6

Question 1

Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy?
A. A load balancer
B. NIC teaming
C. Geographic diversity
D. A multipath network

Answer 1

A. A load balancer

Question 2

Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?
A. A new full backup
B. A snapshot
C. An incremental backup
D. A differential backup

Answer 2

D. A differential backup

Question 3

What type of recovery site has some or most systems in place but does not have the data needed to take over operations?
A. A hot site
B. A warm site
C. A cloud site
D. A cold site

Answer 3

B. A warm site

Question 4

Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?
A. RAID 1
B. RAID 5
C. RAID 6
D. RAID 10

Answer 4

D. RAID 10

Question 5

Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?
A. A full backup
B. A snapshot
C. A differential backup
D. A LiveCD

Answer 5

B. A snapshot

Question 6

Sally is working to restore her organization’s operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?
A. The restoration order documentation
B. The TOTP documentation
C. The HOTP documentation
D. The last-known good configuration documentation

Answer 6

A. The restoration order documentation

Question 7

Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?
A. An air gap
B. A hot aisle
C. A robotic sentry
D. A bollard

Answer 7

D. A bollard

Question 8

Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this?
A. Degaussing
B. Burning
C. Pulverizing
D. Shredding

Answer 8

A. Degaussing

Question 9

Why are Faraday cages deployed?
A. To prevent tailgating
B. To assist with fire suppression
C. To prevent EMI
D. To prevent degaussing

Answer 9

C. To prevent EMI

Question 10

Which of the following controls helps prevent insider threats?
A. Two-person control
B. Visitor logs
C. Air gaps
D. Reception desks and staff

Answer 10

A. Two-person control

Question 11

Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?
A. Infrared cameras
B. Facial recognition
C. Motion detection
D. PTZ

Answer 11

C. Motion detection

Question 12

What factor is a major reason organizations do not use security guards?
A. Reliability
B. Training
C. Cost
D. Social engineering

Answer 12

C. Cost

Question 13

Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this?
A. An air gap
B. A Faraday cage
C. A cold aisle
D. A screened subnet

Answer 13

A. An air gap

Question 14

Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?
A. Fences
B. Lighting
C. Robotic sentries
D. Signs

Answer 14

C. Robotic sentries

Question 15

How does technology diversity help ensure cybersecurity resilience?
A. It ensures that a vulnerability in a single company’s product will not impact the entire infrastructure.
B. If a single vendor goes out of business, the company does not need to replace its entire infrastructure.
C. It means that a misconfiguration will not impact the company’s entire infrastructure.
D. All of the above.

Answer 15

D. All of the above.

Question 16

Scott send his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented?
A. Nearline
B. Safe
C. Online
D. Offline

Answer 16

D. Offline

Question 17

Gabby wants to implement a mirrored drive solution. What RAID level does this describe?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 6

Answer 17

B. RAID 1

Question 18

Florian wants to ensure that systems on a protected network cannot be attacked via the organization’s network. What design technique should he use to ensure this?
A. A hot aisle
B. An air gap
C. A cold aisle
D. Protected cable distribution

Answer 18

B. An air gap

Question 19

What type of physical security control is shown here?

An illustration shows a rectangle with 2 doors, one on the left side, labeled Door 1, and the other on the right side, labeled Door 2. A Secure Area is represented by a dashed rectangle adjacent to the first rectangle on the right side. A downward curving arrow points from Door 1 to the area inside the first rectangle. Another downward curving arrow points from Door 2 to the Secure Area.

A. A Faraday cage
B. A mantrap
C. A bollard
D. An air gap

Answer 19

B. A mantrap

Question 20

Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?
A. Because it is required by law
B. Network traffic latency concerns
C. Geographic dispersal
D. Geographic tax reasons

Answer 20

C. Geographic dispersal

Question 21

Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin’s action?
A. Elasticity
B. Horizontal scaling
C. Vertical scaling
D. High availability

Answer 21

C. Vertical scaling

Question 22

Fran’s organization uses a Type I hypervisor to implement an IaaS offering that it sells to customers. Which one of the following security controls is least applicable to this environment?
A. Customers must maintain security patches on guest operating systems.
B. The provider must maintain security patches on the hypervisor.
C. The provider must maintain security patches on the host operating system.
D. Customers must manage security groups to mediate network access to guest operating systems.

Answer 22

C. The provider must maintain security patches on the host operating system.

Question 23

In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?
A. IaaS
B. FaaS
C. PaaS
D. SaaS

Answer 23

D. SaaS

Question 24

Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
A. CSA CCM
B. NIST SP 500-292
C. ISO 27001
D. PCI DSS

Answer 24

A. CSA CCM

Question 25

Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach? A. Edge computing B. Client-server computing C. Fog computing D. Thin client computing

Answer 25

A. Edge computing

Question 26

Which one of the following statements about cloud computing is incorrect? A. Cloud computing offers ubiquitous, convenient access. B. Cloud computing customers store data on hardware that is shared with other customers. C. Cloud computing customers provision resources through the service provider’s sales team. D. Cloud computing resources are accessed over a network.

Answer 26

C. Cloud computing customers provision resources through the service provider’s sales team.

Question 27

Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen’s service? A. PaaS B. SaaS C. FaaS D. IaaS

Answer 27

B. SaaS

Question 28

Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers? A. Public cloud B. Private cloud C. Community cloud D. Hybrid cloud

Answer 28

D. Hybrid cloud

Question 29

Which one of the following would not commonly be available as an IaaS service offering? A. CRM B. Storage C. Networking D. Computing

Answer 29

A. CRM

Question 30

Which one of the following is not an example of infrastructure as code? A. Defining infrastructure in JSON B. Writing code to interact with a cloud provider’s API C. Using a cloud provider’s web interface to provision resources D. Defining infrastructure in YAML

Answer 30

C. Using a cloud provider’s web interface to provision resources

Question 31

Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs? A. Inline CASB B. Outsider CASB C. Comprehensive CASB D. API-based CASB

Answer 31

D. API-based CASB

Question 32

In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use? A. IaaS only B. SaaS only C. IaaS and PaaS D. IaaS, SaaS, and PaaS

Answer 32

C. IaaS and PaaS

Question 33

Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal? A. Resource policy B. Security group C. Multifactor authentication D. Secure web gateway

Answer 33

A. Resource policy

Question 34

Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal? A. Transit gateway B. HSM C. VPC endpoint D. SWG

Answer 34

A. Transit gateway

Question 35

What component of a virtualization platform is primarily responsible for preventing VM escape attacks? A. Administrator B. Guest operating system C. Host operating system D. Hypervisor

Answer 35

D. Hypervisor

Question 36

Ryan is selecting a new security control to meet his organization’s objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs? A. Third-party control B. Internally developed control C. Cloud-native control D. Any of the above

Answer 36

A. Third-party control

Question 37

Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs? A. Security group B. Resource policy C. CASB D. SWG

Answer 37

C. CASB

Question 38

Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment? A. Japanese law B. European Union law C. U.S. law D. All should have equal weight

Answer 38

D. All should have equal weight

Question 39

Brenda’s company provides a managed incident response service to its customers. What term best describes this type of service offering? A. MSP B. PaaS C. SaaS D. MSSP

Answer 39

D. MSSP

Question 40

Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this? A. Public cloud B. Private cloud C. Hybrid cloud D. Community cloud

Answer 40

A. Public cloud