"A cloud administrator recommends using tokenization as an alternative to protecting data without
encryption. The administrator needs to make an authorized application request to access the data.
Which step should occur immediately before this action is taken?
(A) The application collects a token.
(B) The application stores the token. (B) The application stores the token
(C) The tokenization server generates the token.
(D) The tokenization server returns the token to the application."
"A cloud customer is setting up communication paths with the cloud service provider that
will be used in the event of an incident.
Which action facilitates this type of communication?
(A) Using existing open standards
(B) Incorporating checks on API calls
Using existing open standards
(C) Identifying key risk indicators (KRIs)
(D) Performing a vulnerability assessment"
"A company has recently defined classification levels for its data. During
which phase of the cloud data life cycle should this definition occur?
(A) Use
(B) Share Create
(C) Create
(D) Archive"
"A CSP operating in Australia experiences a security breach that results in disclosure of
personal information that is likely to result in serious harm. Who is the CSP legally required
to notify?
(A) Cloud Security Alliance
(B) Information commissioner
Information commissioner
(C) Australian privacy foundation
(D) Asian-Paci?c privacy control board"
"A CSP provides services in European Union (EU) countries that are subject to the network information
security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the
essential services being provided.
Competent authorities
Who is the CSP required to notify under the NIS directive?
(A) Competent authorities
(B) Data protection regulator
(C) Provider's services suppliers
(D) Personal Information Protection Commission"
"An architect needs to constrain problems to a level that can be controlled when the
problem exceeds the capabilities of disaster recovery (DR) controls.
Which aspect of the plan will provide this guarantee?
(A) Ensuring data backups
(B) Managing plane controls
Handling provider outages
(C) Handling provider outages
(D) Evaluating portability alternatives"
"How do immutable workloads effect security overhead?
(A) They reduce the management of the hosts.
(B) They create patches for a running workload.
They reduce the management of the
(C) They restrict the amount of instances in a cluster.
(D) They automatically perform vulnerability scanning as they launch."
hosts
"How is the compliance of the cloud service provider's legal and regulatory requirements
verified when securing personally identifiable information (PII) data in the cloud?
Third-party audits and attestations
(A) E-discovery process
(B) Contractual agreements
(C) Researching data retention laws
(D) Third-party audits and attestations"
"In which situation could cloud clients find it impossible to recover or access
their own data if their cloud provider goes bankrupt?
(A) Multicloud
(B) Multitenant Vendor lock-out
(C) Vendor lock-in
(D) Vendor lock-out"
"There is a threat to a banking cloud platform service. The developer needs to provide
inclusion in a relational database that is seamless and readily searchable by search engine
algorithms. Which platform as a service (PaaS) data type should be used?
(A) Structured
(B) Unstructured
Structured
(C) Long-term storage
(D) Short-term storage"
, "The security administrator for a global cloud services provider (CSP) is required to globally standardize
International organization for
the approaches for using forensics methodologies in the organization.
Which standard should be applied?
(A) Sarbanes-Oxley act (SOX)
(B) Cloud controls matrix (CCM)
(C) International electrotechnical commission (IEC) 27037
(D) International organization for standardization (ISO) 27050-1"
standardization (ISO) 27050-1
"What is a component of device hardening?
(A) Patching
(B) Unit testing Patching
(C) Versioning
(D) Configuring VPN access"
"What is a key capability of infrastructure as a service (IaaS)?
(A) Multiple hosting environments
(B) Hosted application management
Converged network and IT capacity
(C) Converged network and IT capacity pool pool
(D) Leased application and software licensing"
"What is a key capability of security information and event management?
(A) Secure remote access
(B) Intrusion prevention capabilities
(C) Automatic remediation of issues
Centralized collection of log data
(D) Centralized collection of log data"
"What is a key component of the infrastructure as a service (IaaS) cloud
service model?
(A) High reliability and resilience
(B) Allows choice and reduces lock-in High reliability and resilience
(C) Ease of use and limited administration
(D) Supports multiple languages and frameworks"
"What is a key method associated with a risk-based approach to business
continuity planning?
(A) Using existing network technology Considering the degree of continuity
(B) Leveraging software-defined networking
(C) Applying internal authentication and credential passing required for assets
(D) Considering the degree of continuity required for assets"
"What part of the logical infrastructure design is used to configure cloud resources, such
as launching virtual machines or configuring virtual networks?
Management plane
(A) Management plane
(B) Database management
(C) Identity access management
(D) Management orchestration software"
"Where should the location be for the final data backup repository in the event that the
disaster recovery plan is enacted for the CSP of disaster recovery (DR) service?
Cloud platform
(A) Tape drive
(B) Local storage
(C) Cloud platform
(D) Company headquarters"
"Which action enhances cloud security application deployment through standards such as
ISO/IEC 27034 for the development, acquisition, and configuration of software systems?
(A) Applying the steps of a cloud software development lifecycle Applying the steps of a cloud
software development lifecycle
(B) Providing developer access to supporting components and services
(C) Outsourcing the infrastructure and integration platform management
(D) Verifying the application has an appropriate level of confidentiality and integrity"
"Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event?
(A) Notifying the affected persons Reporting to the supervisory
authority
(B) Reporting to the supervisory authority
(C) Suspending the processing operations
(D) Informing consumer credit reporting services"
encryption. The administrator needs to make an authorized application request to access the data.
