NEW QUESTION 1

Log data should be protected ______.
Response:

• A. One level below the sensitivity level of the systems from which it was collected
• B. At least at the same sensitivity level as the systems from which it was collected
• C. With encryption in transit, at rest, and in use
• D. According to NIST guidelines

Answer: B

NEW QUESTION 2

Which of the following is a file server that provides data access to multiple, heterogeneous machines/users on the network?
Response:

• A. Storage area network (SAN)
• B. Network-attached storage (NAS)
• C. Hardware security module (HSM)
• D. Content delivery network (CDN)

Answer: B

NEW QUESTION 3

Which of the following is perhaps the best method for reducing the risk of a specific application not delivering the proper level of functionality and performance when it is moved from the legacy environment into the cloud?
Response:

• A. Remove the application from the organization’s production environment, and replace it with something else.
• B. Negotiate and conduct a trial run in the cloud environment for that application before permanently migrating.
• C. Make sure the application is fully updated and patched according to all vendor specifications.
• D. Run the application in an emulator.

Answer: B

NEW QUESTION 4

The use of which of the following technologies will NOT require the security dependency of an operating system, other than its own?

• A. Management plane
• B. Type 1 hypervisor
• C. Type 2 hypervisor
• D. Virtual machine

Answer: B

NEW QUESTION 5

A typical DLP tool can enhance the organization’s efforts at accomplishing what legal task? Response:

• A. Evidence collection
• B. Delivering testimony
• C. Criminal prosecution
• D. Enforcement of intellectual property rights

Answer: A

NEW QUESTION 6

Which of the following data-sanitation approaches are always available within a cloud environment? Response:

• A. Physical destruction
• B. Shredding
• C. Overwriting
• D. Cryptographic erasure

Answer: D

NEW QUESTION 7

A process for ______ can aid in protecting against data disclosure due to lost devices. Response:

• A. User punishment
• B. Credential revocation
• C. Law enforcement notification
• D. Device tracking

Answer: B

NEW QUESTION 8

Of the following, which is probably the most significant risk in a managed cloud environment? Response:

• A. DDoS
• B. Management plane breach
• C. Guest escape
• D. Physical attack on the utility service lines

Answer: B

NEW QUESTION 9

Which of the following threats from the OWASP Top Ten is the most difficult for an organization to protect against?
Response:

• A. Advanced persistent threats
• B. Account hijacking
• C. Malicious insiders
• D. Denial of service

Answer: C

NEW QUESTION 10

What are the six components that make up the STRIDE threat model? Response:

• A. Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
• B. Spoofing, Tampering, Non-Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
• C. Spoofing, Tampering, Repudiation, Information Disclosure, Distributed Denial of Service, and Elevation of Privilege
• D. Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Social Engineering

Answer: A

NEW QUESTION 11

You are developing a new process for data discovery for your organization and are charged with ensuring that all applicable data is included. Which of the following is NOT one of the three methods of data discovery?
Response:

• A. Metadata
• B. Content analysis
• C. Labels
• D. Classification

Answer: D

NEW QUESTION 12

The ISO/IEC 27001:2013 security standard contains 14 different domains that cover virtually all areas of IT operations and procedures. Which of the following is NOT one of the domains listed in the standard?
Response:

• A. Legal
• B. Management
• C. Assets
• D. Supplier Relationships

Answer: A

NEW QUESTION 13

You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
Which of these activities should you perform before deploying the tool? Response:

• A. Survey your company’s departments about the data under their control
• B. Reconstruct your firewalls
• C. Harden all your routers
• D. Adjust the hypervisors

Answer: A

NEW QUESTION 14

______ is the most prevalent protocol used in identity federation.

• A. HTTP
• B. SAML
• C. FTP
• D. WS-Federation

Answer: B

NEW QUESTION 15

Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?

• A. Concurrently Maintainable Site Infrastructure
• B. Fault-Tolerant Site Infrastructure
• C. Basic Site Infrastructure
• D. Redundant Site Infrastructure Capacity Components

Answer: D

NEW QUESTION 16

Security best practices in a virtualized network environment would include which of the following? Response:

• A. Using distinct ports and port groups for various VLANs on a virtual switch rather than running them through the same port
• B. Running iSCSI traffic unencrypted in order to have it observed and monitored by NIDS
• C. Adding HIDS to all virtual guests
• D. Hardening all outward-facing firewalls in order to make them resistant to attack

Answer: A

NEW QUESTION 17

During the assessment phase of a risk evaluation, what are the two types of tests that are performed? Response:

• A. Internal and external
• B. Technical and managerial
• C. Physical and logical
• D. Qualitative and quantitative

Answer: D

NEW QUESTION 18

What type of identity system allows trust and verifications between the authentication systems of multiple organizations?
Response:

• A. Federated
• B. Collaborative
• C. Integrated
• D. Bidirectional

Answer: A

NEW QUESTION 19

Tokenization requires at least ______ database(s).
Response:

• A. One
• B. Two
• C. Three
• D. Four

Answer: B

NEW QUESTION 20

Which type of testing tends to produce the best and most comprehensive results for discovering system vulnerabilities?
Response:

• A. Static
• B. Dynamic
• C. Pen
• D. Vulnerability

Answer: A

NEW QUESTION 21

Which of the following practices can enhance both operational capabilities and configuration management efforts?
Response:

• A. Regular backups
• B. Constant uptime
• C. Multifactor authentication
• D. File hashes

Answer: D

NEW QUESTION 22

The Brewer-Nash security model is also known as which of the following? Response:

• A. MAC
• B. The Chinese Wall model
• C. Preventive measures
• D. RBAC

Answer: B

NEW QUESTION 23

Typically, SSDs are ______.
Response:

• A. More expensive than spinning platters
• B. Larger than tape backup
• C. Heavier than tape libraries
• D. More subject to malware than legacy drives

Answer: A

NEW QUESTION 24

The nature of cloud computing and how it operates make complying with data discovery and disclosure orders more difficult. Which of the following concepts provides the biggest challenge in regard to data collection, pursuant to a legal order?
Response:

• A. Portability
• B. Multitenancy
• C. Reversibility
• D. Auto-scaling

Answer: B

NEW QUESTION 25

When considering the option to migrate from an on-premises environment to a hosted cloud service, an organization should weigh the risks of allowing external entities to access the cloud data for collaborative purposes against ______.
Response:

• A. Not securing the data in the legacy environment
• B. Disclosing the data publicly
• C. Inviting external personnel into the legacy workspace in order to enhance collaboration
• D. Sending the data outside the legacy environment for collaborative purposes

Answer: D

NEW QUESTION 26

The Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR) program has ______ tiers.
Response:

• A. Two
• B. Three
• C. Four
• D. Eight

Answer: B

NEW QUESTION 27

The tasks performed by the hypervisor in the virtual environment can most be likened to the tasks of the
______ in the legacy environment.
Response:

• A. Central processing unit (CPU)
• B. Security team
• C. OS
• D. PGP

Answer: A

NEW QUESTION 28

An audit against the ______ will demonstrate that an organization has a holistic, comprehensive security program.
Response:

• A. SAS 70 standard
• B. SSAE 16 standard
• C. SOC 2, Type 2 report matrix
• D. ISO 27001 certification requirements

Answer: D

NEW QUESTION 29

A honeypot can be used for all the following purposes except ______.
Response:

• A. Gathering threat intelligence
• B. Luring attackers
• C. Distracting attackers
• D. Delaying attackers

Answer: B

NEW QUESTION 30
......