Impact resulting from risk being realized is often measured in terms of
____________.

A.

Amount of data lost

B.

Money

C.

Amount of property lost

D.

Number of people affected

Which concept of cloud computing pertains to the ability to reuse components and
services of an application for other purposes? 

A.

Portability

B.

Interoperability

C.

Resource pooling

D.

Elasticity

_________ is the legal concept whereby a cloud customer is held to a reasonable
expectation for providing security of its users’ and clients’ privacy data in their control.
Response:

A.

Due care

B.

Due diligence

C.

Liability

D.

Reciprocity

Which concept pertains to cloud customers paying only for the resources they use
and consume, and only for the duration they are using them?
Response:

A.

Measured service

B.

Auto-scaling

C.

Portability

D.

Elasticity

The cloud  deployment model that features joint ownership of assets among an affinity
group is known as:Response:

A.

Private

B.

Public

C.

Hybrid

D.

Community

You are the security manager for a software development firm. Your company is interested
in using a managed cloud service provider for hosting its testing environment. Management
is interested in adopting an Agile development style.
This will be typified by which of the following traits?
Response:

A.

Reliance on a concrete plan formulated during the Define phase

B.

Rigorous, repeated security testing

C.

Isolated programming experts for specific functional elements

D.

Short, iterative work periods

You are the security manager of a small firm that has just purchased a DLP solution to
implement in your cloud-based production environment.
In order to get truly holistic coverage of your environment, you should be sure to include
__________ as a step in the deployment process.
Response:

A.

Getting signed user agreements from all users

B.

Installation of the solution on all assets in the cloud data center

C.

Adoption of the tool in all routers between your users and the cloud provider

D.

All of your customers to install the tool

The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months. The 2013 OWASP
Top Ten list includes “sensitive data exposure.”
Which of these is a technique to reduce the potential for a sensitive data exposure?
Response:

A.

Extensive user training on proper data handling techniques

B.

Advanced firewalls inspecting all inbound traffic, to include content-based screening

C.

Ensuring the use of utility backup power supplies

D.

Roving security guards

A virtual network interface card (NIC) exists at layer __________ of the OSI model.
Response:

A.

2

B.

4

C.

6

D.

8

Which of the following is a file server that provides data access to multiple,
heterogeneous machines/users on the network?
Response:

A.

Storage area network (SAN)

B.

Network-attached storage (NAS)

C.

Hardware security module (HSM)

D.

Content delivery network (CDN)