All of the following are activities that should be performed when capturing and maintaining
an accurate, secure system baseline, except ____________.
Response:

A.

Audit the baseline to ensure that all configuration items have been included and applied
correctly

B.

Impose the baseline throughout the environment

C.

Capture an image of the baseline system for future reference/versioning/rollback
purposes

D.

Document all baseline configuration elements and versioning data

What is the risk to the organization posed by dashboards that display data discovery
results?
Response:

A.

Increased chance of external penetration

B.

Flawed management decisions based on massaged displays

C.

Higher likelihood of inadvertent disclosure

D.

Raised incidence of physical theft

Firewalls can detect attack traffic by using all these methods except ____________.
Response:

A.

Known past behavior in the environment

B.

Identity of the malicious user

C.

Point of origination

D.

Signature matching

According to OWASP recommendations, active software security testing should include all
of the following except ____________.
Response:

A.

Session initiation testing

B.

Input validation testing

C.

Testing for error handling

D.

Testing for weak cryptography

Which of the following is NOT one of the cloud computing activities, as outlined in ISO/IEC
17789?
Response:

A.

Cloud service provider

B.

Cloud service partner

C.

Cloud service administrator

D.

Cloud service customer

Which of the following is a method for apportioning resources that involves prioritizing
resource requests to resolve contention situations?
Response:

A.

Reservations

B.

Shares

C.

Cancellations

D.

Limits

Data transformation in a cloud environment should be of great concern to organizations
considering cloud migration because __________ could affect data classification
processes/implementations.
Response:

A.

Multitenancy

B.

Virtualization

C.

Remote access

D.

Physical distance

Which of the following would probably best aid an organization in deciding whether to
migrate from a legacy environment to a particular cloud provider?
Response:

A.

Rate sheets comparing a cloud provider to other cloud providers

B.

Cloud provider offers to provide engineering assistance during the migration

C.

The cost/benefit measure of closing the organization’s relocation site (hot site/warm site)
and using the cloud for disaster recovery instead

D.

SLA satisfaction surveys from other (current and past) cloud customers

Who should be involved in review and maintenance of user accounts/access?
Response:

A.

The user’s manager

B.

The security manager

C.

The accounting department

D.

The incident response team

Which security certification serves as a general framework that can be applied to any type
of system or application?
Response:

A.

ISO/IEC 27001

B.

PCI DSS

C.

FIPS 140-2

D.

NIST SP 800-53