to lure attackers in order to learn...; Q234. Which protocol operates at the network layer and provides for full point-to-point encrypti...; Q235. Within a SaaS environment, what is the responsibility on the part of the cloud customer in...; Q236. When a system needs to be exposed to the public Internet, what type of secure system would...; Q237. Which data state would be most likely to use digital signatures as a security protection m...; Q238. Which of the following aspects of security is solely the responsibility of the cloud provi...; Q239. What does the REST API support that SOAP does NOT support?...; Q240. Which aspect of SaaS will alleviate much of the time and energy organizations spend on com...; Q241. Many tools and technologies are available for securing or monitoring data in transit withi...; Q242. Which of the following is the sole responsibility of the cloud customer, regardless of whi...; Q243. Which of the following service capabilities gives the cloud customer the least amount of c...; Q244. In the cloud motif, the data owner is usually:...; Q245. Limits for resource utilization can be set at different levels within a cloud environment ...; Q246. Which ITIL component is an ongoing, iterative process of tracking all deployed and configu...; Q247. Which component of ITIL pertains to planning, coordinating, executing, and validating chan...; Q248. Digital investigations have adopted many of the same methodologies and protocols as other ...; Q249. Which of the following are the storage types associated with IaaS?...; Q250. Which component of ITIL involves the creation of an RFC ticket and obtaining official appr...; Q251. What is the intellectual property protection for a confidential recipe for muffins?...; Q252. Which of the following is the biggest concern or challenge with using encryption?...; Q253. A crucial decision any company must make is in regard to where it hosts the data systems i...; Q254. Which of the following types of data would fall under data rights management (DRM) rather ...; Q255. Which of the following is not a component of contractual PII?...; Q256. Cloud environments pose many unique challenges for a data custodian to properly adhere to ...; Q257. Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and role...; Q258. The REST API is a widely used standard for communications of web-based services between cl...; Q259. What is the most secure form of code testing and review?...; Q260. Which of the following is not a way to manage risk?...; Q261. Which of the following are the storage types associated with PaaS?...; Q262. Which of the following is an example of useful and sufficient data masking of the string "...; Q263. In a cloud environment, encryption should be used for all the following, except:...; Q264. Which of the cloud deployment models involves spanning multiple cloud environments or a mi...; Q265. Which one of the following is not one of the three common threat modeling techniques? Resp...; Q266. Which of the following terms is NOT a commonly used category of risk acceptance?...; Q267. Which of the following is NOT one of the cloud computing activities, as outlined in ISO/IE...; Q268. Which of the following jurisdictions lacks a comprehensive national policy on data privacy...; Q269. When using a SaaS solution, what is the capability provided to the customer?...; Q270. Which of the following is a widely used tool for code development, branching, and collabor...; Q271. Which type of testing tends to produce the best and most comprehensive results for discove...; Q272. Countermeasures for protecting cloud operations against internal threats include all of th...; Q273. Which of the following are not examples of personnel controls? Response:...; Q274. What strategy involves hiding data in a data set to prevent someone from identifying speci...; Q275. Which of the following tasks within a SaaS environment would NOT be something the cloud cu...; Q276. Log data should be protected ____________.; Q277. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...; Q278. A variety of security systems can be integrated within a network--some that just monitor f...; Q279. How is an object stored within an object storage system?...; Q280. Although much of the attention given to data security is focused on keeping data private a...; Q281. Audits are either done based on the status of a system or application at a specific time o...; Q282. Audits are either done based on the status of a system or application at a specific time o...; Q283. Which of the following is the primary purpose of an SOC 3 report?...; Q284. Maintenance mode requires all of these actions except:...; Q285. In which cloud service model is the customer required to maintain the OS?...; Q286. What principle must always been included with an SOC 2 report? Response:...; Q287. Which regulatory system pertains to the protection of healthcare data?...; Q288. Which value refers to the amount of data an organization would need to recover in the even...; Q289. What is the most secure form of code testing and review? Response:...; Q290. Cloud vendors are held to contractual obligations with specified metrics by: Response:...; Q291. In addition to whatever audit results the provider shares with the customer, what other me...; Q292. The SOC Type 2 reports are divided into five principles. Which of the five principles must...; Q293. Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP...; Q294. You are a consultant performing an external security review on a large manufacturing firm....; Q295. Which of the following is not typically included in the list of critical assets specified ...; Q296. When an organization is considering a cloud environment for hosting BCDR solutions, which ...; Q297. Which of the following are considered to be the building blocks of cloud computing?...; Q298. You are in charge of creating the BCDR plan and procedures for your organization. Your org...; Q299. Which of the following roles would be responsible for managing memberships in federations ...; Q300. Best practices for key management include all of the following, except:...; Q301. Different types of audits are intended for different audiences, such as internal, external...; Q302. Which audit type has been largely replaced by newer approaches since 2011?...; Q303. Which aspect of SaaS will alleviate much of the time and energy organizations spend on com...; Q304. Which phase of the cloud data lifecycle involves processing by a user or application?...; Q305. Jurisdictions have a broad range of privacy requirements pertaining to the handling of per...; Q306. Which of these characteristics of a virtualized network adds risks to the cloud environmen...; Q307. In the wake of many scandals with major corporations involving fraud and the deception of ...; Q308. A data custodian is responsible for which of the following?...; Q309. With an application hosted in a cloud environment, who could be the recipient of an eDisco...; Q310. A main objective for an organization when utilizing cloud services is to avoid vendor lock...; Q311. Humidity levels for a data center are a prime concern for maintaining electrical and compu...; Q312. Who would be responsible for implementing IPsec to secure communications for an applicatio...; Q313. Which of the following threat types can occur when baselines are not appropriately applied...; Q314. Which of the following attempts to establish an international standard for eDiscovery proc...; Q315. Which of the following would probably best aid an organization in deciding whether to migr...; Q316. Which concept BEST describes the capability for a cloud environment to automatically scale...; Q317. Which United States law is focused on data related to health records and privacy?...; Q318. When an API is being leveraged, it will encapsulate its data for transmission back to the ...; Q319. What concept and operational process must be spelled out clearly, as far as roles and resp...; Q320. Which of the following would NOT be considered part of resource pooling with an Infrastruc...; Q321. Hardening the operating system refers to all of the following except:...; Q322. The ISO/IEC 27001:2013 security standard contains 14 different domains that cover virtuall...; Q323. Which of the following is not a way to manage risk?...; Q324. Designers making applications for the cloud have to take into consideration risks and oper...; Q325. The Cloud Security Alliance's (CSA's) Cloud Controls Matrix (CCM) addresses all the follow...; Q326. You need to gain approval to begin moving your company's data and systems into a cloud env...; Q327. In order to ensure ongoing compliance with regulatory requirements, which phase of the clo...; Q328. Dynamic application security testing (DAST) is usually considered a ________ form of testi...; Q329. Which ITIL component is focused on anticipating predictable problems and ensuring that con...; Q330. Which of the following threat types involves the sending of untrusted data to a user's bro...; Q331. What is the only data format permitted with the SOAP API?...; Q332. DLP solutions can aid all of the following security-related efforts except ____________. R...; Q333. Anonymization is the process of removing from data sets. Response:...; Q334. Which of the following storage types is most closely associated with a traditional file sy...; Q335. What is the term that describes the situation when a malicious user/attacker can exit the ...; Q336. BCDR strategies typically do not involve the entire operations of an organization, but onl...; Q337. A DLP solution/implementation has three main components. Which of the following is NOT one...; Q338. Fiber-optic lines are considered part of layer __________ of the OSI model. Response:...; Q339. Which of the following is the least challenging with regard to eDiscovery in the cloud?...; Q340. What is the best approach for dealing with services or utilities that are installed on a s...; Q341. What type of storage structure does object storage employ to maintain files?...; Q342. Modern web service systems are designed for high availability and resiliency. Which concep...; Q343. When a user accesses a system, what process determines the roles and privileges that user ...; Q344. You are the security director for a chain of automotive repair centers across several stat...; Q345. You are the security manager of a small firm that has just purchased a DLP solution to imp...; Q346. Which of the following best describes the purpose and scope of ISO/IEC 27034-1?...; Q347. The SOC Type 2 reports are divided into five principles. Which of the five principles must...; Q348. The most pragmatic option for data disposal in the cloud is which of the following?...; Q349. Where is a DLP solution generally installed when utilized for monitoring data in use?...; Q350. What are the U.S. State Department controls on technology exports known as?...; Q351. