Topic 2, Exam Pool B
Which of the following would NOT be included as input into the requirements gathering for
an application or system?
Response:
A.
Users
B.
Management
C.
Regulators
D.
Auditors
Auditors
Which type of software is most likely to be reviewed by the most personnel, with the most
varied perspectives?
Response:
A.
Database management software
B.
Open source software
C.
Secure software
D.
Proprietary software
Open source software
Which of the following BCDR testing methodologies is least intrusive?
Response:
A.
Walk-through
B.
Simulation
C.
Tabletop
D.
Full test
Tabletop
Your organization has made it a top priority that any cloud environment being considered to
host production systems have guarantees that resources will always be available for
allocation when needed.
Which of the following concepts will you need to ensure is part of the contract and SLA?
Response:
A.
Limits
B.
Shares
C.
Resource pooling
D.
Reservations
Reservations
Which of these characteristics of a virtualized network adds risks to the cloud environment?
Response:
A.
Redundancy
B.
Scalability
C.
Pay-per-use
D.
Self-service
Redundancy
Which of the following characteristics is associated with digital rights management (DRM)
solutions (sometimes referred to as information rights management, or IRM)?
Response:
A.
Mapping to existing access control lists (ACLs)
B.
Delineating biometric catalogs
C.
Preventing multifactor authentication
D.
Prohibiting unauthorized transposition
Mapping to existing access control lists (ACLs)
All of the following might be used as data discovery characteristics in a content-analysisbased
data discovery effort except ____________.
Response:
A.
Keywords
B.
Pattern-matching
C.
Frequency
D.
Inheritance
Inheritance
Which of the following is a possible negative aspect of bit-splitting?
Response:
A.
It may require trust in additional third parties beyond the primary cloud service provider.
B.
There may be cause for management concern that the technology will violate internal
policy.
C.
Users will have far greater difficulty understanding the implementation.
D.
Limited vendors make acquisition and support challenging.
It may require trust in additional third parties beyond the primary cloud service provider.
Which kind of SSAE audit report is a cloud customer most likely to receive from a cloud
provider?
Response:
A.
SOC 1 Type 1
B.
SOC 2 Type 2
C.
SOC 1 Type 2
D.
SOC 3
SOC 3
Which of the following is the best example of a key component of regulated PII?
Response:
A.
Items that should be implemented
B.
Mandatory breach reporting
C.
Audit rights of subcontractors
D.
PCI DSS
Mandatory breach reporting
| Page 16 out of 52 Pages |
| Previous |
Copyright © - All Rights Reserved