Every cloud service provider that opts to join the CSA STAR program registry must
complete a ___________.

A.

SOC 2, Type 2 audit report

B.

Consensus Assessment Initiative Questionnaire (CAIQ)

C.

NIST 800-37 RMF audit

D.

ISO 27001 ISMS review

Which of the following best describes SAML?
Response:

A.

A standard for developing secure application management logistics

B.

A standard for exchanging authentication and authorization data between security
domains

C.

A standard for exchanging usernames and passwords across devices

D.

A standard used for directory synchronization

All of the following are terms used to described the practice of obscuring original raw data
so that only a portion is displayed for operational purposes, except:
Response:

A.

Tokenization

B.

Data discovery

C.

Obfuscation

Who should be the only entity allowed to declare that an organization can return to normal
following contingency or BCDR operations?
Response:

A.

Regulators

B.

Law enforcement

C.

The incident manager

D.

Senior management

You work for a government research facility. Your organization often shares data
with other government research organizations.
You would like to create a single sign-on experience across the organizations, where
users at each organization can sign in with the user ID/authentication issued by that
organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other
organization (which is one way of accomplishing this goal), you instead want every
user to have access to each organization’s specific storage resources.
If you don’t use cross-certification, what other model can you implement for this
purpose?
Response:

A.

Third-party identity broker

B.

Cloud reseller

C.

Intractable nuanced variance

D.

Mandatory access control (MAC)

At which phase of the SDLC process should security begin participating?

A.

Requirements gathering

B.

Requirements analysis

C.

Design

D.

Testing

The final phase of the cloud data lifecycle is the destroy phase, where data is
ultimately deleted and done so in a secure manner to ensure it cannot be recovered
or reconstructed. Which cloud service category poses the most challenges to data
destruction or the cloud customer?

A.

Platform

B.

Software

C.

Infrastructure

D.

Desktop

In the cloud motif, the data processor is usually:
Response:

A.

The party that assigns access rights

B.

The cloud customer

C.

The cloud provider

D.

The cloud access security broker

Which of the following is the best and only completely secure method of data destruction?
Response:

A.

Degaussing

B.

Crypto-shredding

C.

Physical destruction of resources that store the data

D.

Legal order issued by the prevailing jurisdiction where the data is geographically
situated

Which of the following is a risk in the cloud environment that is not existing or is as
prevalent in the legacy environment?
Response:

A.

Legal liability in multiple jurisdictions

B.

Loss of productivity due to DDoS

C.

Ability of users to gain access to their physical workplace

D.

Fire