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...; Q352. You work for a government research facility. Your organization often shares data with othe...; Q353. If a company needed to guarantee through contract and SLAs that a cloud provider would alw...; Q354. When an organization implements an SIEM solution and begins aggregating event data, the co...; Q355. What type of PII is regulated based on the type of application or per the conditions of th...; Q356. A variety of security systems can be integrated within a network--some that just monitor f...; Q357. You are the security manager for a company that is considering cloud migration to an IaaS ...; Q358. What is one of the reasons a baseline might be changed?...; Q359. Which of the following pertains to a macro level approach to data center design rather tha...; Q360. Which of the following statements best describes a Type 1 hypervisor?...; Q361. With a cloud service category where the cloud customer is responsible for deploying all se...; Q362. All policies within the organization should include a section that includes all of the fol...; Q363. Which of the following is NOT one of the cloud computing activities, as outlined in ISO/IE...; Q364. Without the extensive funds of a large corporation, a small-sized company could gain consi...; Q365. What is an often overlooked concept that is essential to protecting the confidentiality of...; Q366. Which of the following is not typically included in the list of critical assets specified ...; Q367. Which of the following is NOT a function performed by the handshake protocol of TLS?...; Q368. All of the following are activities that should be performed when capturing and maintainin...; Q369. Which type of testing uses the same strategies and toolsets that hackers would use?...; Q370. When an organization is considering a cloud environment for hosting BCDR solutions, which ...; Q371. Within a SaaS environment, what is the responsibility on the part of the cloud customer in...; Q372. The management plane is used to administer a cloud environment and perform administrative ...; Q373. What is a form of cloud storage where data is stored as objects, arranged in a hierarchal ...; Q374. Which of the following cloud aspects complicates eDiscovery?...; Q375. Which of the following statements accurately describes VLANs?...; Q376. Which of the following is characterized by a set maximum capacity?...; Q377. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...; Q378. Which type of testing uses the same strategies and toolsets that hackers would use?...; Q379. Which of the following actions will NOT make data part of the create phase of the cloud da...; Q380. You are the security policy lead for your organization, which is considering migrating fro...; Q381. Which of the following actions will NOT make data part of the "create" phase of the cloud ...; Q382. Which technique involves replacing values within a specific data field to protect sensitiv...; Q383. There are two general types of smoke detectors. Which type uses a small portion of radioac...; Q384. Which of the following roles is responsible for obtaining new customers and securing contr...; Q385. Which of the following is NOT a component of access control?...; Q386. Digital investigations have adopted many of the same methodologies and protocols as other ...; Q387. Which aspect of security is DNSSEC designed to ensure?...; Q388. Which of the following roles is responsible for overseeing customer relationships and the ...; Q389. Your organization is considering a move to a cloud environment and is looking for certific...; Q390. Which of the following is not typically included as a basic phase of the software developm...; Q391. Most APIs will support a variety of different data formats or structures. However, the SOA...; Q392. Which of the following is not one of the types of controls?...; Q393. Which of the following is a possible negative aspect of bit-splitting? Response:...; Q394. Which of the following concepts is NOT one of the core components to an encryption system ...; Q395. Which of the following standards primarily pertains to cabling designs and setups in a dat...; Q396. What does static application security testing (SAST) offer as a tool to the testers?...; Q397. Which of the following BCDR testing methodologies is least intrusive? Response:...; Q398. Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP...; Q399. Which of the following storage types is most closely associated with a database-type stora...; Q400. Other than cost savings realized due to measured service, what is another facet of cloud c...; Q401. What are the U.S. Commerce Department controls on technology exports known as?...; Q402. Which OSI layer does IPsec operate at?; Q403. Which security concept is based on preventing unauthorized access to data while also ensur...; Q404. Implementing baselines on systems would take an enormous amount of time and resources if t...; Q405. Which of the following is not a risk management framework?...; Q406. Which of the following service capabilities gives the cloud customer the most control over...; Q407. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...; Q408. Which of the following involves assigning an opaque value to sensitive data fields to prot...; Q409. Just like the risk management process, the BCDR planning process has a defined sequence of...; Q410. Which protocol does the REST API depend on?; Q411. Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, ...; Q412. The use of which of the following technologies will NOT require the security dependency of...; Q413. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats t...; Q414. Resolving resource contentions in the cloud will most likely be the job of the ___________...; Q415. DRM solutions should generally include all the following functions, except:...; Q416. In order to prevent cloud customers from potentially consuming enormous amounts of resourc...; Q417. Which of the following technologies is used to monitor network traffic and notify if any p...; Q418. Which of the following roles is responsible for gathering metrics on cloud services and ma...; Q419. Three central concepts define what type of data and information an organization is respons...; Q420. What can tokenization be used for? Response:; Q421. Which kind of SSAE audit reviews controls dealing with the organization's controls for ass...; Q422. A virtual network interface card (NIC) exists at layer __________ of the OSI model....; Q423. Which of the following does NOT fall under the "IT" aspect of quality of service (QoS)?...; Q424. Data masking can be used to provide all of the following functionality, except:...; Q425. Firewalls can detect attack traffic by using all these methods except ____________....; Q426. Which of the following involves assigning an opaque value to sensitive data fields to prot...; Q427. Which of the following is a restriction that can be enforced by information rights managem...; Q428. According to OWASP recommendations, active software security testing should include all of...; Q429. Apart from using encryption at the file system level, what technology is the most widely u...; Q430. What aspect of data center planning occurs first?...; Q431. Which cloud service category would be most ideal for a cloud customer that is developing s...; Q432. A cloud data encryption situation where the cloud customer retains control of the encrypti...; Q433. What concept does the "D" represent with the STRIDE threat model?...; Q434. Which of the following provides assurance, to a predetermined acceptable level of certaint...; Q435. Which of the following is NOT a key area for performance monitoring as far as an SLA is co...; Q436. What strategy involves hiding data in a data set to prevent someone from identifying speci...; Q437. Which of the following would NOT be used to determine the classification of data? Response...; Q438. You are the security manager for a software development firm. Your company is interested i...; Q439. Different types of cloud deployment models use different types of storage from traditional...; Q440. Which type of controls are the SOC Type 1 reports specifically focused on?...; Q441. Which of the following provides assurance, to a predetermined acceptable level of certaint...; Q442. What does a cloud customer purchase or obtain from a cloud provider?...; Q443. What is the biggest concern with hosting a key management system outside of the cloud envi...; Q444. What are the objectives of change management? (Choose all that apply.) Response:...; Q445. DLP can be combined with what other security technology to enhance data controls?...; Q446. Many activities within a cloud environment are performed via programmatic means, where com...; Q447. Which approach is typically the most efficient method to use for data discovery?...; Q448. Which United States law is focused on PII as it relates to the financial industry?...; Q449. Which of the following data protection methodologies maintains the ability to connect back...; Q450. Within a federated identity system, which of the following would you be MOST likely to use...; Q451. DNSSEC was designed to add a layer of security to the DNS protocol. Which type of attack w...; Q452. Which phase of the cloud data lifecycle represents the first instance where security contr...; Q453. What must SOAP rely on for security since it does not provide security as a built-in capab...; Q454. Static software security testing typically uses __________ as a measure of how thorough th...; Q455. For performance purposes, OS monitoring should include all of the following except:...; Q456. Which of the following is NOT a focus or consideration of an internal audit?...; Q457. You are the security manager of a small firm that has just purchased a DLP solution to imp...; Q458. Which of the following roles is responsible for preparing systems for the cloud, administe...; Q459. Which of the following threat types involves an application developer leaving references t...; Q460. The different cloud service models have varying levels of responsibilities for functions a...; Q461. What type of masking would you employ to produce a separate data set for testing purposes ...; Q462. Within an Infrastructure as a Service model, which of the following would NOT be a measure...; Q463. Which of the following roles involves testing, monitoring, and securing cloud services for...; Q464. Although the REST API supports a wide variety of data formats for communications and excha...; Q465. There is a large gap between the privacy laws of the United States and those of the Europe...; Q466. In which cloud service model is the customer required to maintain the OS?...; Q467. Using one cloud provider for your operational environment and another for your BCDR backup...; Q468. Which of the following security measures done at the network layer in a traditional data c...; Q469. Which component of ITIL involves handling anything that can impact services for either int...; Q470. Which of the following roles involves the provisioning and delivery of cloud services?...; Q471. Security best practices in a virtualized network environment would include which of the fo...; Q472. Which format is the most commonly used standard for exchanging information within a federa...; Q473. One of the main components of system audits is the ability to track changes over time and ...; Q474. Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hyper...; Q475. Which of the following is a valid risk management metric?...; Q476. Which of the following threat types can occur when baselines are not appropriately applied...; Q477. As part of the auditing process, getting a report on the deviations between intended confi...; Q478. Because of multitenancy, specific risks in the public cloud that don't exist in the other ...; Q479. What does the REST API support that SOAP does NOT support?...; Q480. When an API is being leveraged, it will encapsulate its data for transmission back to the ...; Q481. Identity and access management (IAM) is a security discipline that ensures which of the fo...; Q482. What type of PII is regulated based on the type of application or per the conditions of th...; Q483. Virtual machine (VM) configuration management (CM) tools should probably include _________...; Q484. Which of the following is the least challenging with regard to eDiscovery in the cloud?...; Q485. Which of the following is the optimal humidity level for a data center, per the guidelines...; Q486. To protect data on user devices in a BYOD environment, the organization should consider re...; Q487. You have been tasked with creating an audit scope statement and are making your project ou...; Q488. Which of the following is NOT a criterion for data within the scope of eDiscovery?...; Q489. Which of the following is perhaps the best method for reducing the risk of a specific appl...; Q490. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...; Q491. You are the security manager for a small application development company. Your company is ...; Q492. Which kind of SSAE audit reviews controls dealing with the organization's controls for ass...; Q493. Which if the following is NOT one of the three components of a federated identity system t...; Q494. Which of the following roles is responsible for creating cloud components and the testing ...; Q495. Many different common threats exist against web-exposed services and applications. One att...; Q496. Apart from using encryption at the file system level, what technology is the most widely u...; Q497. What does a cloud customer purchase or obtain from a cloud provider?...; Q498. Which United States program was designed to enable organizations to bridge the gap between...; Q499. What is the biggest negative to leasing space in a data center versus building or maintain...; Q500. Many aspects and features of cloud computing can make eDiscovery compliance more difficult...; Q501. Which cloud service category offers the most customization options and control to the clou...; Q502. Which publication from the United States National Institute of Standards and Technology pe...; Q503. Single sign-on systems work by authenticating users from a centralized location or using a...; Q504. The Transport Layer Security (TLS) protocol creates a secure communications channel over p...; Q505. Which aspect of archiving must be tested regularly for the duration of retention requireme...; Q506. The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats ...; Q507. Which of the following threat types can occur when baselines are not appropriately applied...; Q508. Which of the following is NOT one of the components of multifactor authentication?...; Q509. With the rapid emergence of cloud computing, very few regulations were in place that perta...; Q510. Which United States law is focused on PII as it relates to the financial industry?...; Q511. You are the data manager for a retail company; you anticipate a much higher volume of sale...; Q512. Many tools and technologies are available for securing or monitoring data in transit withi...; Q513. When an organization is considering the use of cloud services for BCDR planning and soluti...; Q514. When using an IaaS solution, what is the capability provided to the customer?...; Q515. Static software security testing typically uses __________ as a measure of how thorough th...; Q516. Which is the appropriate phase of the cloud data lifecycle for determining the data's clas...; Q517. Your boss has tasked your team with getting your legacy systems and applications connected...; Q518. All the following are data analytics modes, except:...; Q519. Which of the cloud deployment models involves spanning multiple cloud environments or a mi...; Q520. Which attribute of data poses the biggest challenge for data discovery?...; Q521. Which cloud service category most commonly uses client-side key management systems?...; Q522. Egress monitoring solutions usually include a function that ____________. Response:...; Q523. The physical layout of a cloud data center campus should include redundancies of all the f...; Q524. Which of the following service capabilities gives the cloud customer an established and ma...; Q525. Which aspect of cloud computing makes data classification even more vital than in a tradit...; Q526. An audit scope statement defines the limits and outcomes from an audit. Which of the follo...; Q527. Every cloud service provider that opts to join the CSA STAR program registry must complete...; Q528. Why does the physical location of your data backup and/or BCDR failover environment matter...; Q529. Which type of testing tends to produce the best and most comprehensive results for discove...; Q530. What is the first stage of the cloud data lifecycle where security controls can be impleme...; Q531. Which of the following may unilaterally deem a cloud hosting