WGU-C838-Pre-Assessment

WGU-C838-Pre-Assessment "Which phase of the cloud data lifecycle allows both read and process functions to be performed? (A) Share (B) Store (C) Create (D) Archive" - Answer Create "Which phase of the cloud data security lifecycle typically occurs simultaneously with creation? (A) Use (B) Share (C) Store (D) Destroy" - Answer Store "Which phase of the cloud data life cycle uses content delivery networks? (A) Share (B) Create (C) Destroy (D) Archive" - Answer Share "Which phase of the cloud data life cycle is associated with crypto-shredding? (A) Use (B) Store (C) Share (D) Destroy" - Answer Destroy "Which cloud data storage architecture allows sensitive data to be replaced with unique identification symbols that retain all the essential information about the data without compromising its security? (A) Obfuscation (B) Tokenization (C) Anonymization (D) Randomization" - Answer Tokenization "Which methodology could cloud data storage utilize to encrypt all data associated in an infrastructure as a service (IaaS) deployment model? (A) Sandbox encryption (B) Client-side encryption (C) Polymorphic encryption (D) Whole-instance encryption" - Answer Whole-instance encryption "There is a threat to a banking cloud platform service. The developer needs to provide inclusion in a relational database that is seamless and readily searchable by search engine algorithms. Which platform as a service (PaaS) data type should be used? (A) Structured (B) Unstructured (C) Long-term storage (D) Short-term storage" - Answer Structured "Which platform as a service (PaaS) storage architecture should be used if an organization wants to store presentations, documents, and audio files? (A) Block (B) Object (C) Distributed (D) Relational database" - Answer Object "Which technique scrambles the content of data using a mathematical algorithm while keeping the structural arrangement of the data? (A) Tokenization (B) Dynamic masking (C) Proxy-based encryption (D) Format-preserving encryption" - Answer Format-preserving encryption "Which encryption technique connects the instance to the encryption instance that handles all crypto operations? (A) Proxy (B) Database (C) Server-side (D) Externally managed" - Answer Proxy "Which type of control should be used to implement custom controls that safeguard data? (A) Application level (B) Management plane (C) Options for access (D) Public and internal sharing" - Answer Application level "Which element is protected by an encryption system? (A) Data (B) Public key (C) Ciphertext (D) Management engine" - Answer Data "A cloud administrator recommends using tokenization as an alternative to protecting data without encryption. The administrator needs to make an authorized application request to access the data. Which step should occur immediately before this action is taken? (A) The application collects a token. (B) The application stores the token. (C) The tokenization server generates the token. (D) The tokenization server returns the token to the application." - Answer (B) The application stores the token "A company has recently defined classification levels for its data. During which phase of the cloud data life cycle should this definition occur? (A) Use (B) Share (C) Create (D) Archive" - Answer Create "Which jurisdictional data protection includes dealing with the international transfer of data? (A) Privacy regulation (B) Financial modernization (C) Sarbanes-Oxley act (SOX) (D) Secure choice authorization (SCA)" - Answer Privacy Regulation "Which jurisdictional data protection controls the ways that Financial institutions deal with the private information of individuals? (A) Sarbanes-Oxley act (SOX) (B) Gramm-Leach-Bliley act (GLBA) (C) Stored communications act (SCA) (D) Health insurance portability and accountability act (HIPAA)" - Answer Gramm-Leach-Bliley act (GLBA) "Which jurisdictional data protection safeguards protected health information (PHI)? (A) Directive 95/46/EC (B) Safe harbor regime (C) Personal Data Protection Act of 2000 (D) Health Insurance Portability and Accountability Act (HIPAA)" - Answer Health Insurance Portability and Accountability Act (HIPAA) "How is the compliance of the cloud service provider's legal and regulatory requirements verified when securing personally identifiable information (PII) data in the cloud? (A) E-discovery process (B) Contractual agreements (C) Researching data retention laws (D) Third-party audits and attestations" - Answer Third-party audits and attestations "Which security strategy is associated with data rights