Beruflich Dokumente
Kultur Dokumente
Your company maintains an on-premises data center for daily production activities but wants
to use a cloud service to augment this capability during times of increased demand (cloud
bursting). Which deployment model would probably best suit the company’s needs?
(A) Public
(B) Private
(C) Community
(D) Hybrid
2. Your company does not have a well-trained, experienced IT staff and is reluctant to spend
more money on training personnel (in recent company history, personnel have received training
and then immediately quit the company to work for competitors). If senior management
considers cloud migration, which deployment model would probably best suit their needs?
(A) Public
(B) Private
(C) Community
(D) Hybrid
3. You are the IT director for an automotive parts supply distribution service; your company
wants to operate a production environment in the cloud. As you consider possible providers, you
are careful to check that they each offer the essential traits of cloud computing. These include all
of the following except _____________________.
4. Software developers designing applications for the cloud should expect to include options to
ensure all of the following capabilities except ________________ .
5. When implementing iSCSI in your network environment, what is one of the possible prob-
lems you can accidentally create?
(A) Neutrality
(B) Oversubscription
(C) Dampening
(D) Surges
6. ISO 27034 mandates a framework for application security within an organization. According
to the standard, each organization should have a(n) _________________ , and each application
within the organization should have its own _________________ .
(B) Create logical subnets without having to change any actual physical connections
(D) Deliver streaming media content in an efficient manner by placing it closer to the end
user
8. The logical design of a cloud environment can enhance the security offered in that
environment. For instance, in an SaaS cloud, the provider can incorporate
________________ capabilities into the application itself.
(C) Performance-enhancing
9. Data dispersion is a cloud data security technique that is most similar to which legacy
implementation?
10. What language is used in the simple object access protocol (SOAP) application design
protocol?
(A) HTML
(B) X.509
(C) XML
(D) HTTP
11. You are in charge of creating the BCDR plan and procedures for your organization. You are
going to conduct a full test of the BCDR plan. Which of the following strategies is an optimum
technique to avoid major issues?
(A) Have another full backup of the production environment stored prior to the test
(C) Have the cloud provider implement a simulated disaster at a random moment in
order to maximize realistic testing
(D) Have your regulators present at the test so they can monitor performance
12. The Organization for Economic Cooperation and Development (OECD) is a multinational
entity that creates nonbinding policy suggestions for its member countries. The OECD has
published recommendations for privacy laws. One of the characteristics the OECD suggests that
privacy laws include is the _________________ .
13. All of the following elements must be considered in the design of a cloud data
center except __________________ .
14. You are in charge of building a cloud data center. Which of the following is a useful rack
configuration for regulating airflow?
(A) Exhaust fans on racks facing the inlet vents of other racks
15. You work for a government research facility. Your organization often shares data with other
government research organizations. You would like to create a single sign-on experience across
the organizations, where users at each organization can sign in with the user ID/authentication
issued by that organization, then access research data in all the other organizations. Instead of
replicating the data stores of each organization at every other organization (which is one way of
accomplishing this goal), you instead want every user to have access to each organization’s
specific storage resources.
If you don’t use cross-certification, what other model can you implement for this purpose?
16. You are the IT security subject matter expert for a hobbyist collective that researches and
archives old music.
Your collective is set up in such a way that the members own various pieces of the network
themselves, pool resources and data, and communicate and share files via the Internet. This is an
example of what cloud model?
(A) Hydrogenous
(B) Private
(C) Public
(D) Community
17. You are the security policy lead for your organization, which is considering migrating from
your on-premises, legacy environment into the cloud. You are reviewing the Cloud Security
Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization.
Which tool, also available from the CSA, can be used in conjunction with the CCM to aid you in
selecting/applying the proper controls to meet your organization’s regulatory needs?
(B) The Open Web Application Security Project (OWASP) Top Ten
(A) Users might be required to install a DRM agent on their local devices
(B) DRM solutions might have difficulty interfacing with multiple different OSs and
services
(C) DRM solutions might have difficulty interacting with virtualized instances
19. You are setting up a cloud implementation for an online retailer who will accept credit card
payments. According to the Payment Card Industry Data Security Standard (PCI DSS), what can
you never store for any length of time?
20. Alice is the CEO for a software company; she is considering migrating the operation from
the current on-premises legacy environment into the cloud. What is probably the biggest factor in
her decision?
You are in charge of building a cloud data center. Which raised floor
level is sufficient to meet standard requirements?
a. 10 inches
b. 8 inches
c. 18 inches
d. 2 feet
a. IaaS
b. PaaS
c. Offsite Archive
d. SaaS
a. XML
b. HTTP
c. HTML
d. ASCII