- (Exam Topic 4)
Which of the following is the dominant driver behind the regulations to which a system or application must adhere?
Correct Answer:
B
The locality--or physical location and jurisdiction where the system or data resides--is the dominant driver of regulations. This may be based on the type of data contained within the application or the way in which the data is used. The contract and SLA both articulate requirements for regulatory compliance and the responsibilities for the cloud provider and cloud customer, but neither artifact defines the actual requirements. Instead, the contract and SLA merely form the official documentation between the cloud provider and cloud customer. The source of the data may place contractual requirements or best practice guidelines on its usage, but ultimately jurisdiction has legal force and greater authority.
- (Exam Topic 2)
Which OSI layer does IPsec operate at?
Correct Answer:
A
A major difference between IPsec and other protocols such as TLS is that IPsec operates at the Internet network layer rather than the application layer, allowing for complete end-to-end encryption of all communications and traffic.
- (Exam Topic 3)
A DLP solution/implementation has three main components. Which of the following is NOT one of the three main components?
Correct Answer:
C
Auditing, which can be supported to varying degrees by DLP solutions, is not a core component of them. Data loss prevention (DLP) solutions have core components of discovery and classification, enforcement, and monitoring. Discovery and classification are concerned with determining which data should be applied to the DLP policies, and then determining its classification level. Monitoring is concerned with the actual watching of data and how it's used through its various stages. Enforcement is the actual application of policies determined from the discovery stage and then triggered during the monitoring stage.
- (Exam Topic 4)
User access to the cloud environment can be administered in all of the following ways except:
Correct Answer:
D
The customer does not administer on behalf of the provider. All the rest are possible options.
- (Exam Topic 4)
Which kind of SSAE audit report is most beneficial for a cloud customer, even though it’s unlikely the cloud provider will share it?
Correct Answer:
C
The SOC 3 is the least detailed, so the provider is not concerned about revealing it. The SOC 1 Types 1 and 2 are about financial reporting and not relevant. The SOC 2 Type 2 is much more detailed and will most likely be kept closely held by the provider.