Which step should occur immediately before this action is taken?
(A) The application collects a token.
(B) The application stores the token. (B) The application stores the token
(C) The tokenization server generates the token.
(D) The tokenization server returns the token to the application."
"A cloud customer is setting up communication paths with the cloud service provider that
will be used in the event of an incident.
Which action facilitates this type of communication?
(A) Using existing open standards
(B) Incorporating checks on API calls
Using existing open standards
(C) Identifying key risk indicators (KRIs)
(D) Performing a vulnerability assessment"
"A company has recently defined classification levels for its data. During
which phase of the cloud data life cycle should this definition occur?
(A) Use
(B) Share Create
(C) Create
(D) Archive"
"A CSP operating in Australia experiences a security breach that results in disclosure of
personal information that is likely to result in serious harm. Who is the CSP legally required
to notify?
(A) Cloud Security Alliance
(B) Information commissioner
Information commissioner
(C) Australian privacy foundation
(D) Asian-Paci?c privacy control board"
"A CSP provides services in European Union (EU) countries that are subject to the network information
security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the
essential services being provided.
Competent authorities
Who is the CSP required to notify under the NIS directive?
(A) Competent authorities
(B) Data protection regulator
(C) Provider's services suppliers
(D) Personal Information Protection Commission"
"An architect needs to constrain problems to a level that can be controlled when the
problem exceeds the capabilities of disaster recovery (DR) controls.
Which aspect of the plan will provide this guarantee?
(A) Ensuring data backups
(B) Managing plane controls
Handling provider outages
(C) Handling provider outages
(D) Evaluating portability alternatives"
"How do immutable workloads effect security overhead?
(A) They reduce the management of the hosts.
(B) They create patches for a running workload.
They reduce the management of the
(C) They restrict the amount of instances in a cluster.
(D) They automatically perform vulnerability scanning as they launch."
hosts
"How is the compliance of the cloud service provider's legal and regulatory requirements
verified when securing personally identifiable information (PII) data in the cloud?
Third-party audits and attestations
(A) E-discovery process
(B) Contractual agreements
(C) Researching data retention laws
(D) Third-party audits and attestations"
"In which situation could cloud clients find it impossible to recover or access
their own data if their cloud provider goes bankrupt?
(A) Multicloud
(B) Multitenant Vendor lock-out
(C) Vendor lock-in
(D) Vendor lock-out"
"There is a threat to a banking cloud platform service. The developer needs to provide
inclusion in a relational database that is seamless and readily searchable by search engine
algorithms. Which platform as a service (PaaS) data type should be used?
(A) Structured
(B) Unstructured
Structured
(C) Long-term storage
(D) Short-term storage"
, "The security administrator for a global cloud services provider (CSP) is required to globally standardize
International organization for
the approaches for using forensics methodologies in the organization.
Which standard should be applied?
(A) Sarbanes-Oxley act (SOX)
(B) Cloud controls matrix (CCM)
(C) International electrotechnical commission (IEC) 27037
(D) International organization for standardization (ISO) 27050-1"
standardization (ISO) 27050-1
"What is a component of device hardening?
(A) Patching
(B) Unit testing Patching
(C) Versioning
(D) Configuring VPN access"
"What is a key capability of infrastructure as a service (IaaS)?
(A) Multiple hosting environments
(B) Hosted application management
Converged network and IT capacity
(C) Converged network and IT capacity pool pool
(D) Leased application and software licensing"
"What is a key capability of security information and event management?
(A) Secure remote access
(B) Intrusion prevention capabilities
(C) Automatic remediation of issues
Centralized collection of log data
(D) Centralized collection of log data"
"What is a key component of the infrastructure as a service (IaaS) cloud
service model?
(A) High reliability and resilience
(B) Allows choice and reduces lock-in High reliability and resilience
(C) Ease of use and limited administration
(D) Supports multiple languages and frameworks"
"What is a key method associated with a risk-based approach to business
continuity planning?
(A) Using existing network technology Considering the degree of continuity
(B) Leveraging software-defined networking
(C) Applying internal authentication and credential passing required for assets
(D) Considering the degree of continuity required for assets"
"What part of the logical infrastructure design is used to configure cloud resources, such
as launching virtual machines or configuring virtual networks?
Management plane
(A) Management plane
(B) Database management
(C) Identity access management
(D) Management orchestration software"
"Where should the location be for the final data backup repository in the event that the
disaster recovery plan is enacted for the CSP of disaster recovery (DR) service?
Cloud platform
(A) Tape drive
(B) Local storage
(C) Cloud platform
(D) Company headquarters"
"Which action enhances cloud security application deployment through standards such as
ISO/IEC 27034 for the development, acquisition, and configuration of software systems?
(A) Applying the steps of a cloud software development lifecycle Applying the steps of a cloud
software development lifecycle
(B) Providing developer access to supporting components and services
(C) Outsourcing the infrastructure and integration platform management
(D) Verifying the application has an appropriate level of confidentiality and integrity"
"Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event?
(A) Notifying the affected persons Reporting to the supervisory
authority
(B) Reporting to the supervisory authority
(C) Suspending the processing operations
(D) Informing consumer credit reporting services"
