C849 Practice Test C

Term
1 / 50
Marry, a deployment manager works with a software development group to assess the security of a new version of the organization's internally developed tool. The organization prefers focusing on assessing security throughout the life cycle. Which of the following methods should she perform to assess the security of the product?

A Regression testing
B Unit testing
C Content filtering
D Vulnerability scanning
Click the card to flip 👆
Terms in this set (50)
Marry, a deployment manager works with a software development group to assess the security of a new version of the organization's internally developed tool. The organization prefers focusing on assessing security throughout the life cycle. Which of the following methods should she perform to assess the security of the product?

A Regression testing
B Unit testing
C Content filtering
D Vulnerability scanning
D Vulnerability scanning
Rhea, a network administrator, wants to create an entire virtual network with all of the virtual devices needed to support the service or application. Which of the following cloud models will she use to accomplish the task?

A Monitoring as a service
B Infrastructure as a service
C Platform as a service
D Software as a service
C Platform as a service
Which of the following features of cloud computing is essential to ensure an e-commerce application can receive orders without any downtime?

A Scalability
B Pay-as-you-go
C Elasticity
D Availability
D Availability
Which law requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results?

A Gramm-Leach-Bliley Act
B General Data Protection Regulation
C Federal Information Processing Standard
D Sarbanes-Oxley Act
D Sarbanes-Oxley Act
Maria, a network analyst, can connect to all the web services individually, but each requires a different password. She wants to access web services securely with a unique password by eliminating the overhead of entering the different passwords for different services. Which of the following should she configure?

A Secure shell
B Single sign-on
C Server message block
D Secure socket layer
B Single sign-on
Which of the following allows clients to remotely connect to a virtual Linux machine?

A Secure Shell
B Secure Socket Layer
C Hypertext Transfer Protocol Secure
D Remote Desktop Protocol
A Secure Shell
Which of the following is an open and distributed ledger that can securely record transactions between two parties in a verifiable and permanent way?

A Baseline
B Containerization
C Federation
D Blockchain
D Blockchain
Which of the following is used in conjunction with a web browser and can be used to access cloud resources?

A Secure Shell
B Transmission Control Protocol
C Simple Mail Transfer Protocol
D Hypertext Transfer Protocol Secure
D Hypertext Transfer Protocol Secure
You are working for a multinational public corporation. There are offices in China and Germany. You are helping to deploy a chat application to be used by all three offices. The accounting department wants to be able to use chat software. You will also be required to save all chat communications. Which regulations do you need to worry about?

A General data protection regulation
B Federal
C Data sovereignty
D Protected health information
C Data sovereignty
Peter, a security analyst, is asked to perform a security audit of the systems on a network to determine their compliance with security policies. Which of the following will he perform in the audit?

