- (Exam Topic 4)
All of these are methods of data discovery, except:

1. A. Label-based
2. B. User-based
3. C. Content-based
4. D. Metadata-based

Correct Answer: B
All the others are valid methods of data discovery; user-based is a red herring with no meaning.

- (Exam Topic 1)
Which of the following pertains to a macro level approach to data center design rather than the traditional tiered approach to data centers?

1. A. IDCA
2. B. NFPA
3. C. BICSI
4. D. Uptime Institute

Correct Answer: A
The standards put out by the International Data Center Authority (IDCA) have established the Infinity Paradigm, which is intended to be a comprehensive data center design and operations framework. The Infinity Paradigm shifts away from many models that rely on tiered architecture for data centers, where each successive tier increases redundancy. Instead, it emphasizes data centers being approached at a macro level, without a specific and isolated focus on certain aspects to achieve tier status.

- (Exam Topic 2)
Which of the following service capabilities gives the cloud customer the most control over resources and configurations?

1. A. Desktop
2. B. Platform
3. C. Infrastructure
4. D. Software

Correct Answer: C
The infrastructure service capability gives the cloud customer substantial control in provisioning and configuring resources, including processing, storage, and network resources.

- (Exam Topic 3)
If a cloud computing customer wishes to guarantee that a minimum level of resources will always be available, which of the following set of services would compromise the reservation?

1. A. Memory and networking
2. B. CPU and software
3. C. CPU and storage
4. D. CPU and memory

Correct Answer: D
A reservation guarantees to a cloud customer that they will have access to a minimal level of resources to run their systems, which will help mitigate against DoS attacks or systems that consume high levels of resources.
A reservation pertains to memory and CPU resources. Under the concept of a reservation, memory and CPU are the guaranteed resources, but storage and networking are not included even though they are core components of cloud computing. Software would be out of scope for a guarantee and doesn't really pertain to the concept.

- (Exam Topic 4)
Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.
Which of the following is not a regulatory framework for more sensitive or specialized data?

1. A. FIPS 140-2
2. B. FedRAMP
3. C. PCI DSS
4. D. HIPAA

Correct Answer: A
The FIPS 140-2 standard pertains to the certification of cryptographic modules and is not a regulatory framework. The Payment Card Industry Data Security Standard (PCI DSS), the Federal Risk and
Authorization Management Program (FedRAMP), and the Health Insurance Portability and Accountability Act (HIPAA) are all regulatory frameworks for sensitive or specialized data.