You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all
the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources. What is the term for this kind of arrangement?
You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all
the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources. You want to connect your organization to 13 other organizations. You consider using the cross-certification model but then decide against it. What is the most likely reason for declining that option?
You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all
the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources. In order to pass the user IDs and authenticating credentials of each user among the organizations, what protocol, language, or technique will you most likely utilize?
You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all
the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources. If you don’t use cross-certification, what other model can you implement for this purpose?
You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all
the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources. If you are in the United States, one of the standards you should adhere to is _______________.
You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all
the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources. If you are in Canada, one of the standards you will have to adhere to is _______________.
You are the security policy lead for your organization, which is considering migrating from your on-premises, traditional IT environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization. Which of the following benefits will the CSA CCM offer your organization?
You are the security policy lead for your organization, which is considering migrating from your on-premises, traditional IT environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization. Which of the following regulatory frameworks is not covered by the CCM?
You are the security policy lead for your organization, which is considering migrating from your on-premises, traditional IT environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization. Which tool, also available from the CSA, can be used in conjunction with the CCM to aid you in selecting and applying the proper controls to meet your organization’s regulatory needs?
You are the security policy lead for your organization, which is considering migrating from your on-premises, traditional IT environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization. What is probably the best benefit offered by the CCM?
You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. Your collective is set up in such a way that the members own various pieces of the network themselves, pool resources and data, and communicate and share files via the Internet. This is an example of what cloud model?
You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. Your collective wants to create a single sign-on experience for all members of the collective, where assurance and trust in the various members are created by having each member review all the others’ policies, governance, procedures, and controls before allowing them to participate. This is an example of what kind of arrangement?
You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. Your collective exchanges music files in two forms: images of written sheet music and electronic copies of recordings. Both of these are protected by what intellectual property legal construct?
You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. If you create a federated identity management structure for all the participants in the collective using a third-party certification model, who would be the federated service provider(s) in that structure?
You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. You receive a Digital Millennium Copyright Act (DMCA) takedown notice from someone who claims that your collective is hosting music that does not belong to you. You are fairly certain the complaint is not applicable and that the material in question does not belong to anyone else. What should you do in order to comply with the law?
You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. You receive a Digital Millennium Copyright Act (DMCA) takedown notice from someone who claims that your collective is hosting music that does not belong to you. Upon investigation, you determine that the material in question is the sheet music for a concerto written in 1872. What should you do in order to comply with the law?
Bob is designing a data center to support his organization, a financial services firm. What Uptime Institute tier rating should Bob try to attain in order to meet his company’s needs without adding extraneous costs?
Bob is designing a data center to support his organization, a financial services firm. Bob’s data center will have to be approved by regulators using a framework under which law?
Bob is designing a data center to support his organization, a financial services firm. Which of the following actions would best enhance Bob’s efforts to create redundancy and resiliency in the data center?
Bob is designing a data center to support his organization, a financial services firm. How long should the uninterruptible power supply (UPS) provide power to the systems in the data center?
You are the IT security manager for a video game software development company. For your company, minimizing security flaws in the delivered product is probably a _______________.
You are the IT security manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. This is an example of _______________.
You are the IT security manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. To optimize this situation, the test will need to involve _______________.
You are the IT security manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. Of the parties listed, who should most be excluded from the test?
You are the IT security manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. It is absolutely crucial to include _______________ as part of this process.
You are the IT security manager for a video game software development company. Which of the following is most likely to be your primary concern on a daily basis?
You are the IT security manager for a video game software development company. Which type of intellectual property protection will your company likely rely upon for legally enforcing your rights?
You are the IT security manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. Gamers are notorious for attempting to perform actions that were never anticipated or intended by the programmers. Results gathered from this activity are _______________.
You are the IT security manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. Gamers are notorious for attempting to perform actions that were never anticipated or intended by the programmers. Trying to replicate this phenomenon in a testbed environment with internal testing mechanisms is called _______________.
You are the IT security manager for a video game software development company. Your development team hired an external game development lab to work on part of the game engine. A few weeks before the initial release of your game, the company that owns the lab publishes a strikingly similar game, with many of the features and elements that appear in your work. Which of the following methods could be used to determine if your ownership rights were violated?
