- (Exam Topic 2)
Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?

1. A. Delete
2. B. Modify
3. C. Read
4. D. Print

Correct Answer: D
IRM allows an organization to control who can print a set of information. This is not be possible under traditional file system controls, where if a user can read a file, they are able to print it as well.

- (Exam Topic 3)
With a cloud service category where the cloud customer is responsible for deploying all services, systems, and components needed for their applications, which of the following storage types are MOST likely to be available to them?

1. A. Structured and hierarchical
2. B. Volume and object
3. C. Volume and database
4. D. Structured and unstructured

Correct Answer: B
The question is describing the Infrastructure as a Service (IaaS) cloud offering, and as such, the volume and object storage types will be available to the customer. Structured and unstructured are storage types associated with PaaS, and although the other answers present similar-sounding storage types, they are a mix of real and fake names.

- (Exam Topic 2)
Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?

1. A. Service-level agreements
2. B. Governance
3. C. Regulatory requirements
4. D. Auditability

Correct Answer: B
Governance at its core is the idea of assigning jobs, takes, roles, and responsibilities and ensuring they are satisfactory performed.

- (Exam Topic 2)
With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?

1. A. Routing
2. B. Session
3. C. Filtering
4. D. Firewalling

Correct Answer: C
With software-defined networking (SDN), the filtering of network traffic is separated from the forwarding of
network traffic so that it can be independently administered.

- (Exam Topic 2)
What concept does the "D" represent with the STRIDE threat model?

1. A. Data loss
2. B. Denial of service
3. C. Data breach
4. D. Distributed

Correct Answer: B
Any application can be a possible target of denial-of-service (DoS) attacks. From the application side, the developers should minimize how many operations are performed for non-authenticated users. This will keep the application running as quickly as possible and using the least amount of system resources to help minimize the impact of any such attacks.