management solutions? (A) Static policy control (B) Continuous auditing (C) Unrestricted replication (D) Limited documents type support" - Answer Continuous auditing "Who retains Final ownership for granting data access and permissions in a shared responsibility model? (A) Analyst (B) Manager (C) Customer (D) Developer" - Answer Customer "Which data retention solution should be applied to a file in order to reduce the data footprint by deleting fixed content and duplicate data? (A) Saving (B) Backup (C) Caching (D) Archiving" - Answer Archiving "Which data retention method is stored with a minimal amount of metadata storage with the content? (A) File system (B) Redundant array (C) Block-based (D) Object-based" - Answer Block-based "What is a key capability of security information and event management? (A) Secure remote access (B) Intrusion prevention capabilities (C) Automatic remediation of issues (D) Centralized collection of log data" - Answer Centralized collection of log data "Which data source provides auditability and traceability for event investigation as well as documentation? (A) Storage files (B) Packet capture (C) Database tables (D) Network interference" - Answer Packet Capture "Which data source provides auditability and traceability for event investigation as well as documentation? (A) Database schema (B) Ephemeral storage (C) Network segmentation (D) Virtualization platform logs" - Answer Virtualization platform logs "Which technology is used to manage identity access management by building trust relationships between organizations? (A) Federation (B) Single sign-on (C) Biometric authentication (D) Multifactor authentication" - Answer Federation "Which term describes the action of confirming identity access to an information system? (A) Access (B) Concept (C) Coordination (D) Authentication" - Answer Authentication "Which cloud computing tool is used to discover internal use of cloud services using various mechanisms such as network monitoring? (A) Data loss prevention (DLP) (B) Web application ?rewall (WAF) (C) Content delivery network (CDN) (D) Cloud access security broker (CASB)" - Answer Cloud access security broker (CASB) "Which cloud computing technology unlocks business value through digital and physical access to maps? (A) Multitenancy (B) Cloud application (C) On-demand self-service (D) Application programming interface" - Answer Application Programming interface "Which cloud computing tool may help detect data migrations to cloud services? (A) Cloud data transfer (B) Data loss prevention (C) Cloud security gateways (D) Uniform resource locator (URL) Filtering" - Answer (B) Data loss prevention "What is a key component of the infrastructure as a service (IaaS) cloud service model? (A) High reliability and resilience (B) Allows choice and reduces lock-in (C) Ease of use and limited administration (D) Supports multiple languages and frameworks" - Answer High reliability and resilience "What is a key capability of infrastructure as a service (IaaS)? (A) Multiple hosting environments (B) Hosted application management (C) Converged network and IT capacity pool (D) Leased application and software licensing" - Answer Converged network and IT capacity pool "Which option should an organization choose if there is a need to avoid software ownership? (A) Software as a service (SaaS) (B) Platform as a service (PaaS) (C) Containers as a service (CaaS) (D) Infrastructure as a service (IaaS)" - Answer Software as a service (SaaS) "Which cloud model offers access to a pool of fundamental IT resources such as computing, networking, or storage? (A) Data (B) Platform (C) Application (D) Infrastructure" - Answer Infrastructure "In which situation could cloud clients find it impossible to recover or access their own data if their cloud provider goes bankrupt? (A) Multicloud (B) Multitenant (C) Vendor lock-in (D) Vendor lock-out" - Answer Vendor lock-out "Which cloud deployment model is operated for a single organization? (A) Private (B) Public (C) Hybrid (D) Consortium" - Answer Private "Which cloud model provides data location assurance? (A) Hybrid (B) Public (C) Private (D) Community" - Answer Private "Which cloud model allows the consumer to have sole responsibility for management and governance? (A) Hybrid (B) Public (C) Private (D) Community" - Answer Private "Which technology allows an organization to control access to sensitive documents stored in the cloud? (A) Digital rights management (DRM) (B) Database activity monitoring (DAM) (C) Identity and access management (IAM) (D) Distributed