QUESTION 494
Which of the following publishes the most commonly used standard for data center design in regard to tiers and topologies?

QUESTION 495
An audit against the __________ will demonstrate that an organization has a holistic, comprehensive security program.
Response:

QUESTION 496
The management plane is used to administer a cloud environment and perform administrative tasks across a variety of systems, but most specifically it’s used with the hypervisors.
What does the management plane typically leverage for this orchestration?

QUESTION 497
Your IT steering committee has, at a high level, approved your project to begin using cloud services. However, the committee is concerned with getting locked into a single cloud provider and has flagged the ability to easily move between cloud providers as a top priority. It also wants to save costs by reusing components.
Which cross-cutting aspect of cloud computing would be your primary focus as your project plan continues to develop and you begin to evaluate cloud providers?

QUESTION 498
What can tokenization be used for?
Response:

QUESTION 499
Which type of controls are the SOC Type 1 reports specifically focused on?

QUESTION 500
Which of the following is NOT a major regulatory framework?

QUESTION 501
Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?

QUESTION 502
When an organization is considering the use of cloud services for BCDR planning and solutions, which of the following cloud concepts would be the most important?

QUESTION 503
The various models generally available for cloud BC/DR activities include all of the following except:

QUESTION 504
Every security program and process should have which of the following?

QUESTION 505
What type of data does data rights management (DRM) protect?

QUESTION 506
Which of the following threats from the OWASP Top Ten is the most difficult for an organization to protect against?
Response:

QUESTION 507
When is a virtual machine susceptible to attacks while a physical server in the same state would not be?

QUESTION 508
One of the main components of system audits is the ability to track changes over time and to match these changes with continued compliance and internal processes.
Which aspect of cloud computing makes this particular component more challenging than in a traditional data center?

QUESTION 509
Which SSAE 16 report is purposefully designed for public release (for instance, to be posted on a company’s website)?

QUESTION 510
Implementing baselines on systems would take an enormous amount of time and resources if the staff had to apply them to each server, and over time, it would be almost impossible to keep all the systems in sync on an ongoing basis.
Which of the following is NOT a package that can be used for implementing and maintaining baselines across an enterprise?