A Vulnerability scanning
B Sniffing
C SCAP scanning
D Port scanning
A Vulnerability scanning
What type of scaling includes the addition of servers to a pool for handling system load? A Orchestration B Vertical C Round robin D HorizontalD HorizontalHarry is a software developer for NiCo Inc. He is migrating the company's time and attendance application to the cloud. He only wants to be responsible for the application and would prefer that the public cloud company manage all underlying infrastructure and servers that are required to support his application. For that purpose, he asked one of the company's cloud architect for assistance in selecting a cloud service model that would meet his requirements. What would the cloud architect suggest to him? A Platform as a service B Network as a service C Communications as a service D Monitoring as a serviceA Platform as a serviceLinda works in the IT security group at BigCo Inc. She has been tasked to reduce the cloud storage space without affecting the company's data. For that purpose, she has decided to remove redundant words or phrases from the storage and replace them with a shorter placeholder. Which of the following cloud storage solutions will she use? A Compaction B Sanitization C Compression D DeduplicationC CompressionMark, a security administrator, observes multiple service interruptions caused by the company's cloud server. He investigated the cause of the interruption and found that several programs on the cloud server are affected by malware. To resolve this issue, he decided to test each program by safely executing it in an isolated environment. Which of the following should he use? A Sandboxing B Content filtering C Multitenancy D Vulnerability scanningA SandboxingWhich of the following storage solutions works at the file-level or block-level to eliminate duplicate data? A Sanitization B Encryption C Deduplication D CompactionC DeduplicationJack is a cloud+ professional researching data replication options for his MySQL database. For redundancy reasons, he decided to create a backup replica in a different availability zone that could become master should the primary zone go offline. For performance reasons, he has decided to update the replica in near real-time after the initial write operation on the primary database. What will he use? A Mirroring B Asynchronous replication C Synchronous replication D Transactional replicationB Asynchronous replicationWhat are the principles for constructing a request for information? Each correct answer represents a complete solution. Choose all that apply. A Provide points of contact for both the customer and the vendor. B Define recompense or remediation plans if performance levels are not maintained. C Be clear on the process, timelines, and next steps. DMake it as easy as possible for the vendor to completeC Be clear on the process, timelines, and next steps. DMake it as easy as possible for the vendor to completeYour organization enforces new data privacy laws, like general data protection regulation (GDPR) which significantly restricts that information should be converted and stored in binary digital form. Which of the following concepts does this law encompass? A Data sovereignty B Data remnants C Data sourcing D Data encryptionA Data sovereigntyBella is working as a cloud administrator at NilCo. Management has asked her to migrate the applications from on-premises to the cloud. For this, Bella investigated and found that all the applications need to be completely redesigned from scratch during migration. Which migration approaches will she use to accomplish this task? A Transactional replication B Rehosting C Lift and shift D Rip and replaceD Rip and replaceWhat are the services do managed service providers (MSPs) deliver? Each correct answer represents a complete solution. Choose all that apply. A Proof of concept B Daily management and troubleshooting C Performance testing D Enhanced license managementB Daily management and troubleshooting C Performance testingJillian is a senior cloud architect at BigCo. She is working on a project to interconnect her company's private data center to a cloud company that offers e-mail and other services that can provide burstable compute capacity. What type of cloud deployment model is she creating? A Community B Private C Hybrid D PublicC HybridWhich of the following are the common infrastructure as a service (IaaS) use cases? Each correct answer represents a complete solution. Choose all that apply. A Providing business processes B Hosting of websites and web apps C Developing and deploying applications in a wide variety of languages D Data storage, backup, and recoveryB Hosting of websites and web apps D Data storage, backup, and recoveryFred is working as a security analyst at XYZ. The company uses Telnet for remote management. Fred recognizes a necessity to replace Telnet with an encrypted network protocol to ensure more secure client-server connections. Which of the following will be a suitable replacement as per his need? A Secure Shell B Hypertext Transfer Protocol C Secure Mail Transfer Protocol D File Transfer ProtocolA Secure ShellYou are working as a network administrator at NilCo. You have prepared an SLA and submitted it to the cloud assessment department of the company. The SLA defines the average server CPU utilization as 40 percent. What will the cloud assessment team use to determine if this is acceptable performance? A Federation B Benchmark C Containerization D Gap analysisB BenchmarkWhich virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it? A Snapshot B Full backup C Bootstrapping D ReplicationA SnapshotWhat are the requirements for the International Organization of Standardization (ISO) 27018? Each correct answer represents a complete solution. Choose all that apply. A Customers of CSPs know where their data is stored. B CSPs will comply only with legally-binding requests for disclosure of customer data. C Customers of CSPs know what's happening with their PII. D Customer data is used for marketing without explicit consent.A Customers of CSPs know where their data is stored. B CSPs will comply only with legally-binding requests for disclosure of customer data. C Customers of CSPs know what's happening with their PII.How many nines of uptime should the CSP guarantee if the acceptable downtime per year is 52.6 minutes and downtime per day is 8.64 seconds? A Five B Four C Three D SixB FourHazel is working as a cloud administrator at NilCo. The company has several departments and each department has a different cloud strategy. Management has asked Hazel to monitor the cloud resources used by each department such that the departments pay only for the resources they are using. What will she use to accomplish this task? A Right-sizing B Blockchain C Resource tagging D OrchestrationC Resource taggingWho is responsible for defining the recovery point objective (RPO) and the recovery time objective (RTO) in a service level agreement (SLA)? A The cloud service provider (CSP) defines