Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?
SOC Type 1 reports are considered "restricted use," in that they are intended only for limited audiences and purposes.
Which of the following is NOT a population that would be appropriate for a SOC Type 1 report?
What type of segregation and separation of resources is needed within a cloud environment for multitenancy purposes versus a traditional data center model?
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?
Which process serves to prove the identity and credentials of a user requesting access to an application or data?
Which of the following is NOT a factor that is part of a firewall configuration?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?
Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?
Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?
Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?
A DLP solution/implementation has three main components.
Which of the following is NOT one of the three main components?
During which phase of the cloud data lifecycle is it possible for the classification of data to change?
A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it's best to lease space in a data center or build your own data center--and now with cloud computing, whether to purchase resources within a cloud.
What is the biggest advantage to leasing space in a data center versus procuring cloud services?
With a cloud service category where the cloud customer is responsible for deploying all services, systems, and components needed for their applications, which of the following storage types are MOST likely to be available to them?
Where is a DLP solution generally installed when utilized for monitoring data in transit?
Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on.
Which of the following audits are considered "restricted use" versus being for a more broad audience?
Which data state would be most likely to use digital signatures as a security protection mechanism?
Many aspects and features of cloud computing can make eDiscovery compliance more difficult or costly.
Which aspect of cloud computing would be the MOST complicating factor?
If a cloud computing customer wishes to guarantee that a minimum level of resources will always be available, which of the following set of services would compromise the reservation?
Which of the following is NOT one of the main intended goals of a DLP solution?
Three central concepts define what type of data and information an organization is responsible for pertaining to eDiscovery.
Which of the following are the three components that comprise required disclosure?
Many of the traditional concepts of systems and services for a traditional data center also apply to the cloud. Both are built around key computing concepts.
Which of the following compromise the two facets of computing?
Which cloud storage type is typically used to house virtual machine images that are used throughout the environment?
What is the best source for information about securing a physical asset's BIOS?
Which of the following represents a control on the maximum amount of resources that a single customer, virtual machine, or application can consume within a cloud environment?
Which of the following threat types can occur when baselines are not appropriately applied or unauthorized changes are made?
What must be secured on physical hardware to prevent unauthorized access to systems?
What expectation of data custodians is made much more challenging by a cloud implementation, especially with PaaS or SaaS?
Which of the following service capabilities gives the cloud customer the most control over resources and configurations?
The SOC Type 2 reports are divided into five principles.
Which of the five principles must also be included when auditing any of the other four principles?
Which of the following may unilaterally deem a cloud hosting model inappropriate for a system or application?
Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?
From a legal perspective, what is the most important first step after an eDiscovery order has been received by the cloud provider?
Which aspect of cloud computing makes data classification even more vital than in a traditional data center?
Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle?
If a company needed to guarantee through contract and SLAs that a cloud provider would always have available sufficient resources to start their services and provide a certain level of provisioning, what would the contract need to refer to?
Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
Which United States law is focused on data related to health records and privacy?
Which of the following roles is responsible for obtaining new customers and securing contracts and agreements?
Which of the following security technologies is commonly used to give administrators access into trust zones within an environment?
Which of the following best describes the purpose and scope of ISO/IEC 27034-1?
You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition.
Which of the following cloud concepts would this pertain to?
Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?
Which of the following components are part of what a CCSP should review when looking at contracting with a cloud service provider?
Which of the following is NOT one of the components of multifactor authentication?
Which protocol operates at the network layer and provides for full point-to-point encryption of all communications and transmissions?
When an organization is considering a cloud environment for hosting BCDR solutions, which of the following would be the greatest concern?
Which of the following areas of responsibility always falls completely under the purview of the cloud provider, regardless of which cloud service category is used?
Which cloud service category most commonly uses client-side key management systems?
Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.
Which of the following is not a regulatory framework for more sensitive or specialized data?
Countermeasures for protecting cloud operations against internal threats include all of the following except:
Which type of audit report is considered a "restricted use" report for its intended audience?
What is an often overlooked concept that is essential to protecting the confidentiality of data?
BCDR strategies do not typically involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the amount of services that need to be recovered to meet BCDR objectives?
Which ITIL component focuses on ensuring that system resources, processes, and personnel are properly allocated to meet SLA requirements?