- (Exam Topic 1)
Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP network traffic instead?

1. A. SATA
2. B. iSCSI
3. C. TLS
4. D. SCSI

Correct Answer: B
iSCSI is a protocol that allows for the transmission and use of SCSI commands and features over a TCP-based network. iSCSI allows systems to use block-level storage that looks and behaves as a SAN would with physical servers, but to leverage the TCP network within a virtualized environment and cloud.

- (Exam Topic 2)
What is the biggest challenge to data discovery in a cloud environment?

1. A. Format
2. B. Ownership
3. C. Location
4. D. Multitenancy

Correct Answer: C
With the distributed nature of cloud environments, the foremost challenge for data discovery is awareness of the location of data and keeping track of it during the constant motion of cloud storage systems.

- (Exam Topic 4)
A variety of security systems can be integrated within a network--some that just monitor for threats and issue alerts, and others that take action based on signatures, behavior, and other types of rules to actively stop potential threats.
Which of the following types of technologies is best described here?

1. A. IDS
2. B. IPS
3. C. Proxy
4. D. Firewall

Correct Answer: B
An intrusion prevention system (IPS) can inspect traffic and detect any suspicious traffic based on a variety of factors, but it can also actively block such traffic. Although an IDS can detect the same types of suspicious traffic as an IPS, it is only design to alert, not to block. A firewall is only concerned with IP addresses, ports, and protocols; it cannot be used for the signature-based detection of traffic. A proxy can limit or direct traffic based on more extensive factors than a network firewall can, but it's not capable of using the same signature detection rules as an IPS.

- (Exam Topic 4)
Which format is the most commonly used standard for exchanging information within a federated identity system?

1. A. XML
2. B. HTML
3. C. SAML
4. D. JSON

Correct Answer: C
Security Assertion Markup Language (SAML) is the most common data format for information exchange within a federated identity system. It is used to transmit and exchange authentication and authorization data.XML is similar to SAML, but it's used for general-purpose data encoding and labeling and is not used for the exchange of authentication and authorization data in the way that SAML is for federated systems. JSON is used similarly to XML, as a text-based data exchange format that typically uses attribute-value pairings, but it's not used for authentication and authorization exchange. HTML is used only for encoding web pages for web browsers and is not used for data exchange--and certainly not in a federated system.

- (Exam Topic 3)
Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle?

1. A. Modify data
2. B. Modify metadata
3. C. New data
4. D. Import data

Correct Answer: B
Modifying the metadata does not change the actual data. Although this initial phase is called "create," it can also refer to modification. In essence, any time data is considered "new," it is in the create phase. This can come from data that is newly created, data that is imported into a system and is new to that system, or data that is already present and is modified into a new form or value.