NO.378 What are the U.S. State Department controls on technology exports known as?

NO.379 Which of the following security technologies is commonly used to give administrators access into trust zones within an environment?

NO.380 Which SSAE 16 report is purposefully designed for public release (for instance, to be posted on a company’s website)?

NO.381 A loosely coupled storage cluster will have performance and capacity limitations based on the ____________.
Response:

NO.382 Although encryption can help an organization to effectively decrease the possibility of data breaches, which other type of threat can it increase the chances of?

NO.383 There are many situations when testing a BCDR plan is appropriate or mandated.
Which of the following would not be a necessary time to test a BCDR plan?

NO.384 Which phase of the cloud data lifecycle would be the MOST appropriate for the use of DLP technologies to protect the data?

NO.385 Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on.
Which of the following audits are considered “restricted use” versus being for a more broad audience?

NO.386 Hardening the operating system refers to all of the following except:

NO.387 Which of the following represents a prioritization of applications or cloud customers for the allocation of additional requested resources when there is a limitation on available resources?

NO.388 Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?

NO.389 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “unvalidated redirects and forwards.” Which of the following is a good way to protect against this problem?

NO.390 Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?

NO.391 Hardening the operating system refers to all of the following except:

NO.392 Which of the following is NOT a focus or consideration of an internal audit?

NO.393 One of the main components of system audits is the ability to track changes over time and to match these changes with continued compliance and internal processes.
Which aspect of cloud computing makes this particular component more challenging than in a traditional data center?

NO.394 Which of the following is NOT one of five principles of SOC Type 2 audits?

NO.395 The Transport Layer Security (TLS) protocol creates a secure communications channel over public media (such as the Internet). In a typical TLS session, who initiates the protocol?

NO.396 What concept does the A represent within the DREAD model?

NO.397 Resolving resource contentions in the cloud will most likely be the job of the
____________.
Response:

NO.398 What is the concept of isolating an application from the underlying operating system for testing purposes?