NEW QUESTION 1

Which of the following is a risk associated with manual patching especially in the cloud?
Response:

• A. No notice before the impact is realized


• B. Lack of applicability to the environment


• C. Patches may or may not address the vulnerability they were designed to fix.


• D. The possibility for human error

Answer: D

NEW QUESTION 2

Egress monitoring solutions usually include a function that ______.
Response:

• A. Uses biometrics to scan users


• B. Inspects incoming packets


• C. Resides on client machines


• D. Uses stateful inspection

Answer: C

NEW QUESTION 3

What are the objectives of change management? (Choose all that apply.)
Response:

• A. Respond to a customer’s changing business requirements while maximizing value and reducing incidents, disruption, and rework


• B. Ensure that changes are recorded and evaluated


• C. Respond to business and IT requests for change that will disassociate services with business needs


• D. Ensure that all changes are prioritized, planned, tested, implemented, documented, and reviewed in a controlled manner

Answer: AB

NEW QUESTION 4

You are the security manager for a company that is considering cloud migration to an IaaS environment. You are assisting your company’s IT architects in constructing the environment. Which of the following options do you recommend?
Response:

• A. Unrestricted public access


• B. Use of a Type I hypervisor


• C. Use of a Type II hypervisor


• D. Enhanced productivity without encryption

Answer: B

NEW QUESTION 5

All of the following are usually nonfunctional requirements except ______.
Response:

• A. Color


• B. Sound


• C. Security


• D. Function

Answer: D

NEW QUESTION 6

Application virtualization can typically be used for .

• A. Denying access to untrusted users


• B. Detecting and mitigating DDoS attacks


• C. Replacing encryption as a necessary control


• D. Running an application on an endpoint without installing it

Answer: D

NEW QUESTION 7

What is the primary security mechanism used to protect SOAP and REST APIs? Response:

• A. Firewalls


• B. XML firewalls


• C. Encryption


• D. WAFs

Answer: C

NEW QUESTION 8

In attempting to provide a layered defense, the security practitioner should convince senior management to include security controls of which type?
Response:

• A. Technological


• B. Physical


• C. Administrative


• D. All of the above

Answer: D

NEW QUESTION 9

Different types of cloud deployment models use different types of storage from traditional data centers, along with many new types of software platforms for deploying applications and configurations. Which of the following is NOT a storage type used within a cloud environment?

• A. Docker


• B. Object


• C. Structured


• D. Volume

Answer: A

NEW QUESTION 10

Which cloud storage type uses an opaque value or descriptor to categorize and organize data? Response:

• A. Volume


• B. Object


• C. Structured


• D. Unstructured

Answer: D

NEW QUESTION 11

You are the security manager for a small surgical center. Your organization is reviewing upgrade options for its current, on-premises data center. In order to best meet your needs, which one of the following options would you recommend to senior management?
Response:

• A. Building a completely new data center


• B. Leasing a data center that is currently owned by another firm


• C. Renting private cloud space in a Tier 2 data center


• D. Staying with the current data center

Answer: A

NEW QUESTION 12

The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. A cloud customer that does not perform sufficient due diligence can suffer harm if the cloud provider they’ve selected goes out of business.
What do we call this problem? Response:

• A. Vendor lock-in


• B. Vendor lock-out


• C. Vendor incapacity


• D. Unscaled

Answer: B

NEW QUESTION 13

You are the IT security manager for a video game software development company. Which of the following is most likely to be your primary concern on a daily basis?
Response:

• A. Health and human safety


• B. Security flaws in your products


• C. Security flaws in your organization


• D. Regulatory compliance

Answer: C

NEW QUESTION 14

What aspect of a Type 2 hypervisor involves additional security concerns that are not relevant with a Type 1 hypervisor?
Response:

• A. Reliance on a host operating system


• B. Auditing


• C. Proprietary software


• D. Programming languages

Answer: A

NEW QUESTION 15

At which phase of the SDLC process should security begin participating? Response:

• A. Requirements gathering


• B. Requirements analysis


• C. Design


• D. Testing

Answer: A

NEW QUESTION 16

The final phase of the cloud data lifecycle is the destroy phase, where data is ultimately deleted and done so in a secure manner to ensure it cannot be recovered or reconstructed. Which cloud service category poses the most challenges to data destruction or the cloud customer?

• A. Platform


• B. Software


• C. Infrastructure


• D. Desktop

Answer: B

NEW QUESTION 17

DLP solutions can aid in deterring loss due to which of the following?
Response:

• A. Randomization


• B. Inadvertent disclosure


• C. Natural disaster


• D. Device failure

Answer: B

NEW QUESTION 18

Which of the following is not a feature of SAST? Response:

• A. Source code review


• B. Team-building efforts


• C. “White-box” testing


• D. Highly skilled, often expensive outside consultants

Answer: B

NEW QUESTION 19

Who is the entity identified by personal data? Response:

• A. The data owner


• B. The data processor


• C. The data custodian


• D. The data subject

Answer: D

NEW QUESTION 20

Although encryption can help an organization to effectively decrease the possibility of data breaches, which other type of threat can it increase the chances of?
Response:

• A. Insecure interfaces


• B. Data loss


• C. System vulnerabilities


• D. Account hijacking

Answer: B

NEW QUESTION 21

Which of the following is not an enforceable governmental request? Response:

• A. Warrant


• B. Subpoena


• C. Court order


• D. Affidavit

Answer: D

NEW QUESTION 22

DLP solutions typically involve all of the following aspects except ______.
Response:

• A. Data discovery


• B. Tokenization


• C. Monitoring


• D. Enforcement

Answer: B

NEW QUESTION 23

Which of the following contract terms most incentivizes the cloud provider to meet the requirements listed in the SLA?
Response:

• A. Regulatory oversight


• B. Financial penalties


• C. Performance details


• D. Desire to maintain customer satisfaction

Answer: B

NEW QUESTION 24

Which of the following methods for the safe disposal of electronic records can always be used in a cloud
environment? Response:

• A. Physical destruction


• B. Encryption


• C. Overwriting


• D. Degaussing

Answer: B

NEW QUESTION 25

Single sign-on systems work by authenticating users from a centralized location or using a centralized method, and then allowing applications that trust the system to grant those users access. What would be passed between the authentication system and the applications to grant a user access?
Response:

• A. Ticket


• B. Certificate


• C. Credential


• D. Token

Answer: D

NEW QUESTION 26

At which layer does the IPSec protocol operate to encrypt and protect communications between two parties? Response:

• A. Network


• B. Application


• C. Transport


• D. Data link

Answer: A

NEW QUESTION 27

All of the following are identity federation standards commonly found in use today except ______.
Response:

• A. WS-Federation


• B. OpenID


• C. OAuth


• D. PGP

Answer: D

NEW QUESTION 28

TLS uses ______ to authenticate a connection and create a shared secret for the duration of the session.

• A. SAML 2.0


• B. X.509 certificates


• C. 802.11X


• D. The Diffie-Hellman process

Answer: B

NEW QUESTION 29

Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?
Response:

• A. Concurrently Maintainable Site Infrastructure


• B. Fault-Tolerant Site Infrastructure


• C. Basic Site Infrastructure


• D. Redundant Site Infrastructure Capacity Components

Answer: D

NEW QUESTION 30
......