SECURITY EXAM 2026 FINAL PAPER 1037
QUESTIONS WITH COMPLETE SOLUTIONS
VERIFIED STUDY SET GRADED A+
⩥ "A cloud customer is setting up communication paths with the cloud
service provider that will be used in the event of an incident.
Which action facilitates this type of communication?
(A) Using existing open standards
(B) Incorporating checks on API calls
(C) Identifying key risk indicators (KRIs)
(D) Performing a vulnerability assessment".
Answer: Using existing open standards
⩥ "Which security control does the software as a service (SaaS) model
require as a shared responsibility of all parties involved?
(A) Data
(B) Platform
(C) Application
(D) Infrastructure".
Answer: Application
,⩥ "Which description characterizes the application programming
interface (API) format known as representational state transfer (REST)?
(A) Tolerates errors at a high level
(B) Supports only extensible markup language (XML)
(C) Delivers a slower performance with complex scalability
(D) Provides a framework for developing scalable web applications".
Answer: Provides a framework for developing scalable web applications
⩥ "Which issue occurs when a web browser is sent data without proper
validation?
(A) Cross-site scripting (XXS)
(B) Cross-site request forgery (CSRF)
(C) Insecure direct object access (IDOA)
(D) Lightweight directory access protocol (LDAP) injection".
Answer: Cross-site scripting (XXS)
⩥ "Which security testing approach is used to review source code and
binaries without executing the application?
(A) Fuzz testing
(B) Regression testing
(C) Static application security testing
(D) Dynamic application security testing".
Answer: Static application security testing
, ⩥ "Which issue can be detected with static application security testing
(SAST)?
(A) Malware
(B) Threading
(C) Authentication
(D) Performance".
Answer: Threading
⩥ "Which approach is considered a black-box security testing method?
(A) Source code review
(B) Binary code inspection
(C) Static application security testing
(D) Dynamic application security testing".
Answer: Dynamic application security testing
⩥ "Which primary security control should be used by all cloud accounts,
including individual users, in order to defend against the widest range of
attacks?
(A) Perimeter security
(B) Logging and monitoring
(C) Redundant infrastructure
(D) Multi-factor authentication".