model inappropriate for a sys...; Q532. Your organization is considering a move to a cloud environment and is looking for certific...; Q533. Configurations and policies for a system can come from a variety of sources and take a var...; Q534. Humidity levels for a data center are a prime concern for maintaining electrical and compu...; Q535. Countermeasures for protecting cloud operations against internal threats include all of th...; Q536. Using one cloud provider for your operational environment and another for your BCDR backup...; Q537. All policies within the organization should include a section that includes all of the fol...; Q538. What concept does the "A" represent in the DREAD model?...; Q539. Which of the following data-sanitation approaches are always available within a cloud envi...; Q540. In the cloud motif, the data owner is usually:...; Q541. Which of the following is NOT a function performed by the handshake protocol of TLS?...; Q542. Which cloud storage type uses an opaque value or descriptor to categorize and organize dat...; Q543. Tokenization requires two distinct _________________ ....; Q544. What is the biggest negative to leasing space in a data center versus building or maintain...; Q545. What does a cloud customer purchase or obtain from a cloud provider?...; Q546. Which United States law is focused on data related to health records and privacy?...; Q547. A crucial decision any company must make is in regard to where it hosts the data systems i...; Q548. What are third-party providers of IAM functions for the cloud environment?...; Q549. From a security perspective, what component of a cloud computing infrastructure represents...; Q550. Which of the following is considered an internal redundancy for a data center?...; Q551. Just like the risk management process, the BCDR planning process has a defined sequence of...; Q552. Legal controls refer to which of the following?...; Q553. If a company needed to guarantee through contract and SLAs that a cloud provider would alw...; Q554. Which cloud service category would be most ideal for a cloud customer that is developing s...; Q555. Which cloud deployment model is MOST likely to offer free or very cheap services to users?...; Q556. Although performing BCDR tests at regular intervals is a best practice to ensure processes...; Q557. All of the following entitles are required to use FedRAMP-accredited Cloud Service Provide...; Q558. Whereas a contract articulates overall priorities and requirements for a business relation...; Q559. Which audit type has been largely replaced by newer approaches since 2011?...; Q560. Which of the following contract terms most incentivizes the cloud provider to meet the req...; Q561. Which data sanitation method is also commonly referred to as "zeroing"?...; Q562. Why does the physical location of your data backup and/or BCDR failover environment matter...; Q563. While an audit is being conducted, which of the following could cause management and the a...; Q564. At which phase of the SDLC process should security begin participating? Response:...; Q565. Which cloud service category offers the most customization options and control to the clou...; Q566. Which of the following actions will NOT make data part of the "create" phase of the cloud ...; Q567. In order to comply with regulatory requirements, which of the following secure erasure met...; Q568. All of the following are usually nonfunctional requirements except ____________....; Q569. Which type of cloud service category would having a vendor-neutral encryption scheme for d...; Q570. Which of the following approaches would NOT be considered sufficient to meet the requireme...; Q571. Which type of controls are the SOC Type 1 reports specifically focused on?...; Q572. Your company is in the planning stages of moving applications that have large data sets to...; Q573. Proper implementation of DLP solutions for successful function requires which of the follo...; Q574. What controls the formatting and security settings of a volume storage system within a clo...; Q575. Which of the following characteristics is associated with digital rights management (DRM) ...; Q576. When reviewing the BIA after a cloud migration, the organization should take into account ...; Q577. It is important to include _______ in the design of underfloor plenums if they are also us...; Q578. Where is a DLP solution generally installed when utilized for monitoring data in use?...; Q579. Which networking concept in a cloud environment allows for network segregation and isolati...; Q580. SOC 2 reports were intended to be ____________. Response:...; Q581. All of the following methods can be used to attenuate the harm caused by escalation of pri...; Q582. Although indirect identifiers cannot alone point to an individual, the more of them known ...; Q583. What process is used within a clustered system to provide high availability and load balan...; Q584. Which of the following is NOT a focus or consideration of an internal audit?...; Q585. Which of the following could be used as a second component of multifactor authentication i...; Q586. Key maintenance and security are paramount within a cloud environment due to the widesprea...; Q587. Digital investigations have adopted many of the same methodologies and protocols as other ...; Q588. Which of the following should occur at each stage of the SDLC?...; Q589. What type of PII is controlled based on laws and carries legal penalties for noncompliance...; Q590. Of the following, which is probably the most significant risk in a managed