NEW QUESTION 1
SOC 2 reports were intended to be ______.
Response:

• A. Released to the public
• B. Only technical assessments
• C. Retained for internal use
• D. Nonbinding

Answer: C

NEW QUESTION 2
Which one of the following is not one of the three common threat modeling techniques? Response:

• A. Focused on assets
• B. Focused on attackers
• C. Focused on software
• D. Focused on social engineering

Answer: D

NEW QUESTION 3
An organization could have many reasons that are common throughout the industry to activate a BCDR situation. Which of the following is NOT a typical reason to activate a BCDR plan?
Response:

• A. Natural disaster
• B. Utility outage
• C. Staff loss
• D. Terrorist attack

Answer: C

NEW QUESTION 4
What is the intellectual property protection for the logo of a new video game? Response:

• A. Copyright
• B. Patent
• C. Trademark
• D. Trade secret

Answer: C

NEW QUESTION 5
Data transformation in a cloud environment should be of great concern to organizations considering cloud migration because ______ could affect data classification processes/implementations.
Response:

• A. Multitenancy
• B. Virtualization
• C. Remote access
• D. Physical distance

Answer: B

NEW QUESTION 6
All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline except ______.
Response:

• A. Remove all nonessential programs from the baseline image
• B. Exclude the target system you intend to baseline from any scheduled updates/patching used inproduction systems
• C. Include the baseline image in the asset inventory/configuration management database
• D. Configure the host OS according to the baseline requirements

Answer: C

NEW QUESTION 7
You have been tasked by management to offload processing and validation of incoming encoded data from your application servers and their associated APIs. Which of the following would be the most appropriate device or software to consider?
Response:

• A. XML accelerator
• B. XML firewall
• C. Web application firewall
• D. Firewall

Answer: A

NEW QUESTION 8
You are the IT director for a small contracting firm. Your company is considering migrating to a cloud production environment.
Which service model would best fit your needs if you wanted an option that reduced the chance of vendor lock-in but also did not require the highest degree of administration by your own personnel?
Response:

• A. IaaS
• B. PaaS
• C. SaaS
• D. TanstaafL

Answer: B

NEW QUESTION 9
What type of device is often leveraged to assist legacy applications that may not have the programmatic capability to process assertions from modern web services?

• A. Web application firewall
• B. XML accelerator
• C. Relying party
• D. XML firewall

Answer: B

NEW QUESTION 10
Which of the following types of organizations is most likely to make use of open source software technologies?

• A. Government agencies
• B. Corporations
• C. Universities
• D. Military

Answer: C

NEW QUESTION 11
What is a cloud storage architecture that manages the data in a hierarchy of files? Response:

• A. Object-based storage
• B. File-based storage
• C. Database
• D. CDN

Answer: B

NEW QUESTION 12
DAST checks software functionality in ______.
Response:

• A. The production environment
• B. A runtime state
• C. The cloud
• D. An IaaS configuration

Answer: B

NEW QUESTION 13
Digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM) often protect unauthorized distribution of what type of intellectual property?
Response:

• A. Patents
• B. Trademarks
• C. Personally identifiable information (PII)
• D. Copyright

Answer: D

NEW QUESTION 14
Your organization is considering a move to a cloud environment and is looking for certifications or audit reports from cloud providers to ensure adequate security controls and processes.
Which of the following is NOT a security certification or audit report that would be pertinent? Response:

• A. FedRAMP
• B. PCI DSS
• C. FIPS 140-2
• D. SOC Type 2

Answer: C

NEW QUESTION 15
Which type of testing tends to produce the best and most comprehensive results for discovering system vulnerabilities?
Response:

• A. Static
• B. Dynamic
• C. Pen
• D. Vulnerability

Answer: A

NEW QUESTION 16
Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind?
Response:

• A. Malware
• B. Loss/theft of portable devices
• C. Backdoors
• D. DoS/DDoS

Answer: C

NEW QUESTION 17
Although indirect identifiers cannot alone point to an individual, the more of them known can lead to a specific identity. Which strategy can be used to avoid such a connection being made?
Response:

• A. Masking
• B. Anonymization
• C. Obfuscation
• D. Encryption

Answer: B