MANAGING CLOUD SECURITY 2026 TEST PAPER EXAM
QUESTIONS AND ANSWERS GRADED A+
✔✔Which Threat Model provides a standardized way of describing threats by their
attributes? - ✔✔STRIDE
✔✔A WAF typically parses which type of traffic?
A XML
B HTTP
C REST
D SOAP - ✔✔B
✔✔All of the following are components of DLP except:
A Labeling
B Monitoring
C Enforcement
D Discovery and Classification - ✔✔A
✔✔Where do the bare metal hypervisors run?
A On software
B On hardware
C On a host OS
D On a client OS - ✔✔B
✔✔Which is not necessarily related directly privacy?
A Safe Harbor
B HIPPA
C GLBA
D SOX - ✔✔D
✔✔In PaaS the customer has control over:
A Software
B OS
C Physical
D Platform - ✔✔A
✔✔Vulnerability testing where you have knowledge of the systems involved is called?
A Hybrid
, B DAST
C SAST
D Pen - ✔✔C
✔✔When does the EU Data Protection Directive (Directive 95/46/EC) apply to data
processed?
A The directive applies to data processed by a natural person in the course of purely
personal activities.
B The directive applies to data processed by automated means and data contained in
paper files.
C The directive applies to data processed by automated means in the course of purely
personal activities.
D The directive applies to data processed in the course of an activity that falls outside
the scope of community law, such as public safety. - ✔✔B
✔✔An organization wants to preserve control of its IT environments and takes
advantage of flexibility, scalability, and cost savings. Which cloud deployment model
helps the organization do this?
A Private
B Hybrid
C Community
D Public - ✔✔B
✔✔Which models allows the customer to choose\manage their software and operating
systems?
A PaaS
B IaaS
C DBaaS
D SaaS - ✔✔B
✔✔When using an IaaS solution, what is a key benefit provided to the customer?
A Transferred cost of ownership
B Metered and priced usage on the basis of units consumed
C The ability to scale up infrastructure services based on projected usage
D Increased energy and cooling system efficiencies - ✔✔B
✔✔Which of the following is not an access control?
QUESTIONS AND ANSWERS GRADED A+
✔✔Which Threat Model provides a standardized way of describing threats by their
attributes? - ✔✔STRIDE
✔✔A WAF typically parses which type of traffic?
A XML
B HTTP
C REST
D SOAP - ✔✔B
✔✔All of the following are components of DLP except:
A Labeling
B Monitoring
C Enforcement
D Discovery and Classification - ✔✔A
✔✔Where do the bare metal hypervisors run?
A On software
B On hardware
C On a host OS
D On a client OS - ✔✔B
✔✔Which is not necessarily related directly privacy?
A Safe Harbor
B HIPPA
C GLBA
D SOX - ✔✔D
✔✔In PaaS the customer has control over:
A Software
B OS
C Physical
D Platform - ✔✔A
✔✔Vulnerability testing where you have knowledge of the systems involved is called?
A Hybrid
, B DAST
C SAST
D Pen - ✔✔C
✔✔When does the EU Data Protection Directive (Directive 95/46/EC) apply to data
processed?
A The directive applies to data processed by a natural person in the course of purely
personal activities.
B The directive applies to data processed by automated means and data contained in
paper files.
C The directive applies to data processed by automated means in the course of purely
personal activities.
D The directive applies to data processed in the course of an activity that falls outside
the scope of community law, such as public safety. - ✔✔B
✔✔An organization wants to preserve control of its IT environments and takes
advantage of flexibility, scalability, and cost savings. Which cloud deployment model
helps the organization do this?
A Private
B Hybrid
C Community
D Public - ✔✔B
✔✔Which models allows the customer to choose\manage their software and operating
systems?
A PaaS
B IaaS
C DBaaS
D SaaS - ✔✔B
✔✔When using an IaaS solution, what is a key benefit provided to the customer?
A Transferred cost of ownership
B Metered and priced usage on the basis of units consumed
C The ability to scale up infrastructure services based on projected usage
D Increased energy and cooling system efficiencies - ✔✔B
✔✔Which of the following is not an access control?