You are the IT security manager for a video game software development company. Your development team hired an external game development lab to work on part of the game engine. A few weeks before the initial release of your game, the company that owns the lab publishes a strikingly similar game, with many of the features and elements that appear in your work. Which of the following legal methods are you likely able to exercise to defend your rights?
You are the IT security manager for a video game software development company. In order to test the functionality of online multiplayer game content, your testing team wants to use a cloud service independent from the internal production environment. You suggest that a(n) _______________ service model will best meet this requirement.
You are the IT security manager for a video game software development company. In order to test the functionality of online multiplayer game content, your testing team wants to use a cloud service independent from the internal production environment. You remind them that it is absolutely crucial that they perform _______________ before including any sample player or billing data.
Which of the following is not an essential element defining cloud computing?
Which of the following is not an essential element defining cloud computing?
In what cloud computing service model is the customer responsible for installing and maintaining the operating system?
Your company is considering migrating its production environment to the cloud. In reviewing the proposed contract, you notice that it includes a clause that requires an additional fee, equal to six monthly payments (equal to half the term of the contract) for ending the contract at any point prior to the scheduled date. This is best described as an example of _______________.
There are two general types of smoke detectors. Which type uses a small portion of radioactive material?
You are the privacy data officer for a large hospital and trauma center. You are called on to give your opinion of the hospital’s plans to migrate all IT functions to a cloud service. Which of the following Uptime Institute tier-level ratings would you insist be included for any data center offered by potential providers?
What is the most important factor when considering the lowest temperature setting within a data center?
Storage controllers will typically be involved with each of the following storage protocols except _______________.
When you’re using a storage protocol that involves a storage controller, it is very important that the controller be configured in accordance with _______________.
What is the importance of adhering to vendor guidance in configuration settings?
Which of the following is a true statement about the virtualization management toolset?
In order to ensure proper _______________ in a secure cloud network environment, consider the use of Domain Name System Security Extensions (DNSSEC), Internet Protocol Security (IPSec), and Transport Layer Security (TLS).
Domain Name System Security Extensions (DNSSEC) provides all of the following except _______________.
All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline except _______________.
All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline except _______________.
All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline, except _______________.
You are the IT director for a small contracting firm. Your company is considering migrating to a cloud production environment. Which service model would best fit your needs if you wanted an option that reduced the chance of vendor lock-in but also did not require the highest degree of administration by your own personnel?
You are the data manager for a retail company; you anticipate a much higher volume of sales activity in the final quarter of each calendar year than the other quarters. In order to handle these increased transactions, and to accommodate the temporary sales personnel you will hire for only that time period, you consider augmenting your internal, on-premises production environment with a cloud capability for a specific duration and will return to operating fully on-premises after the period of increased activity. This is an example of _______________.
You are the data manager for a retail company; you anticipate a much higher volume of sales activity in the final quarter of each calendar year than the other quarters. In order to handle these increased transactions, and to accommodate the temporary sales personnel you will hire for only that time period, you consider augmenting your internal, on-premises production environment with a cloud capability for a specific duration, and will return to operating fully on-premises after the period of increased activity. Which facet of cloud computing is most important for making this possible?
You are the data manager for a retail company; you anticipate a much higher volume of sales activity in the final quarter of each calendar year than the other quarters. In order to handle these increased transactions, and to accommodate the temporary sales personnel you will hire for only that time period, you consider augmenting your internal, on-premises production environment with a cloud capability for a specific duration, and will return to operating fully on-premises after the period of increased activity. Which deployment model best describes this type of arrangement?
You are the security manager for a research and development firm. Your company does contract work for a number of highly sensitive industries, including aerospace and pharmaceuticals. Your company’s senior management is considering cloud migration and wants an option that is highly secure but still offers some of the flexibility and reduced overhead of the cloud. Which of the following deployment models do you recommend?
You are the IT director for a small engineering services company. During the last year, one of your managing partners left the firm, and you lost several large customers, creating a cash flow problem. The remaining partners are looking to use a cloud environment as a means of drastically and quickly cutting costs, migrating away from the expense of operating an internal network. Which cloud deployment model would you suggest to best meet their needs?
You run an online club for antique piano enthusiasts. In order to better share photo files and other data online, you want to establish a cloud-based environment where all your members can connect their own devices and files to each other, at their discretion. You do not want to centralize payment for such services as Internet service provider (ISP) connectivity, and you want to leave that up to the members. Which cloud deployment model would best suit your needs?
