Which technique is used to count source and destination internet protocol (IP) addresses in incoming log flow across all log sources?

Which cloud infrastructure component employs a hierarchical and distributed database that contains mappings?

When should a cloud service provider delete customer data?

Which description accurately characterizes the movement of applications to the cloud?

Which option should a cloud architect recommend to an organization looking to simplify development and management of applications?

Which type of data sanitization should be used to destroy data on a USB thumb drive while keeping the drive intact?

Which approach helps prepare for common application vulnerabilities that developers are likely to encounter when working with cloud applications?

Which open-source software (OSS) cloud computing platform provides a full set of features and components for a cloud environment?

Which guide remedies the challenge of the international nature of cloud forensics and is known for becoming the premier standard for eDiscovery?

Which technology prevents the environment from being over-controlled with performance-degrading security measures for applications?

An organization wants to track how often a file is accessed and by which users. Which information rights management (IRM) solution should the organization implement?

Which cloud platform detection and analysis methodology can be performed to determine whether other similar instances were potentially exposed during the same attack?

Under which jurisdiction do General Data Protection Regulation (GDPR) guidelines apply?

Which data source provides auditability and traceability for event investigation as well as documentation?

An organization experienced an unplanned event. As a result, the customers using the web application face a loss of service. What does the incident generated in this situation seek to resolve?

Which country lacks a national law assuring individual personal privacy?

Which security information and event management concept focuses on account and service hijacking issues?

Which cloud storage architecture enhances the opportunity for data policy enforcement such as data loss prevention (DLP)?

Which cloud computing characteristic allows consumers to expand or contract required resources automatically?

Which cloud storage architecture allows the digital rights management (DRM) solutions to associate metadata with the materials in storage?

An organization is concerned that it will be unable to recover or access data if the cloud provider goes into bankruptcy and leaves the market. How is this concern addressed in a business continuity and disaster recovery plan?

Which security measure controls virtualization in the cloud?

Which requirement for cross-border data transfer is part of the General Data Protection Regulation (GDPR)?

Which security strategy is associated with data rights management solutions?

Why must the software agent management plane of the workload security control support auto-scaling and elasticity?

Which steps should an organization take to avoid risk when dealing with software licensing?

An organization is implementing a new hybrid cloud deployment. Before granting access to any of the resources, the security team wants to ensure that all employees are checked against a database to see if they are allowed to access the requested resource. Which type of security control is the organization leveraging for its employees?

Which key cloud computing technology meters what is provided and ensures consumers only use what is allotted?

How does a cloud-based distributed denial-of-service (DDoS) protection strategy help in the event of an attack?

Which action should be taken to preserve forensic evidence for collection?

A customer requests that a cloud provider physically destroys any drives storing their personal data. What must the provider do with the drives?

Which strategy will reduce the impact of risk in the business continuity and disaster recovery planning process?

Which type of disaster recovery plan (DRP) test requires the whole organization to participate in a scheduled disaster scenario without performing all of the actual tasks?

Which characteristic could affect the audit process for a customer of a cloud service provider?

An organization is evaluating which cloud computing service model it should implement. It is considering either platform as a service (PaaS) or software as a service (SaaS). Which risk associated with SaaS can the organization avoid by choosing PaaS?

Which design component contains both a remotely accessible application programming interface (API) and a web graphical user interface?

Which group should be notified for approval when a planned modification to an environment is scheduled?

An organization is reviewing a contract from a cloud service provider and wants to ensure that all aspects of the contract are adhered to by the cloud service provider. Which control will allow the organization to verify that the cloud provider is meeting its obligations?

Which risk may be faced by users when using software resources in the platform as a service (PaaS) cloud model?

Which security device allows customers to redirect traffic?

A cloud provider that processes third-party credit card payments is unable to encrypt its customers' cardholder data because of constraints on a legacy payment processing system. What should it implement to maintain Payment Card Industry Data Security Standard (PCI DSS) compliance?

What is a risk in using the community cloud over the private cloud?

Which regulation provides a guide for implementing the risk management framework?

After selecting a new vendor, what should an organization do next as part of the vendor onboarding process?

In which service model would the cloud service provider bear the greatest responsibility for security?

Which design principle of secure cloud computing ensures that users have access to a large number of resources that grow based on user demand?

Which privacy issue does the Clarifying Lawful Overseas Use of Data (CLOUD) Act address?

Which risk mitigation technique will compensate a cloud service customer for failures on the part of the cloud service provider?

Which security issue can be found only through dynamic application security testing (DAST)?

Which cloud infrastructure risk is the responsibility of the cloud provider?

Which entity provides common directory services?

Which security concept requires continuous identity and authorization checks to allow access to data?

Which type of service allows an organization to maximize control of its information?

An organization wants to secure the boundary between a lower-security zone and a higher-security zone. Which security measure should it use?

An organization is implementing a new hybrid cloud deployment and wants all employees to provide a username, password, and security token before accessing any of the cloud resources. Which type of security control is the organization leveraging for its employees?

Which factor is a primary consideration when analyzing the legal and privacy implications of using cloud technologies?

An organization that primarily uses a remote work model is reviewing the documentation of various insurance providers to become eligible for cybersecurity insurance. Competitive insurance providers require the organization to implement security controls to ensure only authorized personnel can access the network, data, emails, and other administrative information. Which commonly required control should the organization implement before applying for cybersecurity insurance from these competitive insurance providers?

Which item must be examined in detail when evaluating the risks associated with a new software as a service (SaaS) solution?

An organization’s security architects determined that all authentication and authorization requests need to be validated before any employee can access corporate resources. Because of this, the organization needs to implement a system that stores and manages the employees' credential information and then validates any requests sent. Which system would allow the organization to meet the architects' requirements?

An organization needs to provide space where security administrators can centrally monitor network traffic and events and respond to threats or outages. What should the organization create?

A network administrator is concerned about the loss of physical control when moving data to the cloud. Which countermeasure should be implemented to avoid this threat?