resource scheduling (DRS)" - Answer Digital Rights Management (DRM) "Which security technology can provide secure network communications from on-site enterprise systems to a cloud platform? (A) Web application ?rewall (WAF) (B) Data loss prevention (DLP) (C) Domain name system security extensions (DNSSEC) (D) Internet protocol security (IPSec) virtual private network (VPN)" - Answer Internet protocol security (IPSec) virtual private network (VPN "How do immutable workloads effect security overhead? (A) They reduce the management of the hosts. (B) They create patches for a running workload. (C) They restrict the amount of instances in a cluster. (D) They automatically perform vulnerability scanning as they launch." - Answer They reduce the management of the hosts "Which document addresses CSP issues such as guaranteed uptime, liability, penalties, and dispute mediation process? (A) Service level agreement (SLA) (B) Service organization control 3 (SOC 3) (C) General data protection regulation (GDPR) (D) Common criteria assurance framework (CC)" - Answer Service level agreement (SLA) "Which design principle of secure cloud computing ensures that the business can resume essential operations in the event of an availability-affecting incident? (A) Access control (B) Resource pooling (C) Disaster recovery (D) Session management" - Answer Disaster recovery "Which design principle of secure cloud computing ensures that users can utilize data and applications from around the globe? (A) Scalability (B) Portability (C) Broad network access (D) On-demand self-service" - Answer Broad network access "Which design principle of secure cloud computing involves deploying cloud service provider resources to maximize availability in the event of a failure? (A) Elasticity (B) Resiliency (C) Clustering (D) Scalability" - Answer Resiliency "Which item should be part of the legal framework analysis if a company wishes to store prescription drug records in a SaaS solution? (A) U.S. Patriot Act (B) Sarbanes-Oxley Act (C) Federal Information Security Modernization Act (D) Health Insurance Portability and Accountability Act" - Answer Health Insurance Portability and Accountability Act "Which standard addresses practices related to acquisition of forensic artifacts and can be directly applied to a cloud environment? (A) ISO/IEC 27001 (B) ISO/IEC 27050-1 (C) NIST SP 500-291 (D) NIST SP 800-145" - Answer ISO/IEC 27050-1 "Which regulation in the United States defines the requirements for a CSP to implement and report on internal accounting controls? (A) SOX (B) GDPR (C) HIPAA (D) FERPA" - Answer SOX "Which legislation must a trusted cloud service adhere to when utilizing the data of EU citizens? (A) SOX (B) APPI (C) GDPR (D) EMTALA" - Answer GDPR "Which logical design decision can be attributed to required regulation? (A) Retention formats (B) Retention periods (C) Database reads/second (D) Database writes/second" - Answer Retention periods "Which service model influences the logical design by using additional measures in the application to enhance security? (A) Public cloud (B) Hybrid cloud (C) Platform as a service (PaaS) (D) Software as a service (SaaS)" - Answer Software as a service (SaaS) "Which environmental consideration should be addressed when planning the design of a data center? (A) Heating and ventilation (B) Utility power availability (C) Expansion possibilities and growth (D) Telecommunications connections" - Answer Heating and ventilation "Which result is achieved by removing all nonessential services and software of devices for secure configuration of hardware? (A) Patching (B) Lockdown (C) Hardening (D) Maintenance" - Answer (C) Hardening "What is a component of device hardening? (A) Patching (B) Unit testing (C) Versioning (D) Configuring VPN access" - Answer Patching "Which technology typically provides security isolation in infrastructure as a service (IaaS) cloud (A) computing? (B) Virtual machines (C) Operating systems (D) Application instance" - Answer Virtual machines "Which technology can an administrator us to remotely manage a fleet of servers? (A) Bastion host (B) Management plane (C) VPN concentrator (D) KVM switch" - Answer (B) Management plane "What part of the logical infrastructure design is used to configure cloud resources, such as launching virtual machines or configuring virtual networks? (A) Management plane (B) Database management (C) Identity access management (D) Management orchestration software" - Answer Management plane "Which action enhances cloud security application deployment through