Full isolation of user activity, processes, and virtual network segments in a cloud environment is incredibly important because of risks due to _______________.
You are the security manager for a small European appliance rental company. The senior management of your company is considering cloud migration for the production environment, which handles marketing, billing, and logistics. Which cloud deployment model should you be most likely to recommend?
You are the security manager for a data analysis company. Your senior management is considering a cloud migration in order to use the greater capabilities of a cloud provider to perform calculations and computations. Your company wants to ensure that neither the contractual nor the technical setup of the cloud service will affect your data sets in any way so that you are not locked in to a single provider. Which of the following criteria will probably be most crucial for your choice of cloud providers?
Migrating to a cloud environment will reduce an organization’s dependence on _______________.
Firewalls, DLP (data loss prevention or data leak protection) and digital rights management (DRM) solutions, and security information and event management (SIEM) products are all examples of _______________ controls.
Fiber-optic lines are considered part of Layer _______________ of the Open Systems Interconnection (OSI) model.
It is probably fair to assume that software as a service (SaaS) functions take place at Layer _______________ of the OSI model.
Because of the nature of the cloud, all access is remote access. One of the preferred technologies employed for secure remote access is _______________.
You are the security manager for a small retailer engaged in e-commerce. A large part of your sales is transacted through the use of credit and debit cards. You have determined that the costs of maintaining an encrypted storage capability in order to meet compliance requirements are prohibitive. What other technology can you use instead to meet those regulatory needs?
Which of the following mechanisms cannot be used by a data loss prevention or data leak protection (DLP) solution to sort data?
You are the security manager for an online marketing company. Your company has recently migrated to a cloud production environment and has deployed a number of new cloud-based protection mechanisms offered by both third parties and the cloud provider, including data loss prevention or data leak protection (DLP) and security information and event management (SIEM) solutions. After one week of operation, your security team reports an inordinate amount of time responding to potential incidents that have turned out to only be false-positive reports. Management is concerned that the cloud migration was a bad idea and that it is too costly in terms of misspent security efforts. What do you recommend?
In a cloud context, who determines the risk appetite of your organization?
You are the security manager for a small application development company. Your company is considering the use of the cloud for software testing purposes. Which of the following traits of cloud functionality is probably the most crucial in terms of deciding which cloud provider you will choose?
You are the security manager for a small application development company. Your company is considering the use of the cloud for software testing purposes. Which cloud service model is most likely to suit your needs?
ISO 31000 is most similar to which of the following regulations, standards, guidelines, and frameworks?
Which of the following entities publishes a cloud-centric set of risk-benefit recommendations that includes a “Top 8” list of security risks an organization might face during a cloud migration, based on likelihood and impact?
Which standards body depends heavily on contributions and input from its open membership base?
In regard to most privacy guidance, the data subject is _______________.
In regard to most privacy guidance, the data controller is _______________.
In regard to most privacy guidance, the data processor is _______________.
In most privacy-regulation situations, which entity is most responsible for deciding how a particular privacy-related data set will be used or processed?
In most privacy-regulation situations, which entity is most responsible for the day-to-day maintenance and security of a privacy-related data set?
You are the compliance officer for a medical device manufacturing firm. Your company maintains a cloud-based list of patients currently fitted with your devices for long-term care and quality assurance purposes. The list is maintained in a database that cross-references details about the hardware and some billing data. In this situation, who is likely to be considered the data custodian, under many privacy regulations and laws?
Which of the following is probably least suited for inclusion in the service-level agreement (SLA) between a cloud customer and cloud provider?
Which of the following items, included in the contract between a cloud customer and cloud provider, can best aid in reducing vendor lock-in?
Which of the following contract terms most incentivizes the cloud provider to meet the requirements listed in the service-level agreement (SLA)?
Which of the following contract terms most incentivizes the cloud customer to meet the requirements listed in the contract?
Which of the following is not a reason for conducting audits?
Which of the following is a tool that can be used to perform security control audits?
Which of the following dictates the requirements for U.S. federal agencies operating in a cloud environment?
Which of the following common aspects of cloud computing can aid in audit efforts?
Which of the following does not typically represent a means for enhanced authentication?
Which of the following is not a common identity federation standard?
Multifactor authentication typically includes two or more of all the following elements except _______________.
