- (Exam Topic 2)
Which of the following is NOT one of five principles of SOC Type 2 audits?
Correct Answer:
C
The SOC Type 2 audits include five principles: security, privacy, processing integrity, availability, and confidentiality.
- (Exam Topic 2)
Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?
Correct Answer:
A
Signed into law and effective starting on September 1, 2015, Russian Law 526-FZ establishes that any collecting, storing, or processing of personal information or data on Russian citizens must be done from systems and databases that are physically located with the Russian Federation.
- (Exam Topic 4)
The cloud customer’s trust in the cloud provider can be enhanced by all of the following except:
Correct Answer:
D
Video surveillance will not provide meaningful information and will not enhance trust. All the others will do it.
- (Exam Topic 4)
In the cloud motif, the data processor is usually:
Correct Answer:
B
In legal terms, when “data processor” is defined, it refers to anyone who stores, handles, moves, or manipulates data on behalf of the data owner or controller. In the cloud computing realm, this is the cloud provider.
- (Exam Topic 1)
Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hypervisor?
Correct Answer:
B
Type 1 hypervisors run directly on top of the bare metal and only contain the code and functions required to perform their purpose. They do not rely on any other systems or contain extra features to secure.