standards such as ISO/IEC 27034 for the development, acquisition, and configuration of software systems? (A) Applying the steps of a cloud software development lifecycle (B) Providing developer access to supporting components and services (C) Outsourcing the infrastructure and integration platform management (D) Verifying the application has an appropriate level of confidentiality and integrity" - Answer Applying the steps of a cloud software development lifecycle "Which type of agreement aims to negotiate policies with various parties in accordance with the agreed- upon targets? (A) User license (ULA) (B) Service-level (SLA) (C) Privacy-level (PLA) (D) Operation-level (OLA)" - Answer Service-level (SLA) "Which regulation requires a CSP to comply with copyright law for hosted content? (A) SOX (B) SCA (C) GLBA (D) DMCA" - Answer DMCA Digital Millennium Copyright Act "Which element is a cloud virtualization risk? (A) Licensing (B) Jurisdiction (C) Guest isolation (D) Electronic discovery" - Answer Guest isolation "Which risk is related to interception of data in transit? (A) Virtualization (B) Traffic blocking (C) Man-in-the-middle (D) Software vulnerabilities" - Answer Man-in-the-middle "Which method is being used when a company evaluates the acceptable loss exposure associated with a cloud solution for a given set of objectives and resources? (A) Risk appetite (B) Risk management (C) Business impact analysis (D) Business continuity planning" - Answer Risk appetite "The security administrator for a global cloud services provider (CSP) is required to globally standardize the approaches for using forensics methodologies in the organization. Which standard should be applied? (A) Sarbanes-Oxley act (SOX) (B) Cloud controls matrix (CCM) (C) International electrotechnical commission (IEC) 27037 (D) International organization for standardization (ISO) 27050-1" - Answer International organization for standardization (ISO) 27050-1 "Which detection and analysis technique is performed to capture a point-in-time picture of the entire stack at the time of an incident? (A) Review data access logs (B) Examine configuration data (C) Collect metadata during alert (D) Create a snapshot using API calls" - Answer Create a snapshot using API calls "A CSP operating in Australia experiences a security breach that results in disclosure of personal information that is likely to result in serious harm. Who is the CSP legally required to notify? (A) Cloud Security Alliance (B) Information commissioner (C) Australian privacy foundation (D) Asian-Paci?c privacy control board" - Answer Information commissioner "A CSP provides services in European Union (EU) countries that are subject to the network information security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the essential services being provided. Who is the CSP required to notify under the NIS directive? (A) Competent authorities (B) Data protection regulator (C) Provider's services suppliers (D) Personal Information Protection Commission" - Answer Competent authorities "A cloud customer is setting up communication paths with the cloud service provider that will be used in the event of an incident. Which action facilitates this type of communication? (A) Using existing open standards (B) Incorporating checks on API calls (C) Identifying key risk indicators (KRIs) (D) Performing a vulnerability assessment" - Answer Using existing open standards "Which security control does the software as a service (SaaS) model require as a shared responsibility of all parties involved? (A) Data (B) Platform (C) Application (D) Infrastructure" - Answer Application "Which description characterizes the application programming interface (API) format known as representational state transfer (REST)? (A) Tolerates errors at a high level (B) Supports only extensible markup language (XML) (C) Delivers a slower performance with complex scalability (D) Provides a framework for developing scalable web applications" - Answer Provides a framework for developing scalable web applications "Which issue occurs when a web browser is sent data without proper validation? (A) Cross-site scripting (XXS) (B) Cross-site request forgery (CSRF) (C) Insecure direct object access (IDOA) (D) Lightweight directory access protocol (LDAP) injection" - Answer Cross-site scripting (XXS) "Which security testing approach is used to review source code and binaries without executing the application? (A) Fuzz testing (B) Regression testing (C) Static application security testing (D) Dynamic application security testing" - Answer