Which of the following aspects of cloud computing can enhance the customer’s business continuity and disaster recovery (BC/DR) efforts?
Which of the following aspects of cloud computing can enhance the customer’s business continuity and disaster recovery (BC/DR) efforts?
Which of the following aspects of cloud computing can enhance the customer’s business continuity and disaster recovery (BC/DR) efforts?
What functional process can aid business continuity and disaster recovery (BC/DR) efforts?
Which common security tool can aid in the overall business continuity and disaster recovery (BC/DR) process?
Which of the following aspects of cloud computing can enhance the customer’s business continuity and disaster recovery (BC/DR) efforts?
Which of the following is not typically used as an information source for business continuity and disaster recovery (BC/DR) event anticipation?
Which of the following aspects of the business continuity and disaster recovery (BC/DR) process poses a risk to the organization?
Which of the following aspects of the business continuity and disaster recovery (BC/DR) process poses a risk to the organization?
In container virtualization, unlike standard virtualization, what is not included?
Which of the following is not typically a phase in the software development lifecycle (SDLC)?
An application programming interface (API) gateway can typically offer all of the following capabilities except _______________.
Cloud customers in a public cloud managed services environment can install all the following types of firewalls except _______________.
The Transport Layer Security (TLS) protocol creates a secure communications channel over public media (such as the Internet). In a typical TLS session, who initiates the protocol?
The Transport Layer Security (TLS) protocol creates a secure communications channel over public media (such as the Internet). In a typical TLS session, what is the usual means for establishing trust between the parties?
The Transport Layer Security (TLS) protocol creates a secure communications channel over public media (such as the Internet). In a typical TLS session, what form of cryptography is used for the session key?
DevOps is a form of software development that typically joins the software development team with _______________.
The Agile Manifesto for software development focuses largely on _______________.
When a program’s source code is open to review by the public, what is that software called?
Why is Simple Object Access Protocol (SOAP) used for accessing web services instead of the Distributed Component Object Model (DCOM) and the Common Object Request Broker Architecture (CORBA)?
How does representational state transfer (REST) make web service requests?
Representational state transfer (REST) outputs often take the form of _______________.
“Sensitive data exposure” is often included on the list of the Open Web Application Security Project (OWASP) Top Ten web application vulnerabilities. In addition to programming discipline and technological controls, what other approach is important for reducing this risk?
During maintenance mode for a given node in a virtualized environment, which of the following conditions is not accurate?
How are virtual machines (VMs) moved from active hosts when the host is being put into maintenance mode?
Which of the following is not a typical mechanism used by intrusion detection system (IDS) and intrusion prevention system (IPS) solutions to detect threats?
When you’re deploying a honeypot/honeynet, it is best to fill it with _______________ data.
The cloud provider should be required to make proof of vulnerability scans available to all of the following except _______________.
You are the security director for a chain of automotive repair centers across several states. Your company uses a cloud software as a service (SaaS) provider for business functions that cross several of the locations of your facilities, such as ordering of parts, logistics and inventory, billing, and marketing. The manager at one of your newest locations reports that there is a competing car repair company that has a logo that looks almost exactly like the one your company uses. This intellectual property is likely protected as a _______________.
You are the security director for a chain of automotive repair centers across several states. Your company uses a cloud software as a service (SaaS) provider for business functions that cross several of the locations of your facilities, such as ordering of parts, logistics and inventory, billing, and marketing. The manager at one of your newest locations reports that there is a competing car repair company that has a logo that looks almost exactly like the one your company uses. This conflict will most likely have to be resolved with what legal method?
You are the security director for a chain of automotive repair centers across several states. Your company uses a cloud software as a service (SaaS) provider for business functions that cross several of the locations of your facilities, such as ordering of parts, logistics and inventory, billing, and marketing. The manager at one of your newest locations reports that there is a competing car repair company that has a logo that looks almost exactly like the one your company uses. What will most likely affect the determination of who has ownership of the logo?
Which Statement on Standards for Attestation Engagements (SSAE) 18 audit report is simply an attestation of audit results?
Which Statement on Standards for Attestation Engagements (SSAE) 18 report is purposefully designed for public release (for instance, to be posted on a company’s website)?
Which of the following countries has a national privacy law that conforms to European Union (EU) legislation?
Which of the following countries has a national privacy law that conforms to European Union (EU) legislation?
18.225.235.144