Which ISO standard refers to addressing security risks in a supply chain?

A.

ISO 27001

B.

ISO/IEC 28000:2007

C.

ISO 18799

D.

ISO 31000:2009

What is the term that describes the situation when a malicious user/attacker can exit
the restrictions of a single host and access other nodes on the network?
Response:

A.

Host escape

B.

Guest escape

C.

Provider exit

D.

Escalation of privileges

What are the phases of a software development lifecycle process model?
Response:

A.

Planning and requirements analysis, define, design, develop, testing, and maintenance

B.

Define, planning and requirements analysis, design, develop, testing, and maintenance

C.

Planning and requirements analysis, define, design, testing, develop, and maintenance

D.

Planning and requirements analysis, design, define, develop, testing, and maintenance

You are performing an audit of the security controls used in a cloud environment.
Which of the following would best serve your purpose?
Response:

A.

The business impact analysis (BIA)

B.

A copy of the VM baseline configuration

C.

The latest version of the company’s financial records

D.

A SOC 3 report from another (external) auditor

During which stage of the SDLC process should security be consulted and begin its
initial involvement?

A.

Testing

B.

Design

C.

Development

D.

Requirement gathering

Why are PaaS environments at a higher likelihood of suffering backdoor
vulnerabilities?

A.

They rely on virtualization.

B.

They are often used for software development.

C.

They have multitenancy.

D.

They are scalable.

You are in charge of creating the BCDR plan and procedures for your organization. Your
organization has its production environment hosted by a cloud provider, and you have
appropriate protections in place.
Which of the following is a significant consideration for your BCDR backup?
Response:

A.

Enough personnel at the BCDR recovery site to ensure proper operations

B.

Good cryptographic key management

C.

Access to the servers where the BCDR backup is stored

D.

Forensic analysis capabilities

DLP can be combined with what other security technology to enhance data controls?
Response:

A.

DRM

B.

SIEM

C.

Kerberos

D.

Hypervisors

Which of the following is considered an administrative control?

A.

Access control process

B.

Keystroke logging

C.

Door locks

D.

Biometric authentication

The cloud deployment model that features organizational ownership of the hardware and
infrastructure, and usage only by members of that organization, is known as:
Response:

A.

Private

B.

Public

C.

Hybrid

D.

Motive

Using one cloud provider for your operational environment and another for your
BCDR backup will also give you the additional benefit of ____________.
Response:

A.

Allowing any custom VM builds you use to be instantly ported to another environment

B.

Avoiding vendor lock-in/lockout

C.

Increased performance

D.

Lower cost

The Transport Layer Security (TLS) protocol creates a secure communications channel
over public media (such as the Internet). In a typical TLS session, what is the usual means
for establishing trust between the parties?
Response:

A.

Out-of-band authentication

B.

Multifactor authentication

C.

 PKI certificates

D.

Preexisting knowledge of each other