- (Exam Topic 4)
Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.
Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?
Correct Answer:
D
The jurisdictions where data is being stored, processed, or consumed are the ones that dictate the regulatory frameworks and compliance requirements, regardless of who the data owner or custodian might be. The other concepts for protecting data would all play a prominent role in regulatory compliance with a move to the cloud environment. Each concept needs to be evaluated based on the new configurations as well as any potential changes in jurisdiction or requirements introduced with the move to a cloud.
- (Exam Topic 1)
What does the REST API support that SOAP does NOT support?
Correct Answer:
A
The SOAP protocol does not support caching, whereas the REST API does.
- (Exam Topic 4)
Which of the following is not a way to manage risk?
Correct Answer:
D
Enveloping is a nonsense term, unrelated to risk management. The rest are not.
- (Exam Topic 3)
Which cloud deployment model is MOST likely to offer free or very cheap services to users?
Correct Answer:
C
Public clouds offer services to anyone, regardless of affiliation, and are the most likely to offer free services to users. Examples of public clouds with free services include iCloud, Dropbox, and OneDrive. Private cloud models are designed for specific customers and for their needs, and would not offer services to the public at large, for free or otherwise. A community cloud is specific to a group of similar organizations and would not offer free or widely available public services. A hybrid cloud model would not fit the specifics of the question.
- (Exam Topic 1)
Which of the following does NOT relate to the hiding of sensitive data from data sets?
Correct Answer:
B
Federation pertains to authenticating systems between different organizations.
