C845 - INFORMATION SYSTEMS
SECURITY UPDATE 2026 QUESTIONS
AND ANSWERS WITH VERIFIED
SOLUTIONS 100% CORRECT
When are private clouds ideal - CORRECT ANSWES -- • When data cannot be stored
off-premises due to regulatory or contractual requirements
• When cloud provider costs exceed the cost to build and own
• When considerations exist regarding control over a location or jurisdictional, legal, or
other proprietary information
Private Cloud Security Considerations - CORRECT ANSWES -- Created internally with
organization-owned networking equipment, so they maintain the same security risks
associated with any internal network
Community Cloud - CORRECT ANSWES -- Established to provide cloud services to a
group of users that can be defined as users requiring access to the same information to
be used for a similar purpose.
Public Cloud - CORRECT ANSWES -- Probably the most common cloud platform. The
easiest cloud offering for any individual to utilize.
One Drive, Google Docs
Public Cloud Security Concerns - CORRECT ANSWES -- In the event that a public
cloud is compromised, passwords, access control, and proprietary information may be
exposed. The clients are purely at the mercy of the cloud providers to provide adequate
security.
Hybrid Cloud - CORRECT ANSWES -- Consist of combining two forms of cloud
deployments. Offer a great degree of flexibility to an organization that require cloud-
based services but wish to capitalize on the cost savings afforded by cloud services
providers
,Private Cloud/Public Cloud - CORRECT ANSWES -- This environment retains restricted
or regulated information in-house in a flexible private cloud scenario. It provides the
benefits of a public cloud to departments that require elasticity or cross-platform access.
Private Cloud/Community Cloud - CORRECT ANSWES -- This environment retains
restricted or regulated information in-house in a flexible private cloud environment, while
it provides extranet capability for suppliers or customers in a community cloud
environment. This provides the flexibility of a community cloud with the continued
elasticity and cross-platform access behind web browser functionality.
Software as a Service (SaaS) - CORRECT ANSWES -- Only allows the user or client
access to an application that is hosted in the cloud. Such applications run on a cloud
provider's equipment, and the provider manages all hardware infrastructure and security
Tenant - CORRECT ANSWES -- Each organization serviced by a SaaS provider
SaaS Delivery Models - CORRECT ANSWES -- • Hosted Application
• On-Demand Software
• Cloud Provider Applications
Hosted Application - CORRECT ANSWES -- In this SaaS model the application vendor
does not own the cloud equipment and is hosting the application for a cloud service
provider. The application vendor maintains the application with patches and updates
and generally makes access to the application available on a subscription basis or
through corporate entitlement contracts. Function identically to applications that may be
loaded on a user's workstation and are transparent to the end user
On-Demand Software - CORRECT ANSWES -- This SaaS model features a software
application that is owned or created by an application vendor and is hosted on the
application vendor's cloud infrastructure. The application supplier manages and
maintains the application as well as the cloud infrastructure.
Cloud Provider Applications - CORRECT ANSWES -- This SaaS model usually consists
of a suite of applications hosted on a commercial cloud provider's infrastructure and
owned and maintained by the cloud provider
Platform as a Service (PaaS) - CORRECT ANSWES -- Allows a customer to rent
virtualized servers and associated services used to run existing applications or to
design, develop, test, deploy, and host applications. Delivered as an integrated
computing platform, which may be used to develop software applications. Used to build,
test, and run applications on a cloud service provider's equipment rather than locally on
user-owned servers.
,Infrastructure as a Service (IaaS) - CORRECT ANSWES -- The cloud provider supplies
the capability of creating cloud-based networks utilizing standard or virtualized
networking components. Allows for rapid expansion.
Dedicated Hosting - CORRECT ANSWES -- A type of hosting option in which the client
LEASES AN ENTIRE SERVER, which is then dedicated solely to the client.
Managed Cloud Hosting - CORRECT ANSWES -- An IT networking process in which an
organization extends its local network into a cloud-based environment.
The Four Primary Activities - CORRECT ANSWES -- • Executing applications
• Processing data
• Transmitting and moving data
• Storing and retrieving data
Three Ps of data processing within an application - CORRECT ANSWES -- •
Preprocessing
• Processing
• Post-processing
Managed File Transfer (MFT) - CORRECT ANSWES -- The transfer of data to, from,
and between clouds securely and reliably regardless of data file size.
