C838 - Exam 8 Questions with 100%
Correct Answers.
117 Which characteristic could affect the audit process for a customer of a cloud
service provider?
a. Lack of physical access to the cloud infrastructure
b. Utilization constraints on the bandwidth imposed by the cloud service
vendor c. Restrictions on the data storage options offered by the cloud service
provider d. Limits for up-time of the hosted system
b. Utilization constraints on the bandwidth imposed by the cloud service vendor
116 What must be provided by a European Union (EU) citizen, according to the
general data protection regulation (GDPR), before a firm may process the personal
data of that individual?
a. Statement about need for the data to be processed
b. Specific consent for the processing of the data
c. Attestation on the legal purpose for processing the data
d. Verification of the accuracy of the data
b. Specific consent for the processing of the data
115 Which country lacks a national law assuring individual personal privacy?
a. New Zealand
b. Israel
c United States
d. Canada
c United States
The United States does not have a national law that specifically guarantees individuals the right to
privacy. However, there are a number of federal laws that offer some privacy protection. For
,example, the Privacy Act of 1974 establishes restrictions on how the federal government
can collect, use, and disclose personal information.
114 Which requirement for cross-border data transfer is part of the general
data protection regulation (GDPR)?
a. Formal consent of the data owner
b. Acknowledgement of liability for protection by the entity receiving the data
transfer c. Acceptance of liability for protection by the transferring entity d.
Demonstration of adequate level of protection similar to GDPR
.d. Demonstration of adequate level of protection similar to GDPR
113 Which general body of law covers data breach violations in a cloud environment at
a federal agency?
a. Administrative
b. Tort
c. Criminal
d. Civil
c. Criminal
112 Which guide remedies the challenge of the international nature of cloud forensics
and is known for becoming the premier standard for eDiscovery?
a. ISO/IEC 27050-1:2016
b. ISO/IEC 27037-2012
c ISO/ IEC 27041:2015
d. ISO/IEC 27042 2015
a. ISO/IEC 27050-1:2016
111 Which model does the cloud security alliance (CSA) use as its standard for defining
cloud computing?
a. SAS 70
b. SOX
,c. SOC 3
d. NIST
d. NIST
110 Who should be part of formal tasking when conducting testing for business continuity
management?
a. Moderators
b. Governing bodies
c. Organizational personnel
d. External consultants
c. Organizational personnel
109 An organization is concerned that it will be unable to recover or access data if
the cloud provider goes into bankruptcy and leaves the market.
How is this concern addressed in a business continuity and disaster recovery
plan? a. Use best tools to securely connect to the cloud
b. Consider options for portability and interoperability
c. Enable multiple zones to mitigate service disruptions
d. Revise contractual and personnel obligations
b. Consider options for portability and interoperability
108 Which Strategy will reduce the impact of risk in the Business Countunity and
disaster recovery planning process?
a. Insurance
b. Acceptance
c. mitigation
d. avoidance
d. avoidance
107. Which strategy provides the highest overall cost savings for an organization
implementing a business continuity and disaster recovery (BCDR) plan?
a. Migrate local backups to tape.
, b. Move all services to the cloud.
c. Implement cross-site replication.
d. Deploy a hot cloud site.
c. Implement cross-site replication.
106 Which type of disaster recovery plan (DRP) test requires the whole organization
to participate in a scheduled disaster scenario without performing all of the actual
tasks? a. Dry run
b. Tabletop
c. Parallel
d. Full
a. Dry run
105 Which factor should be the basis of a business continuity plan?
a. Locations
b. Risks
c. Customers
d. Costs
b. Risks
104 An organization wants to conduct some of the disaster recovery plan testing with the
least possible impact on production. Which method should be used? a. Full test
b. Unit testing
c. Tabletop testing
d. Dry run test
c. Tabletop testing
103 A warning system identifies an impending disaster. When should failover occur to
ensure continuity of operations?
a. Prior to the crisis event
b. During the resumption of normal activities
Correct Answers.
