Topic 1: Exam Pool A
The physical layout of a cloud data center campus should include redundancies of all the
following except ____________.
Response:
A.
Generators
B.
HVAC units
C.
Generator fuel storage
D.
Points of personnel ingress
Points of personnel ingress
DAST checks software functionality in ____________.
Response:
A.
The production environment
B.
A runtime state
C.
The cloud
D.
An IaaS configuration
A runtime state
Which of the following top security threats involves attempting to send invalid
commands to an application in an attempt to get the application to execute the
code? Response:
A.
Cross-site scripting
B.
Injection
C.
Insecure direct object references
D.
Cross-site request forgery
Injection
Application virtualization can typically be used for ____________.
A.
Denying access to untrusted users
B.
Detecting and mitigating DDoS attacks
C.
Replacing encryption as a necessary control
D.
Running an application on an endpoint without installing it
Running an application on an endpoint without installing it
Which of the following is not typically included as a basic phase of the software
development life cycle?
A.
Define
B.
Design
C.
Describe
D.
Develop
Describe
When a data center is configured such that the backs of the devices face each other and
the ambient temperature in the work area is cool, it is called ___________.
Response:
A.
Hot aisle containment
B.
Cold aisle containment
C.
Thermo-optimized
D.
HVAC modulated
Hot aisle containment
What are the six components that make up the STRIDE threat model?
Response:
A.
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and
Elevation of Privilege
B.
Spoofing, Tampering, Non-Repudiation, Information Disclosure, Denial of Service, and
Elevation of Privilege
C.
Spoofing, Tampering, Repudiation, Information Disclosure, Distributed Denial of Service,
and Elevation of Privilege
D.
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Social
Engineering
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and
Elevation of Privilege
Because PaaS implementations are so often used for software development, what is one of
the vulnerabilities that should always be kept in mind?
Response:
A.
Malware
B.
Loss/theft of portable devices
C.
Backdoors
D.
DoS/DDoS
Backdoors
Which of the following is not an enforceable governmental request?
Response:
A.
Warrant
B.
Subpoena
C.
Court order
D.
Affidavit
Affidavit
Which security certification serves as a general framework that can be applied to
any type of system or application?
A.
ISO/IEC 27001
B.
PCI DSS
C.
FIPS 140-2
D.
NIST SP 800-53
ISO/IEC 27001
| Page 12 out of 52 Pages |
| Previous |
Copyright © - All Rights Reserved