Areas of Managed File Transfer - CORRECT ANSWES -- • File Size
• Communication Reliability
• Data Security
Erasure coding (EC) - CORRECT ANSWES -- A data storage and data identification
technology used to provide high-availability and data reliability to cloud-stored data.
Reconstructs data using codes. More CPU intensive and require smore processing
overhead
A NON-REGULATORY agency of the United States Department of COMMERCE that
offers an incredible variety of standards - CORRECT ANSWES -- A non-regulatory
agency of the United States Department of Commerce that offers an incredible variety
of standards
Internet Engineering Task Force (IETF) - CORRECT ANSWES -- Develops and
promotes INTERNET standards that may be voluntarily adopted throughout the
industry.
, At one time supported by the federal government, it now performs a standards
development function under the Internet Society
Institute of Electrical and Electronics Engineers (IEEE) - CORRECT ANSWES --
Professional organization for the advancement of computer engineering and computer
science, among other aspects of electronics and communications. As one of the leading
standards organizations, it is responsible for the 802 group of standards
American National Standards Institute (ANSI) - CORRECT ANSWES -- A NONPROFIT
ORGANIZATION that oversees the development of STANDARDS that are approved by
consensus and are applied on a voluntary basis across a given industry.
Manages and maintains the ASCII standard
World Wide Web Consortium (W3C) - CORRECT ANSWES -- Standards organization
in which members, staff, and the public collaborate to develop web standards. The web
technologies include the recommended implementation of Cascading Style Sheets and
XHTML, among many other recommendations
International Organization for Standardization (ISO) - CORRECT ANSWES -- A true
standards organization. It tests various products and provides its seal of approval once
they pass rigorous tests. The organization administers over 13,000 standards across
many industries.
Telecommunications Industry Association (TIA) - CORRECT ANSWES -- Accredited by
the American National Standards Institute (ANSI) to develop voluntary, consensus-
based industry standards for a wide variety of information and communication
technologies (ICT) products and currently represents nearly 400 companies
SANS Institute - CORRECT ANSWES -- A private company formed in 1989 that
provides training to the cyber security industry
Security Triad - CORRECT ANSWES -- Confidentiality
Availability
Integrity
The Primary Security Categories - CORRECT ANSWES -- Prevention
Detection
Recovery
Access Control Steps - CORRECT ANSWES -- Identification
Authentication
Authorization
Accounting
Auditing
SECURITY UPDATE 2026 QUESTIONS
AND ANSWERS WITH VERIFIED
SOLUTIONS 100% CORRECT
When are private clouds ideal - CORRECT ANSWES -- • When data cannot be stored
off-premises due to regulatory or contractual requirements
• When cloud provider costs exceed the cost to build and own
• When considerations exist regarding control over a location or jurisdictional, legal, or
other proprietary information
Private Cloud Security Considerations - CORRECT ANSWES -- Created internally with
organization-owned networking equipment, so they maintain the same security risks
associated with any internal network
Community Cloud - CORRECT ANSWES -- Established to provide cloud services to a
group of users that can be defined as users requiring access to the same information to
be used for a similar purpose.
Public Cloud - CORRECT ANSWES -- Probably the most common cloud platform. The
easiest cloud offering for any individual to utilize.
One Drive, Google Docs
Public Cloud Security Concerns - CORRECT ANSWES -- In the event that a public
cloud is compromised, passwords, access control, and proprietary information may be
exposed. The clients are purely at the mercy of the cloud providers to provide adequate
security.
Hybrid Cloud - CORRECT ANSWES -- Consist of combining two forms of cloud
deployments. Offer a great degree of flexibility to an organization that require cloud-
based services but wish to capitalize on the cost savings afforded by cloud services
providers
,Private Cloud/Public Cloud - CORRECT ANSWES -- This environment retains restricted
or regulated information in-house in a flexible private cloud scenario. It provides the
benefits of a public cloud to departments that require elasticity or cross-platform access.
Private Cloud/Community Cloud - CORRECT ANSWES -- This environment retains
restricted or regulated information in-house in a flexible private cloud environment, while
it provides extranet capability for suppliers or customers in a community cloud
environment. This provides the flexibility of a community cloud with the continued
elasticity and cross-platform access behind web browser functionality.
