Which of the following system deployments requires the cloud provider to assume the widest range of responsibilities for data protection?

A. Database as a Service (DbaaS)
B. Software as a Service (SaaS)
C. Platform as a Service (PaaS)
D. Infrastructure as a Service (IaaS)

Which of the following would BEST deter the theft of corporate information from a laptop?

A. Install biometric access controls.
B. Encrypt all data on the hard drive.
C. Protect files with passwords.
D. Encrypt the file allocation table (FAT).

Which combination of access controls provides the BEST physical protection for a server room?

A. PIN and smart card
B. User ID and PIN
C. Card with a magnetic strip and a smart card
D. Card with a magnetic strip and a shared PIN

A digital signature addresses which of the following concerns?

A. Message copying
B. Message theft
C. Unauthorized reading
D. Message alteration

Which of the following roles is ULTIMATELY accountable for the protection of an organization's information?

A. The board of directors
B. The chief information security officer (CISO)
C. The data owner
D. The chief information officer (CIO)

Which of the following features of a library control software package would protect against unauthorized updating of source code?

A. Access controls for source libraries
B. Required approvals at each life cycle step
C. Date and time stamping of source and object code
D. Release-to-release comparison of source code

Which of the following is a PRIMARY purpose of a privacy notice?

A. To obtain permission from users for the organization to use personal information as it sees fit
B. To indemnify the organization against litigation by users for the appropriation of personal information
C. To establish the organization's accountability for the use and protection of personal information
D. To ensure that the organization's privacy controls comply with the privacy laws of the user's region

What is the PRIMARY objective of implementing data classification?

A. Employ data leakage prevention tools.
B. Establish appropriate data protection methods.
C. Create awareness among users.
D. Establish appropriate encryption methods.

Which of the following would protect the confidentiality of information sent in email messages?

A. Encryption
B. Digital certificates
C. Digital signatures
D. Secure Hash Algorithm 1 (SHA-1)

Which of the following is the MOST important reason to classify a disaster recovery plan (DRP) as confidential?

A. Reduce the risk of data leakage that could lead to an attack.
B. Comply with business continuity best practice.
C. Ensure compliance with the data classification policy.
D. Protect the plan from unauthorized alteration.