both the RPO and the RTO. B The client defines the RPO, and the cloud service provider (CSP) defines the RTO. C The client defines the RTO, and the cloud service provider (CSP) defines the RPO. D The client defines both the RPO and the RTO.D The client defines both the RPO and the RTO.What are the three parts of orchestration in cloud configuration management? A Chargeback, storage, and pipeline B Instances, workflow, and log C Runbook, workflow, and pipeline D Chargeback, workflow, and computeC Runbook, workflow, and pipelineCarl is learning about how cloud service providers allocate physical resources into a group. These resources are then dynamically associated with cloud services, as demand requires. Which of the following cloud characteristics is he learning? A Elasticity B Resource pooling C On-demand D AvailabilityB Resource poolingShawn, a network administrator, wants to create a clone of two different virtual servers and place them in a new virtual network isolated from the production network. Which of the following will he use? A Splunk B Prototype C Sandbox D SnapshotC SandboxThe only parking garage near your office building is across the street at a busy intersection, and all your employees must cross the intersection. There is a parking garage that is farther away on the same side of the street, but your employees either can't or don't want to use it because of the distance. The organization decides to purchase and offer a shuttle service from the distant parking garage free of charge to the employees. This is best described as what type of risk response technique? A Reject B Avoidance C Transference D MitigationD MitigationThe company that you work for has decided to implement a new inventory management system that affects all departments. Which of the following management strategies should HR recommend? A Community of practice B Career management C Total quality management D Change managementD Change managementStella has been directed by her employer's finance department that they cannot afford to lose any more than 30 minutes of data in the case of a database failure or other catastrophic event. Stella has updated her corporate business continuity and disaster recovery plans. What metric did she change? A Recovery point objective B Crash recovery C Instance recovery D Recovery time objectiveD Recovery time objectiveWhich of the following is a process of assigning costs of cloud resources to either individuals or departments that are responsible for the resources? A Autoscaling B Right-sizing C Chargeback D Resource taggingC ChargebackEmma is working as a network administrator at BigCo. She has received multiple issues from the application department employees that they cannot access the company's website. For that purpose, she has decided to conduct some fact-finding. Upon her investigation, she found that the company's server cannot resolve the hostnames (or URLs) to IP addresses. Which of the following is responsible for this issue? A Firewall B Content delivery network C Domain Name System D Software-defined storageC Domain Name SystemWhich of the following sections should you include while constructing a contract? Each correct answer represents a complete solution. Choose all that apply A Acceptable use policy B Service level agreement C Ingress terms D Privacy and automation policyA Acceptable use policy B Service level agreementMaria is a security analyst in the XYZ company. Management has asked her to implement a solution that helps users to authenticate themselves using two or more pieces of information. For that purpose, she is implementing multifactor authentication (MFA). Which of the following implementations should she deploy? A Usernames, strong passwords, and PIN B Smart cards, usernames, and strong passwords C Biometrics, smart cards, and strong passwords D Smart cards, usernames, and PINC Biometrics, smart cards, and strong passwordsWhat are the three key principles of a blockchain? A Transparency, resiliency, and availability B Decentralization, transparency, and immutability C Multitenancy, redundancy, and availability D Resiliency, multitenancy, and availabilityB Decentralization, transparency, and immutabilityWhich of the following security policies provides reasoning about goals and mission statements for the organization? A Advisory B Cumulative C Regulatory D InformativeD InformativeWhich of the following quality assessment testing validates that new features and bug fixes don't cause a negative impact on the production code? A Load B Integration C Regression D SmokeC RegressionRachel is working as a cloud administrator at the XYZ company. The company has received multiple bugs from the employees as well as the users that they are facing problems in accessing the web pages and downloading images, videos, and so on. For this, management has asked Rachel to speed up access to web resources for users/employees. What should she use to fix this? A Software-defined networking B Content delivery network C Secure Shell D Demilitarized zoneB Content delivery networkLiza is a new cloud+ architect for BigCo Inc. She is using a cloud service that provides computing hardware, but the operating system is not included. Which of the following cloud services is she using? A Software as a service B Communications as a service C Infrastructure as a service D Platform as a serviceC Infrastructure as a serviceWhich of the following should be included in the statement of work (SOW)? Each correct answer represents a complete solution. Choose all that apply. A Roles and responsibilities of the vendor and the client B Acceptable use policy C Key performance indicators D Points of contact for both parties E Egress termsA Roles and responsibilities of the vendor and the client C Key performance indicators D Points of contact for both partiesWhich term describes the process of automatic testing and deploying code to production? A Continuous delivery B Continuous integration C Infrastructure as code D Contiguous delegationA Continuous deliveryHow will you determine the practicality of migrating the on-premises data to the cloud? A By implementing blockchain B By running a feasibility study C By using a baseline D By conducting a gap analysisB By running a feasibility studyYour legal department wants to start using cloud resources. However, since all of their work will be associated with legal cases, they need accurate usage and billing breakdown to bill the clients. What are you being asked to implement? A Chargeback B Orchestration C Right-sizing D MaintenanceA ChargebackBeatriz stops at her bank's ATM on her way home from work. She inserts her ATM card into the ATM and then enters her PIN on the keypad. What type of authentication is she using? A Single-factor B Multifactor C Federation D Single sign-onB MultifactorWhich of the following is a legally binding document that specifies the terms of service between two parties, such as a CSP and a client? A Pilot B Contract C Service level agreement D Proof of conceptB Contract