117 Which characteristic could affect the audit process for a customer of a cloud
service provider?
a. Lack of physical access to the cloud infrastructure
b. Utilization constraints on the bandwidth imposed by the cloud service
vendor c. Restrictions on the data storage options offered by the cloud service
provider d. Limits for up-time of the hosted system
b. Utilization constraints on the bandwidth imposed by the cloud service vendor
116 What must be provided by a European Union (EU) citizen, according to the
general data protection regulation (GDPR), before a firm may process the personal
data of that individual?
a. Statement about need for the data to be processed
b. Specific consent for the processing of the data
c. Attestation on the legal purpose for processing the data
d. Verification of the accuracy of the data
b. Specific consent for the processing of the data
115 Which country lacks a national law assuring individual personal privacy?
a. New Zealand
b. Israel
c United States
d. Canada
c United States
The United States does not have a national law that specifically guarantees individuals the right to
privacy. However, there are a number of federal laws that offer some privacy protection. For
,example, the Privacy Act of 1974 establishes restrictions on how the federal government
can collect, use, and disclose personal information.
114 Which requirement for cross-border data transfer is part of the general
data protection regulation (GDPR)?
a. Formal consent of the data owner
b. Acknowledgement of liability for protection by the entity receiving the data
transfer c. Acceptance of liability for protection by the transferring entity d.
Demonstration of adequate level of protection similar to GDPR
.d. Demonstration of adequate level of protection similar to GDPR
113 Which general body of law covers data breach violations in a cloud environment at
a federal agency?
a. Administrative
b. Tort
c. Criminal
d. Civil
c. Criminal
112 Which guide remedies the challenge of the international nature of cloud forensics
and is known for becoming the premier standard for eDiscovery?
a. ISO/IEC 27050-1:2016
b. ISO/IEC 27037-2012
c ISO/ IEC 27041:2015
d. ISO/IEC 27042 2015
a. ISO/IEC 27050-1:2016
111 Which model does the cloud security alliance (CSA) use as its standard for defining
cloud computing?
a. SAS 70
b. SOX
,c. SOC 3
d. NIST
d. NIST
110 Who should be part of formal tasking when conducting testing for business continuity
management?
a. Moderators
b. Governing bodies
c. Organizational personnel
d. External consultants
c. Organizational personnel
109 An organization is concerned that it will be unable to recover or access data if
the cloud provider goes into bankruptcy and leaves the market.
How is this concern addressed in a business continuity and disaster recovery
plan? a. Use best tools to securely connect to the cloud
b. Consider options for portability and interoperability
c. Enable multiple zones to mitigate service disruptions
d. Revise contractual and personnel obligations
b. Consider options for portability and interoperability
108 Which Strategy will reduce the impact of risk in the Business Countunity and
disaster recovery planning process?
a. Insurance
b. Acceptance
c. mitigation
d. avoidance
d. avoidance
107. Which strategy provides the highest overall cost savings for an organization
implementing a business continuity and disaster recovery (BCDR) plan?
a. Migrate local backups to tape.
, b. Move all services to the cloud.
c. Implement cross-site replication.
d. Deploy a hot cloud site.
c. Implement cross-site replication.
106 Which type of disaster recovery plan (DRP) test requires the whole organization
to participate in a scheduled disaster scenario without performing all of the actual
tasks? a. Dry run
b. Tabletop
c. Parallel
d. Full
a. Dry run
105 Which factor should be the basis of a business continuity plan?
a. Locations
b. Risks
c. Customers
d. Costs
b. Risks
104 An organization wants to conduct some of the disaster recovery plan testing with the
least possible impact on production. Which method should be used? a. Full test
b. Unit testing
c. Tabletop testing
d. Dry run test
c. Tabletop testing
103 A warning system identifies an impending disaster. When should failover occur to
ensure continuity of operations?
a. Prior to the crisis event
b. During the resumption of normal activities
