_________ is the legal concept whereby a cloud customer is held to a reasonable
expectation for providing security of its users’ and clients’ privacy data in their control.
Response:

A.

Due care

B.

Due diligence

C.

Liability

D.

Reciprocity

Which concept pertains to cloud customers paying only for the resources they use
and consume, and only for the duration they are using them?
Response:

A.

Measured service

B.

Auto-scaling

C.

Portability

D.

Elasticity

The cloud  deployment model that features joint ownership of assets among an affinity
group is known as:Response:

A.

Private

B.

Public

C.

Hybrid

D.

Community

You are the security manager for a software development firm. Your company is interested
in using a managed cloud service provider for hosting its testing environment. Management
is interested in adopting an Agile development style.
This will be typified by which of the following traits?
Response:

A.

Reliance on a concrete plan formulated during the Define phase

B.

Rigorous, repeated security testing

C.

Isolated programming experts for specific functional elements

D.

Short, iterative work periods

You are the security manager of a small firm that has just purchased a DLP solution to
implement in your cloud-based production environment.
In order to get truly holistic coverage of your environment, you should be sure to include
__________ as a step in the deployment process.
Response:

A.

Getting signed user agreements from all users

B.

Installation of the solution on all assets in the cloud data center

C.

Adoption of the tool in all routers between your users and the cloud provider

D.

All of your customers to install the tool

The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months. The 2013 OWASP
Top Ten list includes “sensitive data exposure.”
Which of these is a technique to reduce the potential for a sensitive data exposure?
Response:

A.

Extensive user training on proper data handling techniques

B.

Advanced firewalls inspecting all inbound traffic, to include content-based screening

C.

Ensuring the use of utility backup power supplies

D.

Roving security guards

A virtual network interface card (NIC) exists at layer __________ of the OSI model.
Response:

A.

2

B.

4

C.

6

D.

8

Which of the following is a file server that provides data access to multiple,
heterogeneous machines/users on the network?
Response:

A.

Storage area network (SAN)

B.

Network-attached storage (NAS)

C.

Hardware security module (HSM)

D.

Content delivery network (CDN)

The use of which of the following technologies will NOT require the security
dependency of an operating system, other than its own?

A.

Management plane

B.

Type 1 hypervisor

C.

Type 2 hypervisor

D.

Virtual machine

Which of the following is characterized by a set maximum capacity?
Response:

A.

A secret-sharing-made-short (SSMS) bit-splitting implementation

B.

A tightly coupled cloud storage cluster

C.

A loosely coupled cloud storage cluster

D.

A public-key infrastructure

Which of the following is a possible negative aspect of bit-splitting?

A.

Greater chance of physical theft of assets

B.

Loss of public image

C.

Some risk to availability, depending on the implementation

D.

A small fire hazard

What sort of legal enforcement may the Payment Card Industry (PCI) Security
Standards Council not bring to bear against organizations that fail to comply with
the Payment Card Industry Data Security Standard (PCI DSS)?
Response:

A.

Fines

B.

Jail time

C.

Suspension of credit card processing privileges

D.

Subject to increased audit frequency and scope