Although performing BCDR tests at regular intervals is a best practice to ensure processes
and documentation are still relevant and efficient, which of the following represents a
reason to conduct a BCDR review outside of the regular interval?
Response:

A.

Staff changes

B.

Application changes

C.

Regulatory changes

D.

Management changes

In a cloud environment, encryption should be used for all the following, except:
Response:

A.

Long-term storage of data

B.

Near-term storage of virtualized images

C.

Secure sessions/VPN

D.

Profile formatting

A federated identity system is composed of three main components. Which of the following
is NOT one of the three main components?
Response:

A.

Identity provider

B.

User

C.

Relying party

D.

API

At which phase of the SDLC process should security begin participating?
Response

A.

Requirements gathering

B.

Requirements analysis

C.

Design

D.

Testing

Which of the following is NOT a common component of a DLP implementation process?
Response:

A.

Discovery

B.

Monitoring

C.

Revision

D.

Enforcement

Administrative penalties for violating the General Data Protection Regulation (GDPR) can
range up to ____________.
Response:

A.

US$100,000

B.

500,000 euros

C.

20,000,000 euros

D.

1,000,000 euros

All of the following are identity federation standards commonly found in use today except
____________.
Response:

A.

WS-Federation

B.

OpenID

C.

OAuth

D.

PGP

Which of the following involves assigning an opaque value to sensitive data fields to protect
confidentiality?
Response:

A.

Obfuscation

B.

Masking

C.

Tokenization

D.

Anonymization

What is the intellectual property protection for the logo of a new video game?
Response:

A.

Copyright

B.

Patent

C.

Trademark

D.

Trade secret

The Restatement (Second) Conflict of Law refers to which of the following?
Response:

A.

The basis for deciding which laws are most appropriate in a situation where conflicting
laws exist

B.

When judges restate the law in an opinion

C.

How jurisdictional disputes are settled

D.

Whether local or federal laws apply in a situation

A denial of service (DoS) attack can potentially impact all customers within a cloud
environment with the continued allocation of additional resources. Which of the following
can be useful for a customer to protect themselves from a DoS attack against another
customer?
Response:

A.

Limits

B.

Reservations

C.

Shares

D.

Borrows

SOC 2 reports were intended to be ____________.
Response:

A.

Released to the public

B.

Only technical assessments

C.

Retained for internal use

D.

Nonbinding