- (Exam Topic 3)
What type of storage structure does object storage employ to maintain files?

1. A. Directory
2. B. Hierarchical
3. C. tree
4. D. Flat

Correct Answer: D
Object storage uses a flat file system to hold storage objects; it assigns files a key value that is then used to access them, rather than relying on directories or descriptive filenames. Typical storage layouts such as tree, directory, and hierarchical structures are used within volume storage, whereas object storage maintains a flat structure with key values.

- (Exam Topic 4)
Countermeasures for protecting cloud operations against internal threats include all of the following except:

1. A. Extensive and comprehensive training programs, including initial, recurring, and refresher sessions
2. B. Skills and knowledge testing
3. C. Hardened perimeter devices
4. D. Aggressive background checks

Correct Answer: C
Hardened perimeter devices are more useful at attenuating the risk of external attack.

- (Exam Topic 1)
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

1. A. Missing function level access control
2. B. Cross-site scripting
3. C. Cross-site request forgery
4. D. Injection

Correct Answer: B
Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user's browser without going through any validation or sanitization processes, or where the code is not properly
escaped from processing by the browser. The code is then executed on the user's browser with the user's own access and permissions, allowing an attacker to redirect their web traffic, steal data from their session, or potentially access information on the user's own computer that their browser has the ability to access.

- (Exam Topic 4)
You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition.
Which of the following cloud concepts would this pertain to?

1. A. Removability
2. B. Extraction
3. C. Portability
4. D. Reversibility

Correct Answer: D
Reversibility is the cloud concept involving the ability for a cloud customer to remove all of its data and IT assets from a cloud provider. Also, processes and agreements would be in place with the cloud provider that ensure all removals have been completed fully within the agreed upon timeframe. Portability refers to the ability to easily move between different cloud providers and not be locked into a specific one. Removability and extraction are both provided as terms similar to reversibility, but neither is the official term or concept.

- (Exam Topic 4)
BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the required amount of time to restore services to the predetermined level?

1. A. RPO
2. B. RSL
3. C. RTO
4. D. SRE

Correct Answer: C
The recovery time objective (RTO) measures the amount of time necessary to recover operations to meet the BCDR plan. The recovery service level (RSL) measures the percentage of operations that would be recovered during a BCDR situation. The recovery point objective (RPO) sets and defines the amount of data an organization must have available or accessible to reach the predetermined level of operations necessary during a BCDR situation. SRE is provided as an erroneous response.