Topic 1: Exam Pool A
Which of the following is essential for getting full security value from your system baseline?
Response:
A.
Capturing and storing an image of the baseline
B.
Keeping a copy of upcoming suggested modifications to the baseline
C.
Having the baseline vetted by an objective third party
D.
Using a baseline from another industry member so as not to engage in repetitious efforts
Capturing and storing an image of the baseline
A typical DLP tool can enhance the organization’s efforts at accomplishing what legal task?
Response:
A.
Evidence collection
B.
Delivering testimony
C.
Criminal prosecution
D.
Enforcement of intellectual property rights
Evidence collection
____________ can often be the result of inadvertent activity.
Response:
A.
DDoS
B.
Phishing
C.
Sprawl
D.
Disasters
Sprawl
Who is ultimately responsible for a data breach that includes personally identifiable
information (PII), in the event of negligence on the part of the cloud provider?
A.
The user
B.
The subject
C.
The cloud provider
D.
The cloud customer
The cloud customer
Which of the following practices can enhance both operational capabilities and
configuration management efforts?
Response:
A.
Regular backups
B.
Constant uptime
C.
Multifactor authentication
D.
File hashes
File hashes
Which cloud service category offers the most customization options and control to
the cloud customer?
Response:
A.
PaaS
B.
IaaS
C.
SaaS
D.
DaaS
IaaS
What is the primary security mechanism used to protect SOAP and REST APIs?
Response:
A.
Firewalls
B.
XML firewalls
C.
Encryption
D.
WAFs
Encryption
What is the amount of fuel that should be on hand to power generators for backup
datacenter power, in all tiers, according to the Uptime Institute?
A.
1
B.
1,000 gallons
C.
12 hours
D.
As much as needed to ensure all systems may be gracefully shut down and data
securely stored
12 hours
DRM solutions should generally include all the following functions, except:
A.
Persistency
B.
Automatic self-destruct
C.
Automatic expiration
D.
Dynamic policy control
Automatic self-destruct
What can tokenization be used for?
Response:
A.
Encryption
B.
Compliance with PCI DSS
C.
Enhancing the user experience
D.
Giving management oversight to e-commerce functions
Compliance with PCI DSS
Page 4 out of 52 Pages |
Previous |