What does the "SOC" acronym refer to with audit reports? A. Service Origin Confidentiality B. System Organization Confidentiality C. Service Organizational Control D. System Organization Control
Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments? A. Platform B. Infrastructure C. Software D. Desktop
Correct Answer: C
Explanation:
Explanation: The software service capability gives the cloud customer a fully established application, where only minimal user configuration options are allowed.
Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud? A. Reservations B. Measured service C. Limits D. Shares
Correct Answer: A
Explanation:
Explanation: Reservations ensure that a minimum level of resources will always be available to a cloud customer for them to start and operate their services. In the event of a DoS attack against one customer, they can guarantee that the other customers will still be able to operate.
Which of the following features is a main benefit of PaaS over IaaS? A. Location independence B. High-availability C. Physical security requirements D. Auto-scaling
Correct Answer: D
Explanation:
Explanation: With PaaS providing a fully configured and managed framework, auto-scaling can be implemented to programmatically adjust resources based on the current demands of the environment.
Which approach is typically the most efficient method to use for data discovery? A. Metadata B. Content analysis C. Labels D. ACLs
Correct Answer: A
Explanation:
Explanation: Metadata is data about data. It contains information about the type of data, how it is stored and organized, or information about its creation and use.
At which stage of the BCDR plan creation phase should security be included in discussions? A. Define scope B. Analyze C. Assess risk D. Gather requirements
Correct Answer: A
Explanation:
Explanation: Security should be included in discussions from the very first phase when defining the scope. Adding security later is likely to incur additional costs in time and money, or will result in an incomplete or inadequate plan.
What concept does the "I" represent with the STRIDE threat model? A. Integrity B. Information disclosure C. IT security D. Insider threat
Correct Answer: B
Explanation:
Explanation: Perhaps the biggest concern for any user is having their personal and sensitive information disclosed by an application. There are many aspects of an application to consider with security and protecting this information, and it is very difficult for any application to fully ensure security from start to finish. The obvious focus is on security within the application itself, as well as protecting and storing the data.
Which of the following service capabilities gives the cloud customer the most control over resources and configurations? A. Desktop B. Platform C. Infrastructure D. Software
Correct Answer: C
Explanation:
Explanation: The infrastructure service capability gives the cloud customer substantial control in provisioning and configuring resources, including processing, storage, and network resources.
Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met? A. Regulatory requirements B. SLAs C. Auditability D. Governance
Correct Answer: B
Explanation:
Explanation: Whereas a contract spells out general terms and costs for services, the SLA is where the real meat of the business relationship and concrete requirements come into play. The SLA spells out in clear terms the minimum requirements for uptime, availability, processes, customer service and support, security controls and requirements, auditing and reporting, and potentially many other areas that define the business relationship and the success of it.
Please disable your adblocker or whitelist this site!