If a cloud computing customer wishes to guarantee that a minimum level of resources will always be available, which of the following set of services would compromise the reservation?

What does a cloud customer purchase or obtain from a cloud provider?

From a security perspective, what component of a cloud computing infrastructure represents the biggest concern?

In the wake of many scandals with major corporations involving fraud and the deception of investors and regulators, which of the following laws was passed to govern accounting and financial records and disclosures?

From the perspective of compliance, what is the most important consideration when it comes to data center location?

Where is a DLP solution generally installed when utilized for monitoring data in use?

The management plane is used to administer a cloud environment and perform administrative tasks across a variety of systems, but most specifically it's used with the hypervisors.

What does the management plane typically leverage for this orchestration?

Although the United States does not have a single, comprehensive privacy and regulatory framework, a number of specific regulations pertain to types of data or populations.

Which of the following is NOT a regulatory system from the United States federal government?

Which of the following is NOT one of the main intended goals of a DLP solution?

Many aspects and features of cloud computing can make eDiscovery compliance more difficult or costly.

Which aspect of cloud computing would be the MOST complicating factor?

Clustered systems can be used to ensure high availability and load balancing across individual systems through a variety of methodologies.

What process is used within a clustered system to ensure proper load balancing and to maintain the health of the overall system to provide high availability?

Which cloud deployment model is MOST likely to offer free or very cheap services to users?

Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle?

Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?

Which cloud storage type is typically used to house virtual machine images that are used throughout the environment?

In order to prevent cloud customers from potentially consuming enormous amounts of resources within a cloud environment and thus having a negative impact on other customers, what concept is commonly used by a cloud provider?

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user’s valid credentials?

Which cloud service category would be most ideal for a cloud customer that is developing software to test its applications among multiple hosting providers to determine the best option for its needs?

Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?

What is the minimum regularity for testing a BCDR plan to meet best practices?

Which of the following would be a reason to undertake a BCDR test?

During which phase of the cloud data lifecycle is it possible for the classification of data to change?

Which of the following is NOT a factor that is part of a firewall configuration?

How is an object stored within an object storage system?

Which of the following security measures done at the network layer in a traditional data center are also applicable to a cloud environment?

If you're using iSCSI in a cloud environment, what must come from an external protocol or application?

Which of the following roles involves the connection and integration of existing systems and services to a cloud environment?

Which of the following is NOT a criterion for data within the scope of eDiscovery?

Which of the following APIs are most commonly used within a cloud environment?

Which networking concept in a cloud environment allows for network segregation and isolation of IP spaces?

Which of the following are the storage types associated with IaaS?

Which of the following may unilaterally deem a cloud hosting model inappropriate for a system or application?

What is the only data format permitted with the SOAP API?

Which of the following roles is responsible for creating cloud components and the testing and validation of services?

Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?

Which of the following is considered an external redundancy for a data center?

Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?

Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority?

Which technology is NOT commonly used for security with data in transit?

GAAPs are created and maintained by which organization?

What does SDN stand for within a cloud environment?

Which of the following roles involves the provisioning and delivery of cloud services?

A localized incident or disaster can be addressed in a cost-effective manner by using which of the following?

Which kind of SSAE audit report is most beneficial for a cloud customer, even though it’s unlikely the cloud provider will share it?

Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.

Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?

Which of the following storage types is most closely associated with a database-type storage implementation?

What is the concept of isolating an application from the underlying operating system for testing purposes?

When beginning an audit, both the system owner and the auditors must agree on various aspects of the final audit report.

Which of the following would NOT be something that is predefined as part of the audit agreement?

Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their specific circumstances.

What does dynamic application security testing (DAST) NOT entail that SAST does?

Which data sanitation method is also commonly referred to as "zeroing"?

Data masking can be used to provide all of the following functionality, except:

What are SOC 1/SOC 2/SOC 3?

What is one of the reasons a baseline might be changed?

What is the cloud service model in which the customer is responsible for administration of the OS?

An audit scope statement defines the limits and outcomes from an audit.

Which of the following would NOT be included as part of an audit scope statement?

When using an IaaS solution, what is the capability provided to the customer?

The various models generally available for cloud BC/DR activities include all of the following except:

When data discovery is undertaken, three main approaches or strategies are commonly used to determine what the type of data, its format, and composition are for the purposes of classification.

Which of the following is NOT one of the three main approaches to data discovery?

Which of the following terms is not associated with cloud forensics?

Legal controls refer to which of the following?

Having a reservation in a cloud environment can ensure operations continue in the event of high utilization across the cloud.

Which of the following would NOT be a capability covered by reservations?

What changes are necessary to application code in order to implement DNSSEC?

What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?

The European Union passed the first major regulation declaring data privacy to be a human right. In what year did it go into effect?

Which if the following is NOT one of the three components of a federated identity system transaction?

Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?

What concept does the "R" represent with the DREAD model?

Which data point that auditors always desire is very difficult to provide within a cloud environment?

Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?

What concept does the "A" represent in the DREAD model?

Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?

Which security concept would business continuity and disaster recovery fall under?

Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?

Which audit type has been largely replaced by newer approaches since 2011?

Which of the following is NOT a function performed by the record protocol of TLS?