What type of software is often considered secured and validated via community
knowledge? 
Response:

A.

Proprietary

B.

Object-oriented

C.

Open source

D.

Scripting

What could be the result of failure of the cloud provider to secure the hypervisor in such a
way that one user on a virtual machine can see the resource calls of another user’s virtual
machine?
Response:

A.

Unauthorized data disclosure

B.

Inference attacks

C.

Social engineering

D.

Physical intrusion

Your organization is developing software for wide use by the public. You have decided to
test it in a cloud environment, in a PaaS model. Which of the following should be of
particular concern to your organization for this situation?
Response:

A.

Vendor lock-in

B.

Backdoors

C.

Regulatory compliance

D.

High-speed network connectivity

Tokenization requires at least ____ database(s).
Response:

A.

One

B.

Two

C.

Three

D.

Four

Which of the following is the correct name for Tier II of the Uptime Institute Data Center
Site Infrastructure Tier Standard Topology?
Response:

A.

Concurrently Maintainable Site Infrastructure

B.

Fault-Tolerant Site Infrastructure

C.

Basic Site Infrastructure

D.

Redundant Site Infrastructure Capacity Components

You are the security manager of a small firm that has just purchased a DLP solution to
implement in your cloud-based production environment.
Which of these activities should you perform before deploying the tool?
Response:

A.

Survey your company’s departments about the data under their control

B.

Reconstruct your firewalls

C.

Harden all your routers

D.

Adjust the hypervisors

Which of the following would NOT be included as input into the requirements gathering for
an application or system?
Response:

A.

Users

B.

Management

C.

Regulators

D.

Auditors

Which type of software is most likely to be reviewed by the most personnel, with the most
varied perspectives?
Response:

A.

Database management software

B.

Open source software

C.

Secure software

D.

Proprietary software

Which of the following BCDR testing methodologies is least intrusive?
Response:

A.

Walk-through

B.

Simulation

C.

Tabletop

D.

Full test

Your organization has made it a top priority that any cloud environment being considered to
host production systems have guarantees that resources will always be available for
allocation when needed.
Which of the following concepts will you need to ensure is part of the contract and SLA?
Response:

A.

Limits

B.

Shares

C.

Resource pooling

D.

Reservations

Which of these characteristics of a virtualized network adds risks to the cloud environment?
Response:

A.

Redundancy

B.

Scalability

C.

Pay-per-use

D.

Self-service

Which of the following characteristics is associated with digital rights management (DRM)
solutions (sometimes referred to as information rights management, or IRM)?
Response:

A.

Mapping to existing access control lists (ACLs)

B.

Delineating biometric catalogs

C.

Preventing multifactor authentication

D.

Prohibiting unauthorized transposition