- (Exam Topic 4)
For optimal security, trust zones are used for network segmentation and isolation. They allow for the separation of various systems and tiers, each with its own security level.
Which of the following is typically used to allow administrative personnel access to trust zones?

1. A. IPSec
2. B. SSH
3. C. VPN
4. D. TLS

Correct Answer: C
Virtual private networks (VPNs) are used to provide administrative personnel with secure communication channels through security systems and into trust zones. They allow staff who perform system administration tasks to have access to ports and systems that are not allowed from the public Internet. IPSec is an encryption protocol for point-to-point communications at the network level, and may be used within a trust zone but not to give access into a trust zone. TLS enables encryption of communications between systems and services and would likely be used to secure the VPN communications, but it does not represent the overall concept being asked for in the question. SSH allows for secure shell access to systems, but not for general access into trust zones.

- (Exam Topic 2)
What is the minimum regularity for testing a BCDR plan to meet best practices?

1. A. Once year
2. B. Once a month
3. C. Every six months
4. D. When the budget allows it

Correct Answer: A
Best practices and industry standards dictate that a BCDR solution should be tested at least once a year, though specific regulatory requirements may dictate more regular testing. The BCDR plan should also be tested whenever a major modification to a system occurs.

- (Exam Topic 1)
Which of the following cloud aspects complicates eDiscovery?

1. A. Resource pooling
2. B. On-demand self-service
3. C. Multitenancy
4. D. Measured service

Correct Answer: C
With multitenancy, eDiscovery becomes more complicated because the data collection involves extra steps to ensure that only those customers or systems that are within scope are turned over to the requesting authority.

- (Exam Topic 1)
When is a virtual machine susceptible to attacks while a physical server in the same state would not be?

1. A. When it is behind a WAF
2. B. When it is behind an IPS
3. C. When it is not patched
4. D. When it is powered off

Correct Answer: D
A virtual machine is ultimately an image file residing a file system. Because of this, even when a virtual machine is "powered off," it is still susceptible to attacks and modification. A physical server that is powered off would not be susceptible to attacks.

- (Exam Topic 2)
Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?

1. A. Virtualization
2. B. Multitenancy
3. C. Resource pooling
4. D. Dynamic optimization

Correct Answer: A
Cloud environments will regularly change virtual machines as patching and versions are changed. Unlike a physical environment, there is little continuity from one period of time to another. It is very unlikely that the same virtual machines would be in use during a repeat audit.