Static application security testing "Which issue can be detected with static application security testing (SAST)? (A) Malware (B) Threading (C) Authentication (D) Performance" - Answer Threading "Which approach is considered a black-box security testing method? (A) Source code review (B) Binary code inspection (C) Static application security testing (D) Dynamic application security testing" - Answer Dynamic application security testing "Which primary security control should be used by all cloud accounts, including individual users, in order to defend against the widest range of attacks? (A) Perimeter security (B) Logging and monitoring (C) Redundant infrastructure (D) Multi-factor authentication" - Answer Multi-factor authentication "Which cloud infrastructure is shared by several organizations and supports a specific population that has shared concerns (e.g., mission, security requirements, policy, compliance considerations)? (A) Hybrid (B) Public (C) Private (D) Community" - Answer Community "Which problem is known as a common supply chain risk? (A) Data breaches (B) Domain spoofing (C) Source code design (D) Runtime application self-protection" - Answer Data breaches "Which phase of the software development life cycle includes determining the business and security requirements for the application to occur? (A) Testing (B) Defining (C) Designing (D) Developing" - Answer Defining "Which phase of the software development life cycle includes writing application code? (A) Defining (B) Designing (C) Developing (D) Implementing" - Answer Developing "Which method should the cloud consumer use to secure the management plane of the cloud service provider? (A) Credential management (B) Network access control list (C) Agent-based security tooling (D) Disablement of management plane" - Answer Credential management "Which security threat occurs when a developer leaves an unauthorized access interface within an application after release? (A) Easter egg (B) Deprecated API (C) Persistent backdoor (D) Development operations" - Answer Persistent backdoor "Which process prevents the environment from being over-controlled by security measures to the point where application performance is impacted? (A) Private cloud (B) Community cloud (C) Quality of service (QoS) (D) Trusted cloud initiative (TCI)" - Answer Quality of service (QoS) "Which open web application security project (OWASP) Top 9 Coding Flaws leads to security issues? (A) Denial-of-service (B) Client-side injection (C) Cross-site scripting (D) Direct object reference" - Answer Direct object reference "Which identity management process targets access to enterprise resources by ensuring that the identity of an entity is verified? (A) Federation (B) Provisioning (C) Authentication (D) Policy management" - Answer Authentication "Which technology improves the ability of the transport layer security (TLS) to ensure privacy when communicating between applications? (A) Volume encryption (B) Whole-disk encryption (C) Virtual private networks (VPNs) (D) Advanced application-specific integrated circuits (ASICs)" - Answer Advanced application-specific integrated circuits (ASICs) "Which multi-factor authentication (MFA) option uses a physical universal serial bus (USB) device to generate one-time passwords? (A) Biometrics (B) Hard tokens (C) Out-of-band passwords (D) Transaction authentication numbers" - Answer Hard tokens "Which cloud infrastructure is shared by several organizations with common concerns, such as mission, policy, or compliance considerations? (A) Hybrid cloud (B) Public cloud (C) Private cloud (D) Community cloud" - Answer Community cloud "Which type of cloud deployment model is considered equivalent to a traditional IT architecture? (A) Public (B) Hybrid (C) Private (D) Community" - Answer Private "Which security method should be included in a defense-in-depth, when examined from the perspective of a content security policy (CSP)? (A) Training programs (B) Technological controls (C) Strong access controls (D) Contractual enforcement of policies" - Answer Technological controls "Which attack vector is associated with cloud infrastructure? (A) Compromised API credentials (B) Data storage locations in multiple jurisdictions (C) Seizure and examination of a physical disk (D) Licensing fees tied to the deployment of software based on a per-CPU licensing model" - Answer Compromised API credentials "Which risk is associated with malicious and accidental dangers to a cloud infrastructure? (A) External attacks (B) Personnel threats (C) Natural disasters (D) Regulatory noncompliance" - Answer Personnel threats "Which cloud-specific risk must be considered when moving infrastructure operations to the cloud? (A) Denial of service (B) Natural disasters (C) Regulatory violations (D) Lack of physical access" - Answer Lack of physical access "Which risk is controlled by implementing a private cloud? (A) Eavesdropping (B) Physical security (C) Unauthorized access (D) Denial-of-service (DoS)" - Answer Physical security "Which countermeasure enhances redundancy for physical facilities hosting cloud equipment during the threat of a power outage? (A) Tier 2 network access providers (B) Multiple and independent power circuits to all racks (C) Radio frequency interference (RFI) blocking devices (D) Automated license plate readers (ALPR) at entry points" - Answer Multiple and independent power circuits to all racks "Which countermeasure helps mitigate the risk of stolen credentials for cloud-based platforms? (A) Host lockdown (B) Data sanitization (C) Key management (D) Multifactor authentication" - Answer Multifactor authentication "Which control helps mitigate the risk of sensitive information leaving the cloud environment? (A) Data loss prevention (DLP) (B) Disaster recovery plan (DRP) (C) Web application ?rewall (WAF) (D) Identity and access management (IAM)" - Answer Data loss prevention (DLP) "Which countermeasure mitigates the risk of a rogue cloud administrator? (A) Data encryption (B) Platform orchestration (C) Logging and monitoring (D) Multifactor authentication" - Answer Logging and monitoring "Which consideration should be taken into account when reviewing a cloud service provider's risk of potential outage time? (A) The type of database (B) The provider's support services (C) The unique history of the provider (D) The amount of cloud service offerings" - Answer The unique history of the provider "Which cloud security control eliminates the risk of a virtualization guest escape from another tenant? (A) Dedicated hosting (B) File integrity monitor (C) Hardware hypervisor (D) Immutable virtual machines" - Answer Dedicated hosting "Which cloud security control is a countermeasure for man-in-the-middle attacks? (A) Reviewing log data (B) Backing up data offsite (C) Using block data storage (D) Encrypting data in transit" - Answer Encrypting data in transit "Which data retention policy controls how long health insurance portability and accountability act (HIPAA) data can be archived? (A) Enforcement (B) Maintenance (C) Data classification (D) Applicable regulation" - Answer Applicable regulation "Which disaster recovery (DR) site results in the quickest recovery in the event of a disaster? (A) Hot (B) Cold (C) Passive (D) Reserve" - Answer HOT "Where should the location be for the final data backup repository in the event that the disaster recovery plan is enacted for the CSP of disaster recovery (DR) service? (A) Tape drive (B) Local storage (C) Cloud platform (D) Company headquarters" - Answer Cloud platform "Which technology should be included in the disaster recovery plan to prevent data loss? (A) Locked racks (B) System patches (C) Offsite backups (D) Video surveillance" - Answer Offsite backups "Which disaster recovery plan metric indicates how long critical functions can be unavailable before the organization is irretrievably affected? (A) Recovery time objective (RTO) (B) Mean time to switchover (MTS) (C) Recovery point objective (RPO) (D) Maximum allowable downtime (MAD)" - Answer Maximum allowable downtime (MAD) "Which assumption about a CSP should be avoided when considering risks in a disaster recovery (DR) plan? (A) Provider's history (B) Continuity planning (C) Level of resiliency (D) Costs will remain the same" - Answer Level of resiliency "An architect needs to constrain problems to a level that can be controlled when the problem exceeds the capabilities of disaster recovery (DR) controls. Which aspect of the plan will provide this guarantee? (A) Ensuring data backups (B) Managing plane controls (C) Handling provider outages (D) Evaluating portability alternatives" - Answer Handling provider outages "Which aspect of business continuity planning considers the alternatives to be used when there is a complete loss of the provider? (A) Ensuring resiliency (B) Managing plane controls (C) Considering portability options (D) Managing cloud provider outages" - Answer Considering portability options "What is a key method associated with a risk-based approach to business continuity planning? (A) Using existing network technology (B) Leveraging