Software as a Service (SaaS) - CORRECT ANSWES -- Only allows the user or client
access to an application that is hosted in the cloud. Such applications run on a cloud
provider's equipment, and the provider manages all hardware infrastructure and security
Tenant - CORRECT ANSWES -- Each organization serviced by a SaaS provider
SaaS Delivery Models - CORRECT ANSWES -- • Hosted Application
• On-Demand Software
• Cloud Provider Applications
Hosted Application - CORRECT ANSWES -- In this SaaS model the application vendor
does not own the cloud equipment and is hosting the application for a cloud service
provider. The application vendor maintains the application with patches and updates
and generally makes access to the application available on a subscription basis or
through corporate entitlement contracts. Function identically to applications that may be
loaded on a user's workstation and are transparent to the end user
On-Demand Software - CORRECT ANSWES -- This SaaS model features a software
application that is owned or created by an application vendor and is hosted on the
application vendor's cloud infrastructure. The application supplier manages and
maintains the application as well as the cloud infrastructure.
Cloud Provider Applications - CORRECT ANSWES -- This SaaS model usually consists
of a suite of applications hosted on a commercial cloud provider's infrastructure and
owned and maintained by the cloud provider
Platform as a Service (PaaS) - CORRECT ANSWES -- Allows a customer to rent
virtualized servers and associated services used to run existing applications or to
design, develop, test, deploy, and host applications. Delivered as an integrated
computing platform, which may be used to develop software applications. Used to build,
test, and run applications on a cloud service provider's equipment rather than locally on
user-owned servers.
,Infrastructure as a Service (IaaS) - CORRECT ANSWES -- The cloud provider supplies
the capability of creating cloud-based networks utilizing standard or virtualized
networking components. Allows for rapid expansion.
Dedicated Hosting - CORRECT ANSWES -- A type of hosting option in which the client
LEASES AN ENTIRE SERVER, which is then dedicated solely to the client.
Managed Cloud Hosting - CORRECT ANSWES -- An IT networking process in which an
organization extends its local network into a cloud-based environment.
The Four Primary Activities - CORRECT ANSWES -- • Executing applications
• Processing data
• Transmitting and moving data
• Storing and retrieving data
Three Ps of data processing within an application - CORRECT ANSWES -- •
Preprocessing
• Processing
• Post-processing
Managed File Transfer (MFT) - CORRECT ANSWES -- The transfer of data to, from,
and between clouds securely and reliably regardless of data file size.
Areas of Managed File Transfer - CORRECT ANSWES -- • File Size
• Communication Reliability
• Data Security
Erasure coding (EC) - CORRECT ANSWES -- A data storage and data identification
technology used to provide high-availability and data reliability to cloud-stored data.
Reconstructs data using codes. More CPU intensive and require smore processing
overhead
A NON-REGULATORY agency of the United States Department of COMMERCE that
offers an incredible variety of standards - CORRECT ANSWES -- A non-regulatory
agency of the United States Department of Commerce that offers an incredible variety
of standards
Internet Engineering Task Force (IETF) - CORRECT ANSWES -- Develops and
promotes INTERNET standards that may be voluntarily adopted throughout the
industry.
, At one time supported by the federal government, it now performs a standards
development function under the Internet Society
Institute of Electrical and Electronics Engineers (IEEE) - CORRECT ANSWES --
Professional organization for the advancement of computer engineering and computer
science, among other aspects of electronics and communications. As one of the leading
standards organizations, it is responsible for the 802 group of standards
American National Standards Institute (ANSI) - CORRECT ANSWES -- A NONPROFIT
ORGANIZATION that oversees the development of STANDARDS that are approved by
consensus and are applied on a voluntary basis across a given industry.
Manages and maintains the ASCII standard
World Wide Web Consortium (W3C) - CORRECT ANSWES -- Standards organization
in which members, staff, and the public collaborate to develop web standards. The web
technologies include the recommended implementation of Cascading Style Sheets and
XHTML, among many other recommendations
International Organization for Standardization (ISO) - CORRECT ANSWES -- A true
standards organization. It tests various products and provides its seal of approval once
they pass rigorous tests. The organization administers over 13,000 standards across
many industries.
Telecommunications Industry Association (TIA) - CORRECT ANSWES -- Accredited by
the American National Standards Institute (ANSI) to develop voluntary, consensus-
based industry standards for a wide variety of information and communication
technologies (ICT) products and currently represents nearly 400 companies
SANS Institute - CORRECT ANSWES -- A private company formed in 1989 that
provides training to the cyber security industry
Security Triad - CORRECT ANSWES -- Confidentiality
Availability
Integrity
The Primary Security Categories - CORRECT ANSWES -- Prevention
Detection
Recovery
Access Control Steps - CORRECT ANSWES -- Identification
Authentication
Authorization
Accounting
Auditing
