What is the primary security mechanism used to protect SOAP and REST APIs?
Response:

A.

Firewalls

B.

XML firewalls

C.

Encryption

D.

WAFs

What is the amount of fuel that should be on hand to power generators for backup
datacenter power, in all tiers, according to the Uptime Institute?

A.

1

B.

1,000 gallons

C.

12 hours

D.

As much as needed to ensure all systems may be gracefully shut down and data
securely stored

DRM solutions should generally include all the following functions, except:

A.

Persistency

B.

Automatic self-destruct

C.

Automatic expiration

D.

Dynamic policy control

What can tokenization be used for?
Response:

A.

Encryption

B.

Compliance with PCI DSS

C.

Enhancing the user experience

D.

Giving management oversight to e-commerce functions

Of the following, which is probably the most significant risk in a managed cloud
environment?
Response:

A.

DDoS

B.

Management plane breach

C.

Guest escape

D.

Physical attack on the utility service lines

You have been tasked with creating an audit scope statement and are making your
project outline. Which of the following is NOT typically included in an audit scope
statement?

A.

Statement of purpose

B.

Deliverables

C.

Classification

D.

Costs

Cloud environments pose many unique challenges for a data custodian to properly
adhere to policies and the use of data. What poses the biggest challenge for a data
custodian with a PaaS implementation, over and above the same concerns with
IaaS?
Response:

A.

Access to systems

B.

Knowledge of systems

C.

Data classification rules

D.

Contractual requirements

Log data should be protected ____________.
Response:

A.

One level below the sensitivity level of the systems from which it was collected

B.

At least at the same sensitivity level as the systems from which it was collected

C.

With encryption in transit, at rest, and in use

D.

According to NIST guidelines

Which of the following is not a reason for conducting audits?

A.

Regulatory compliance

B.

User satisfaction

C.

Determination of service quality

D.

Security assurance

Under EU law, a cloud customer who gives sensitive data to a cloud provider is still
legally responsible for the damages resulting from a data breach caused by the
provider; the EU would say that it is the cloud customer’s fault for choosing the
wrong provider.
This is an example of insufficient ____________.

A.

Proof

B.

Evidence

C.

Due diligence

D.

Application of reasonableness

The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats
to organizations participating in cloud computing.
According to the CSA, what is one reason the threat of insecure interfaces and APIs is so
prevalent in cloud computing? 
Response:

A.

Cloud customers and third parties are continually enhancing and modifying APIs.

B.

APIs can have automated settings.

C.

It is impossible to uninstall APIs.

D.

APIs are a form of malware.

A honeypot can be used for all the following purposes except ____________.
Response:

A.

Gathering threat intelligence

B.

Luring attackers

C.

Distracting attackers

D.

Delaying attackers