1.

Your company maintains an on-premises data center for daily production activities but wants
to use a cloud service to augment this capability during times of increased demand (cloud
bursting). Which deployment model would probably best suit the company’s needs?

 (A) Public

 (B) Private

 (C) Community

 (D) Hybrid

2. Your company does not have a well-trained, experienced IT staff and is reluctant to spend
more money on training personnel (in recent company history, personnel have received training
and then immediately quit the company to work for competitors). If senior management
considers cloud migration, which deployment model would probably best suit their needs?

 (A) Public

 (B) Private

 (C) Community

 (D) Hybrid

3. You are the IT director for an automotive parts supply distribution service; your company
wants to operate a production environment in the cloud. As you consider possible providers, you
are careful to check that they each offer the essential traits of cloud computing. These include all
of the following except _____________________.

 (A) Broad network access

 (B) Metered service

 (C) On-demand self-service

 (D) Automatic anti-malware and intrusion prevention

4. Software developers designing applications for the cloud should expect to include options to
ensure all of the following capabilities except ________________ .

 (A) Encryption of data at rest

 (B) Encryption of data in transit

 (C) Data masking

 (D) Hashing database fields

5. When implementing iSCSI in your network environment, what is one of the possible prob-
lems you can accidentally create?

 (A) Neutrality

 (B) Oversubscription

 (C) Dampening

 (D) Surges
 6. ISO 27034 mandates a framework for application security within an organization. According
to the standard, each organization should have a(n) _________________ , and each application
within the organization should have its own _________________ .

 (A) Organizational Normative Framework (ONF), Application Normative Framework

(ANF)

 (B) Application Normative Framework (ANF), Organizational Normative Framework

(ONF)

 (C) Standard Application Security (SAS), Application Normative Framework (ANF)

 (D) Organizational Normative Framework (ONF), Standard Application Security (SAS)

7. Software-defined networking (SDN) allows network administrators/architects to perform all

the following functions except ____________________.

 (A) Reroute traffic based on current customer demand

 (B) Create logical subnets without having to change any actual physical connections

 (C) Filter access to resources based on specific rules or settings

 (D) Deliver streaming media content in an efficient manner by placing it closer to the end
user

8. The logical design of a cloud environment can enhance the security offered in that
environment. For instance, in an SaaS cloud, the provider can incorporate
________________ capabilities into the application itself.

 (A) High-speed processing

 (B) Logging

 (C) Performance-enhancing

 (D) Cross-platform functionality

9. Data dispersion is a cloud data security technique that is most similar to which legacy
implementation?

 (A) Business continuity and disaster recovery (BCDR)

 (B) Redundant Array of Inexpensive Disks (RAID)

 (C) Software-defined networking (SDN)

 (D) Content delivery network (CDN)

10. What language is used in the simple object access protocol (SOAP) application design
protocol?

 (A) HTML

 (B) X.509

 (C) XML

 (D) HTTP

11. You are in charge of creating the BCDR plan and procedures for your organization. You are
going to conduct a full test of the BCDR plan. Which of the following strategies is an optimum
 technique to avoid major issues?

 (A) Have another full backup of the production environment stored prior to the test

 (B) Assign all personnel roles to perform during the test

 (C) Have the cloud provider implement a simulated disaster at a random moment in
order to maximize realistic testing

 (D) Have your regulators present at the test so they can monitor performance

12. The Organization for Economic Cooperation and Development (OECD) is a multinational
entity that creates nonbinding policy suggestions for its member countries. The OECD has
published recommendations for privacy laws. One of the characteristics the OECD suggests that
privacy laws include is the _________________ .

 (A) Volcanic principle

 (B) Inherency principle

 (C) Repository principle

 (D) Openness principle

13. All of the following elements must be considered in the design of a cloud data
center except __________________ .

 (A) External standards, such as ITIL or ISO 27001

 (B) Physical environment

 (C) Types of services offered

 (D) Native language of the majority of customers

14. You are in charge of building a cloud data center. Which of the following is a useful rack
configuration for regulating airflow?

