SECURITY EXAM 2026 EXAMINATION TEST
PAPER 1037 QUESTIONS WITH COMPLETE
SOLUTIONS CERTIFICATION PREP
MATERIAL GRADED A+
⩥ customer is unable to recover or access their own data due to the
cloud provider going into bankruptcy or otherwise leaving the market.
Answer: Vendor lock-out
⩥ customer may be unable to leave, migrate, or transfer to an alternate
provider due to technical or non-technical constraints.
Answer: vendor lock-m
⩥ Data created should be _________ upon creation/upload
Answer: encrypted
⩥ data is committed to a repository
Answer: store
⩥ data is permanently removed using physical or digital means
Answer: destroy
,⩥ data is viewed, processed, or otherwise in some sort of activity
Answer: use
⩥ data leaves active use and enters long-term storage
Answer: archive
⩥ data retention policy: applicable regulation
Answer: senior management's decision to resolve conflict in policy
⩥ data retention policy: data classification
Answer: how and when data should be categorized
⩥ data retention policy: retention format
Answer: how data is achieved and stored
⩥ data retention policy: Retention period
Answer: how long data should be kept
⩥ Experimental technology of processing encrypted data w/o decrypting
it first?
Answer: Homomorphic
,⩥ Fully-operational environment with very little maintenance or
administration necessary, which cloud service model would probably be
best?
Answer: PaaS
⩥ GAAPs are created and maintained by which organization?
Answer: AICPA
⩥ How many levels are in the CSA STAR program?
Answer: 3
⩥ How many SOC report categories are there?
Answer: 3
⩥ How many subtypes of SOC 2 are there?
Answer: 2
⩥ How many uptime institute tiers are there?
Answer: four
⩥ Identity provider and replying parties are terms that apply to what
concept?
, Answer: federation
⩥ If a cloud customer wants a secure, isolated sandbox in order to
conduct software development and testing, which cloud service model
would probably be best?
Answer: PaaS
⩥ In all cloud models, security controls are driven by what?
Answer: business requirements
⩥ In cloud layered defense what are examples of personnel controls?
Answer: background checks
continual monitoring
⩥ In cloud layered defense what are examples of technological controls?
Answer: encryption
event logging
access control enforcement
⩥ In cloud layered defense what is an example of governance
mechanisms?
Answer: auditing