website They are open questions, whereas the exam has multiple choice questions However, they are representative of the depth of knowledge that you should have Answers to the questions
As you read through and study the body of
knowledge, you will find out that you will be able to answer these questions Domain 1. Cloud Architecture
Sample question: What are the five essential
characteristics of cloud computing? Domain 2. Governance and Enterprise risk
Sample question: The level of attention and
scrutiny paid to enterprise risk assessments should be directly related to what? Domain 3. Legal and Electronic Discovery
Sample question: In the majority of data
protection laws, when the data is transferred to a third party custodian, who is ultimately responsible for the security of the data? Domain 4. Compliance and Audit
Sample question: What is the most important
reason for knowing where the cloud service provider will host the data? Domain 5. Information Management and data security
Sample question: What are the six phases of the
data security lifecycle? Domain 6. Portability and Interoperability
Sample question: Why is the size of data sets a
consideration in portability between cloud service providers? Domain 7. Traditional Security, BCM, D/R
Sample question: What are the four D's of
perimeter security? Domain 8. Data Center Operations Sample question: In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers? Domain 9. Incident Response
Sample question: What measures could be taken
by the cloud service provider (CSP) that might reduce the occurrence of application level incidents? Domain 10. Application Security
Sample question: how should an SDLC be
modified to address application security in a Cloud Computing environment? Domain 11. Encryption and Key Management
Sample question: what is the most significant
reason that customers are advised to maintain in-house key management? Domain 12. Identity and Access Management
Sample question: What two types of information
will cause additional regulatory issues for all organizations if held as an aspect of an Identity? Domain 13. Virtualization
Sample question: Why do blind spots occur in a
virtualized environment, where network-based security controls may not be able to monitor certain types of traffic? Domain 14. Security as a Service
Sample question: When deploying Security as a
Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA? ENISA Document