- (Exam Topic 1)
Which technique involves replacing values within a specific data field to protect sensitive data?

1. A. Anonymization
2. B. Masking
3. C. Tokenization
4. D. Obfuscation

Correct Answer: B
Masking involves replacing specific data within a data set with new values. For example, with credit card fields, as most who have ever purchased anything online can attest, nearly the entire credit card number is masked with a character such as an asterisk, with the last four digits left visible for identification and confirmation.

- (Exam Topic 1)
Within an Infrastructure as a Service model, which of the following would NOT be a measured service?

1. A. CPU
2. B. Storage
3. C. Number of users
4. D. Memory

Correct Answer: C
Within IaaS, the number of users on a system is not relevant to the particular hosting model in regard to cloud resources. IaaS is focused on infrastructure needs of a system or application. Therefore, a factor such as the number of users that could affect licensing requirements, for example, would apply to the SaaS model, or in some instances to PaaS.

- (Exam Topic 1)
What is the best approach for dealing with services or utilities that are installed on a system but not needed to perform their desired function?

1. A. Remove
2. B. Monitor
3. C. Disable
4. D. Stop

Correct Answer: A
The best practice is to totally remove any unneeded services and utilities on a system to prevent any chance of compromise or use. If they are just disabled, it is possible for them to be inadvertently started again at any point, or another exploit could be used to start them again. Removing also negates the need to patch and maintain them going forward.

- (Exam Topic 3)
The president of your company has tasked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services.
Which of the cloud deployment models would you MOST likely be exploring?

1. A. Hybrid
2. B. Private
3. C. Community
4. D. Public

Correct Answer: A
A hybrid cloud model spans two more different hosting configurations or cloud providers. This would enable an organization to continue using its current hosting configuration, while adding additional cloud services to enable disaster recovery capabilities. The other cloud deployment models--public, private, and
community--would not be applicable for seeking a disaster recovery configuration where cloud services are to be leveraged for that purpose rather than production service hosting.

- (Exam Topic 4)
The different cloud service models have varying levels of responsibilities for functions and operations depending with the model's level of service.
In which of the following models would the responsibility for patching lie predominantly with the cloud customer?

1. A. DaaS
2. B. SaaS
3. C. PaaS
4. D. IaaS

Correct Answer: D
With Infrastructure as a Service (IaaS), the cloud customer is responsible for deploying and maintaining its own systems and virtual machines. Therefore, the customer is solely responsible for patching and any other security updates it finds necessary. With Software as a Service (SaaS), Platform as a Service (PaaS), and Desktop as a Service (DaaS), the cloud provider maintains the infrastructure components and is responsible for maintaining and patching them.