What is a serious complication an organization faces from the perspective of compliance with international operations?
A. Different certifications
B. Multiple jurisdictions
C. Different capabilities
D. Different operational procedures
Which of the following is not a risk management framework?
A. COBIT
B. Hex GBL
C. ISO 31000:2009
D. NIST SP 800-37
Which type of cloud model typically presents the most challenges to a cloud customer during the "destroy" phase of the cloud data lifecycle?
A. IaaS
B. DaaS
C. SaaS
D. PaaS
What must SOAP rely on for security?
A. Encryption
B. Tokenization
C. TLS
D. SSL
Which of the cloud deployment models involves spanning multiple cloud environments or a mix of cloud hosting models?
A. Community
B. Public
C. Hybrid
D. Private
Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?
A. Regulatory requirements
B. SLAs
C. Auditability
D. Governance
Which approach is typically the most efficient method to use for data discovery?
A. Metadata
B. Content analysis
C. Labels
D. ACLs
Within a SaaS environment, what is the responsibility on the part of the cloud customer in regard to procuring the software used?
A. Maintenance
B. Licensing
C. Development
D. Purchasing
Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data.
Which concept encapsulates this?
A. Validity
B. Integrity
C. Accessibility
D. Confidentiality
An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer.
Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA?
A. Network
B. Users
C. Memory
D. CPU
Which of the following statements about Type 1 hypervisors is true?
A. The hardware vendor and software vendor are different.
B. The hardware vendor and software vendor are the same
C. The hardware vendor provides an open platform for software vendors.
D. The hardware vendor and software vendor should always be different for the sake of security.
What process entails taking sensitive data and removing the indirect identifiers from each data object so that the identification of a single entity would not be possible?
A. Tokenization
B. Encryption
C. Anonymization
D. Masking
Data labels could include all the following, except:
A. Multifactor authentication
B. Access restrictions
C. Confidentiality level
D. Distribution limitations
What is the intellectual property protection for the tangible expression of a creative idea?
A. Trade secret
B. Copyright
C. Trademark
D. Patent
Which of the following best describes the Organizational Normative Framework (ONF)?
A. A set of application security, and best practices, catalogued and leveraged by the organization
B. A container for components of an application's security, best practices catalogued and leveraged by the organization
C. A framework of containers for some of the components of application security, best practices, catalogued and leveraged by the organization
D. A framework of containers for all components of application security, best practices, catalogued and leveraged by the organization.