software-defined networking (C) Applying internal authentication and credential passing (D) Considering the degree of continuity required for assets" - Answer Considering the degree of continuity required for assets "Which testing method must be performed to demonstrate the effectiveness of a business continuity plan and procedures? (A) SAST (B) DAST (C) Failover (D) Penetration" - Answer Failover "Which process involves the use of electronic data as evidence in a civil or criminal legal case? (A) Due diligence (B) Cloud governance (C) Auditing in the cloud (D) eDiscovery investigations" - Answer eDiscovery investigations "Which standard addresses the privacy aspects of cloud computing for consumers? (A) ISO 19011:2011 (B) ISO 27001:2013 (C) ISO 27018:2014 (D) ISO 27017:2015" - Answer ISO 27018:2014 "Which international standard guide provides procedures for incident investigation principles and processes? (A) ISO/IEC 27034-1:2011 (B) ISO/IEC 27037:2012 (C) ISO/IEC 27001:2013 (D) ISO/IEC 27043:2015" - Answer ISO/IEC 27043:2015 "Which group is legally bound by the general data protection regulation (GDPR)? (A) Only corporations headquartered in the EU (B) Only corporations that processes the data of EU citizens (C) Only corporations that have operations in more than one EU nation (D) Only corporations located in countries that have adopted the GDPR standard" - Answer Only corporations that processes the data of EU citizens "Which action is required for breaches of data under the general data protection regulation (GDPR) within 72 hours of becoming aware of the event? (A) Notifying the affected persons (B) Reporting to the supervisory authority (C) Suspending the processing operations (D) Informing consumer credit reporting services" - Answer Reporting to the supervisory authority "Which penalty is imposed for privacy violations under the general data protection regulation (GDPR)? (A) Penalty up to 10 million Euros (B) Penalty up to 20 million Euros (C) Penalty up to 2% of gross income (D) Penalty up to 5% of gross income" - Answer Penalty up to 20 million Euros "Why is eDiscovery difficult in the cloud? (A) The process is time consuming. (B) The cloud service provider may lack sufficient resources. (C) The client may lack the credentials to access the required data. (D) The customer is responsible for their data on a multi-tenant system." - Answer The client may lack the credentials to access the required data. "Which artifact may be required as a data source for a compliance audit in a cloud environment? (A) Customer SLAs (B) Change management details (C) Quarterly revenue projections (D) Annual actual-to-budgeted expense reports" - Answer Change management details "Which artifact may be required as a data source for a regulatory compliance audit (i.e., HIPAA, PCI-DSS) in a cloud environment? (A) System configuration details (B) Quarterly revenue projections (C) System performance benchmarks (D) Annual actual-to-budgeted expenses" - Answer System configuration details "Which item would be a risk for an enterprise considering contracting with a cloud service provider? (A) 99.99% up time guarantees (B) No SLA exclusion penalties (C) Very expensive SLA provider penalties (D) Suspension of service if payment is delinquent" - Answer Suspension of service if payment is delinquent "Which risk during the eDiscovery process would limit the usefulness of the requested data from the cloud by third parties? (A) Direct access (B) Authentication (C) Native production (D) Discovery by design" - Answer Native production "Which type of control is important in order to achieve compliance for risk management? (A) Security (B) Privacy (C) Validation (D) Technical" - Answer Security "Which requirement is included when exceptions, restrictions, and potential risks are highlighted in a cloud services contract? (A) Load balancer algorithm (B) Stockholder expectations (C) Regulatory and compliance (D) Virtual machine and operating system" - Answer Regulatory and compliance "Which item is required in a cloud contract? (A) Strategy for the SDLC (B) Specifications for unit testing (C) Penalties for failure to meet SLA (D) Diagrams for data flow structures" - Answer (C) Penalties for failure to meet SLA "Which factor exemplifies adequate cloud contract governance? (A) The bandwidth that is contractually provided (B) The emphasis of privacy controls in the contract (C) The frequency with which contracts are renewed (D) The flexibility of data types in accordance with a contract" - Answer The frequency with which contracts are renewed,