- (Exam Topic 2)
What is an often overlooked concept that is essential to protecting the confidentiality of data?
Correct Answer:
B
While the main focus of confidentiality revolves around technological requirements or particular security methods, an important and often overlooked aspect of safeguarding data confidentiality is appropriate and comprehensive training for those with access to it. Training should be focused on the safe handling of sensitive information overall, including best practices for network activities as well as physical security of the devices or workstations used to access the application.
- (Exam Topic 4)
APIs are defined as which of the following?
Correct Answer:
B
All the answers are true, but B is the most complete.
- (Exam Topic 4)
What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?
Correct Answer:
C
The CSA CCM is an inventory of cloud service security controls that are arranged into separate security domains, not a hierarchy.
- (Exam Topic 4)
IRM solutions allow an organization to place different restrictions on data usage than would otherwise be possible through traditional security controls.
Which of the following controls would be possible with IRM that would not with traditional security controls?
Correct Answer:
D
Traditional security controls would not be able to restrict a user from printing something that they have the ability to access and read, but IRM solutions would allow for such a restriction. If a user has permissions to read a file, he can also copy the file or print it under traditional controls, and the ability to modify or write will give the user the ability to delete.
- (Exam Topic 2)
What must SOAP rely on for security?
Correct Answer:
A
Simple Object Access Protocol (SOAP) uses Extensible Markup Language (XML) for passing data, and it must rely on the encryption of those data packages for security.