cloud environme...; Q591. Which of the following is not an example of a highly regulated environment?...; Q592. Which of the following security measures done at the network layer in a traditional data c...; Q593. When beginning an audit, both the system owner and the auditors must agree on various aspe...; Q594. The cloud customer will have the most control of their data and systems, and the cloud pro...; Q595. Which of the following is a risk associated with manual patching especially in the cloud?...; Q596. Which of the following would be a reason to undertake a BCDR test?...; Q597. Which of the following threat types involves an application developer leaving references t...; Q598. Which component of ITIL involves the creation of an RFC ticket and obtaining official appr...; Q599. Deviations from the baseline should be investigated and __________________....; Q600. All of the following are identity federation standards commonly found in use today except ...; Q601. Which of the following approaches would NOT be considered sufficient to meet the requireme...; Q602. The management plane is used to administer a cloud environment and perform administrative ...; Q603. What does the management plane typically utilize to perform administrative functions on th...; Q604. Your organization is developing software for wide use by the public. You have decided to t...; Q605. Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and role...; Q606. All of the following methods can be used to attenuate the harm caused by escalation of pri...; Q607. What type of security threat is DNSSEC designed to prevent?...; Q608. Which attribute of data poses the biggest challenge for data discovery?...; Q609. What strategy involves replacing sensitive data with opaque values, usually with a means o...; Q610. Which cloud storage type resembles a virtual hard drive and can be utilized in the same ma...; Q611. Which of the following report is most aligned with financial control audits?...; Q612. You are the IT director for a small contracting firm. Your company is considering migratin...; Q613. With finite resources available within a cloud, even the largest cloud providers will at t...; Q614. What type of masking strategy involves making a separate and distinct copy of data with ma...; Q615. Your new CISO is placing increased importance and focus on regulatory compliance as your a...; Q616. The Transport Layer Security (TLS) protocol creates a secure communications channel over p...; Q617. Identity and access management (IAM) is a security discipline that ensures which of the fo...; Q618. Which of the following standards primarily pertains to cabling designs and setups in a dat...; Q619. Which aspect of data poses the biggest challenge to using automated tools for data discove...; Q620. Deviations from the baseline should be investigated and __________________....; Q621. What is used for local, physical access to hardware within a data center?...; Q622. Your new CISO is placing increased importance and focus on regulatory compliance as your a...; Q623. Which of the following APIs are most commonly used within a cloud environment?...; Q624. Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to ea...; Q625. Which of the following threat types involves an application developer leaving references t...; Q626. Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, ...; Q627. Which of the following cloud aspects complicates eDiscovery?...; Q628. What process is used within a clustered system to provide high availability and load balan...; Q629. What is the main reason virtualization is used in the cloud? Response:...; Q630. What concept does the A represent within the DREAD model?...; Q631. Which network protocol is essential for allowing automation and orchestration within a clo...; Q632. What type of masking would you employ to produce a separate data set for testing purposes ...; Q633. When using an Infrastructure as a Service (IaaS) solution, what is the capability provided...; Q634. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...; Q635. The BC/DR kit should include all of the following except:...; Q636. ISO/IEC has established international standards for many aspects of computing and any proc...; Q637. Which of the following roles is responsible for gathering metrics on cloud services and ma...; Q638. BCDR strategies typically do not involve the entire operations of an organization, but onl...; Q639. Because PaaS implementations are so often used for software development, what is one of th...; Q640. Which of the following data sanitation methods would be the MOST effective if you needed t...; Q641. Many activities within a cloud environment are performed via programmatic means, where com...; Q642. One of the main components of system audits is the ability to track changes over time and ...; Q643. Which of the following roles involves the provisioning and delivery of cloud services?...; Q644. What controls the formatting and security settings of a volume storage system within a clo...; Q645. For service provisioning and support, what is the ideal amount of interaction between a cl...; Q646. You are the security manager of a small firm that has just purchased a DLP solution to imp...; Q647. Data labels could include all the following, except:...; Q648. All of these are reasons an organization may want to consider cloud migration except: Resp...; Q649. Which of the following contract terms most incentivizes the cloud provider to meet the req...; Q650. Which type of testing uses the same strategies and toolsets that