Topic 1: Exam Pool A
The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months. The 2013 OWASP
Top Ten list includes “cross-site scripting (XSS).”
Which of the following is not a method for reducing the risk of XSS attacks?
Response:
A.
Use an auto-escaping template system.
B.
XML escape all identity assertions.
C.
Sanitize HTML markup with a library designed for the purpose.
D.
HTML escape JSON values in an HTML context and read the data with JSON.parse.
Sanitize HTML markup with a library designed for the purpose.
Which of the following are considered to be the building blocks of cloud computing?
Response:
A.
Data, access control, virtualization, and services
B.
Storage, networking, printing and virtualization
C.
CPU, RAM, storage and networking
D.
Data, CPU, RAM, and access control
CPU, RAM, storage and networking
What is used with a single sign-on system for authentication after the identity provider has
successfully authenticated a user?
Response:
A.
Token
B.
Key
C.
XML
D.
SAML
Token
Which of the following is the correct name for Tier II of the Uptime Institute Data
Center Site Infrastructure Tier Standard Topology?
A.
Concurrently Maintainable Site Infrastructure
B.
Fault-Tolerant Site Infrastructure
C.
Basic Site Infrastructure
D.
Redundant Site Infrastructure Capacity Components
Redundant Site Infrastructure Capacity Components
Which of the following tools might be useful in data discovery efforts that are based
on content analysis?
A.
DLP
B.
Digital Rights Management (DRM)
C.
iSCSI
D.
Fibre Channel over Ethernet (FCoE)
DLP
Heating, ventilation, and air conditioning (HVAC) systems cool the data center by
pushing warm air into ____________.
Response:
A.
The server inlets
B.
Underfloor plenums
C.
HVAC intakes
D.
The outside world
The outside world
When using transparent encryption of a database, where does the encryption engine
reside?
Response:
A.
At the application using the database
B.
On the instance(s) attached to the volume
C.
In a key management system
D.
Within the database
Within the database
A firewall can use all of the following techniques for controlling traffic except:
A.
Rule sets
B.
Behavior analysis
C.
Content filtering
D.
Randomization
Randomization
Which of the following are contractual components that the CSP should review and
understand fully when contracting with a cloud service provider?
(Choose two.)
A.
Concurrently maintainable site infrastructure
B.
Use of subcontractors
C.
Redundant site infrastructure capacity components
D.
Scope of processing
Use of subcontractors
Scope of processing
Which of the following best describes a cloud carrier?
A.
A person or entity responsible for making a cloud service available to consumers
B.
The intermediary who provides connectivity and transport of cloud services between
cloud providers and cloud consumers
C.
The person or entity responsible for keeping cloud services running for customers
D.
The person or entity responsible for transporting data across the Internet
The intermediary who provides connectivity and transport of cloud services between
cloud providers and cloud consumers
Page 6 out of 52 Pages |
Previous |