OA COMPETENCY REVIEW 2026 MOCK TEST
COMPLETE KEY INSIGHTS
◉ No; under current laws, liability and risk for safeguarding PII and
meeting regulations reside with the organization, even if they have
contracted with a cloud provider.
Answer: Can an organization transfer risk and liability for
safeguarding PII to a cloud provider?
◉ - Elasticity
- Scalability.
Answer: - The ability to acquire resources as you need them and
release resources when you no longer need them
- This is similar, but usually relates more to environments with more
predictable workloads. Usually done in advance to give resources
room to grow. For example, purchasing additional room to allow a
database to grow larger in the coming months due to projected
business growth.
◉ - SaaS
- PaaS; it is everything included in IaaS which the addition of
operating systems
,- IaaS
- Physical access to the devices on which their data resides.
Answer: - This cloud service model includes applications, CRM,
hosted HR, and email
- This model includes operating systems and is popular with DevOps
for creating and testing software
- This model includes hardware, blades, connectivity, and utilities; it
is similar to a "warm site"
- What does a customer give up in all three of these models?
◉ - The customer. The vendor provides all hardware, but not logical
resources such as software
- The vendor.
Answer: - Who is responsible for all logical resources, such as
software, in an IaaS service model?
- Who is responsible for administering, patching, and updating the
OS in a PaaS service model?
◉ - Public
- Private
- Community.
Answer: - This type of cloud deployment model is owned by a
specific company and offered to anyone who contracts it services.
,- This type of cloud is owned by a specific organization but is only
available to users authorized by that organization; it is similar to a
legacy IT structure or what used to be considered an itranet
- This type of cloud features infrastructure and processing owned or
controlled by distinct individuals and organizations, but they come
together in some fashion to perform joint tasks; an example is the
Playstation gaming network
◉ CASB (Cloud Access Security Broker).
Answer: A software tool or service that enforces cloud-based
security requirements such as IAM (Identity and Access
Management). It is placed between the organization's resources and
the cloud, monitors all network traffic, and can enforce security
policies.
◉ 1. NIST 800-53
2. NIST 800-61
3. NIST 800-37
4. ISO 31000:2009
5. ISO/IEC 28007:2007.
Answer: 1. A guidance document with the primary goal of ensuring
that appropriate security requirements and controls are applied to
all U.S. federal government information in information management
systems.
, 2. A guidance document which outlines a framework for incident
response plans
3. A guidance document for implementing RMF (Risk Management
Framework)
4. This is an international standard that focuses on designing,
implementing, and reviewing risk management processes &
practices
5. This standard refers to addressing risks in a supply chain
◉ FIPS 140-2.
Answer: Primary goal of this is to accredit and distinguish secure
and well-architected cryptographic modules produced by private
sector vendors who seek to have their solutions and services
certified for use in regulated industries that collect, store, transfer,
or share data that is deemed to be "sensitive" but not classified.
◉ TCI (Trusted Cloud Initiative) Reference Architecture.
Answer: A methodology and a set of tools that enables security
professionals to leverage a common set of solutions that fulfill their
common needs to be able to assess where their internal IT and their
cloud providers are in terms of security capabilities and to plan a
roadmap to meet the security needs of their business.
◉ - Vendor Lock-in
- Vendor Lock-out.