hackers would use?...; Q651. Many activities within a cloud environment are performed via programmatic means, where com...; Q652. Which of the following is NOT one of the official risk rating categories?...; Q653. The WS-Security standards are built around all of the following standards except which one...; Q654. Under EU law, a cloud customer who gives sensitive data to a cloud provider is still legal...; Q655. Your company operates in a highly competitive market, with extremely high-value data asset...; Q656. Which of the following are considered to be the building blocks of cloud computing? Respon...; Q657. What type of data does data rights management (DRM) protect?...; Q658. In attempting to provide a layered defense, the security practitioner should convince seni...; Q659. Which of the following would NOT be included as input into the requirements gathering for ...; Q660. Which of the following is NOT a core component of an SIEM solution?...; Q661. A main objective for an organization when utilizing cloud services is to avoid vendor lock...; Q662. Which cloud service category most commonly uses client-side key management systems?...; Q663. If you're using iSCSI in a cloud environment, what must come from an external protocol or ...; Q664. You are the security manager for an online retail sales company with 100 employees and a p...; Q665. At which stage of the BCDR plan creation phase should security be included in discussions?...; Q666. An SLA contains the official requirements for contract performance and satisfaction betwee...; Q667. Which of the following does NOT relate to the hiding of sensitive data from data sets?...; Q668. Within a SaaS environment, what is the responsibility on the part of the cloud customer in...; Q669. Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports...; Q670. Key maintenance and security are paramount within a cloud environment due to the widesprea...; Q671. Which of the following is considered an internal redundancy for a data center?...; Q672. Which security concept is based on preventing unauthorized access to data while also ensur...; Q673. Which security concept, if implemented correctly, will protect the data on a system, even ...; Q674. What type of security threat is DNSSEC designed to prevent?...; Q675. What is a cloud storage architecture that manages the data in a hierarchy of files?...; Q676. Your organization has made it a top priority that any cloud environment being considered t...; Q677. Of the following, which is probably the most significant risk in a managed cloud environme...; Q678. A firewall can use all of the following techniques for controlling traffic except:...; Q679. The REST API is a widely used standard for communications of web-based services between cl...; Q680. What changes are necessary to application code in order to implement DNSSEC?...; Q681. Which of the following is a valid risk management metric?...; Q682. Which aspect of cloud computing would make the use of a cloud the most attractive as a BCD...; Q683. The Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR) program h...; Q684. Why might an organization choose to comply with the ISO 27001 standard? Response:...; Q685. What masking strategy involves the replacing of sensitive data at the time it is accessed ...; Q686. Within a federated identity system, which of the following would you be MOST likely to use...; Q687. Which of the following concepts refers to a cloud customer paying only for the resources a...; Q688. Which SSAE 16 audit report is simply an attestation of audit results?...; Q689. The Open Web Application Security Project (OWASP) Top Ten is a list of web application sec...; Q690. The cloud deployment model that features organizational ownership of the hardware and infr...; Q691. Which security certification serves as a general framework that can be applied to any type...; Q692. Most APIs will support a variety of different data formats or structures. However, the SOA...; Q693. Which of the following is a file server that provides data access to multiple, heterogeneo...; Q694. Which data formats are most commonly used with the REST API?...; Q695. An audit against the ________ will demonstrate that an organization has adequate security ...; Q696. Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports...; Q697. Without the extensive funds of a large corporation, a small-sized company could gain consi...; Q698. Which of the following tools might be useful in data discovery efforts that are based on c...; Q699. Which of the following is NOT one of the cloud computing activities, as outlined in ISO/IE...; Q700. Which of the cloud deployment models offers the easiest initial setup and access for the c...; Q701. Audits are either done based on the status of a system or application at a specific time o...; Q702. Which aspect of cloud computing serves as the biggest challenge to using DLP to protect da...; Q703. Which of the cloud cross-cutting aspects relates to the ability to reuse or move component...; Q704. For optimal security, trust zones are used for network segmentation and isolation. They al...; Q705. What can tokenization be used for?; Q706. Security is a critical yet often overlooked consideration for BCDR planning. At which stag...; Q707. Although the United States does not have a single, comprehensive privacy and regulatory fr...; Q708. Which of the following is a management role, versus a technical role, as it pertains to da...; Q709. What is the concept of isolating an application from the underlying operating system for t...

web stats