 (A) Exhaust fans on racks facing the inlet vents of other racks

 (B) Inlet fans on racks facing exhaust fans of other racks

 (C) All racks perpendicular to each other

 (D) Exhaust fans on racks facing exhaust fans on other racks

15. You work for a government research facility. Your organization often shares data with other
government research organizations. You would like to create a single sign-on experience across
the organizations, where users at each organization can sign in with the user ID/authentication
issued by that organization, then access research data in all the other organizations. Instead of
replicating the data stores of each organization at every other organization (which is one way of
accomplishing this goal), you instead want every user to have access to each organization’s
specific storage resources.

If you don’t use cross-certification, what other model can you implement for this purpose?

 (A) Third-party identity broker

 (B) Cloud reseller

 (C) Intractable nuanced variance

 (D) Mandatory access control (MAC)

16. You are the IT security subject matter expert for a hobbyist collective that researches and
archives old music.

Your collective is set up in such a way that the members own various pieces of the network
themselves, pool resources and data, and communicate and share files via the Internet. This is an
example of what cloud model?

 (A) Hydrogenous

 (B) Private

 (C) Public

 (D) Community

17. You are the security policy lead for your organization, which is considering migrating from
your on-premises, legacy environment into the cloud. You are reviewing the Cloud Security
Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization.

Which tool, also available from the CSA, can be used in conjunction with the CCM to aid you in
selecting/applying the proper controls to meet your organization’s regulatory needs?

 (A) The Consensus Assessments Initiative Questionnaire (CAIQ)

 (B) The Open Web Application Security Project (OWASP) Top Ten

 (C) The Critical Security Controls (CSC) list

 (D) NIST FIPS 140-2

 18. When implementing a digital rights management (DRM) solution in a cloud environment,
which of the following does not pose an additional challenge for the cloud customer?

 (A) Users might be required to install a DRM agent on their local devices

 (B) DRM solutions might have difficulty interfacing with multiple different OSs and
services

 (C) DRM solutions might have difficulty interacting with virtualized instances

 (D) Ownership of intellectual property might be difficult to ascertain

19. You are setting up a cloud implementation for an online retailer who will accept credit card
payments. According to the Payment Card Industry Data Security Standard (PCI DSS), what can
you never store for any length of time?

 (A) Personal data of consumers

 (B) The credit card verification (CCV) number

 (C) The credit card number

 (D) Home address of the customer

20. Alice is the CEO for a software company; she is considering migrating the operation from
the current on-premises legacy environment into the cloud. What is probably the biggest factor in
her decision?

 (A) Network scalability

 (B) Offsite backup capability

 (C) Global accessibility

 (D) Reduced overall cost due to outsourcing administration

You are in charge of building a cloud data center. Which raised floor
level is sufficient to meet standard requirements?

 a. 10 inches

 b. 8 inches

 c. 18 inches

 d. 2 feet

The current American Institute of Certified Public Accountants (AICPA)

standard was created in reaction to what US federal law?

 a. Gramm-Leach-Bliley Act (GLBA)

 b. Sarbanes-Oxley Act (SOX)

 c. Family Education Rights and Privacy Act (FERPA)

 d. Payment Card Industry Data Security Standards (PCI DSS)

Which of the following is not a step in the crypto-shredding process?

 a. Encrypt data with a particular encryption engine

 b. Encrypt first resulting keys with another encryption engine

 c. Save backup of second resulting keys

 d. Destroy original second resulting keys

In which of the following situations does the data owner have to

administer the OS?

 a. IaaS

 b. PaaS

 c. Offsite Archive

 d. SaaS

A SAML identity assertion token uses the____ protocol.

 a. XML

 b. HTTP

 c. HTML
 d. ASCII