Which strategy involves using a fake production system to lure attackers in order to
learn about their tactics?
Response:

A.

A. IDS

B.

B. Honeypot

C.

 IPS

D.

Firewall

What is the federal agency that accepts applications for new patents?

A.

USDA

B.

USPTO

C.

OSHA

D.

SEC

Which of the following is a method for apportioning resources that involves setting
guaranteed minimums for all tenants/customers within the environment?
Response:

A.

Reservations

B.

Shares

C.

Cancellations

D.

Limits

Which of the following contract terms most incentivizes the cloud provider to meet the
requirements listed in the SLA?
Response:

A.

Regulatory oversight

B.

Financial penalties

C.

Performance details

D.

Desire to maintain customer satisfaction

You are the security director for a chain of automotive repair centers across several states.
Your company uses a cloud SaaS provider, for business functions that cross several of the
locations of your facilities, such as: 1) ordering parts 2) logistics and inventory 3) billing,
and 4) marketing.
The manager at one of your newest locations reports that there is a competing car repair
company that has a logo that looks almost exactly like the one your company uses. What
will most likely affect the determination of who has ownership of the logo?
Response:

A.

Whoever first used the logo

B.

The jurisdiction where both businesses are using the logo simultaneously

C.

Whoever first applied for legal protection of the logo

D.

Whichever entity has the most customers that recognize the logo

Your organization is considering a move to a cloud environment and is looking for
certifications or audit reports from cloud providers to ensure adequate security controls and
processes.
Which of the following is NOT a security certification or audit report that would be
pertinent?
Response:

A.

FedRAMP

B.

PCI DSS

C.

FIPS 140-2

D.

SOC Type 2

You are a consultant performing an external security review on a large manufacturing firm.
You determine that its newest assembly plant, which cost $24 million, could be completely
destroyed by a fire but that a fire suppression system could effectively protect the plant.
The fire suppression system costs $15 million. An insurance policy that would cover the full
replacement cost of the plant costs $1 million per month.
In order to establish the true annualized loss expectancy (ALE), you would need all of the
following information except ____________.
Response:

A.

The amount of revenue generated by the plant

B.

The rate at which the plant generates revenue

C.

The length of time it would take to rebuild the plant

D.

The amount of product the plant creates

Designers making applications for the cloud have to take into consideration risks and
operational constraints that did not exist or were not as pronounced in the legacy
environment.
Which of the following is an element cloud app designers may have to consider
incorporating in software for the cloud that might not have been as important in the legacy
environment?
Response:

A.

IAM capability

B.

DDoS resistance

C.

Encryption for data at rest and in motion

D.

Field validation

The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months. The 2013 OWASP
Top Ten list includes “using components with known vulnerabilities.”
Why would an organization ever use components with known vulnerabilities to create
software?
Response:

A.

The organization is insured.

B.

The particular vulnerabilities only exist in a context not being used by developers.

C.

Some vulnerabilities only exist in foreign countries.

D.

A component might have a hidden vulnerability.

Which type of threat is often used in conjunction with phishing attempts and is often viewed
as greatly increasing the likeliness of success?
Response:

A.

Unvalidated redirects and forwards

B.

Cross-site request forgery

C.

Cross-site scripting

D.

Insecure direct object references