- (Exam Topic 1)
Which of the following represents a prioritization of applications or cloud customers for the allocation of additional requested resources when there is a limitation on available resources?

1. A. Provision
2. B. Limit
3. C. Reservation
4. D. Share

Correct Answer: D
The concept of shares within a cloud environment is used to mitigate and control the request for resource allocations from customers that the environment may not have the current capability to allow. Shares work by prioritizing hosts within a cloud environment through a weighting system that is defined by the cloud provider. When periods of high utilization and allocation are reached, the system automatically uses scoring of each host based on its share value to determine which hosts get access to the limited resources still available. The higher the value a particular host has, the more resources it will be allowed to utilize.

- (Exam Topic 4)
Which of the following is NOT a component of access control?

1. A. Accounting
2. B. Federation
3. C. Authorization
4. D. Authentication

Correct Answer: B
Federation is not a component of access control. Instead, it is used to allow users possessing credentials from other authorities and systems to access services outside of their domain. This allows for access and trust without the need to create additional, local credentials. Access control encompasses not only the key concepts of authorization and authentication, but also accounting. Accounting consists of collecting and maintaining logs for both authentication and authorization for operational and regulatory requirements.

- (Exam Topic 4)
All of the following are terms used to described the practice of obscuring original raw data so that only a portion is displayed for operational purposes, except:

1. A. Tokenization
2. B. Masking
3. C. Data discovery
4. D. Obfuscation

Correct Answer: C
Data discovery is a term used to describe the process of identifying information according to specific traits or categories. The rest are all methods for obscuring data.

- (Exam Topic 1)
Which of the following security measures done at the network layer in a traditional data center are also applicable to a cloud environment?

1. A. Dedicated switches
2. B. Trust zones
3. C. Redundant network circuits
4. D. Direct connections

Correct Answer: B
Trust zones can be implemented to separate systems or tiers along logical lines for great security and access controls. Each zone can then have its own security controls and monitoring based on its particular needs.

- (Exam Topic 4)
Which of the following jurisdictions lacks a comprehensive national policy on data privacy and the protection of personally identifiable information (PII)?

1. A. European Union
2. B. Asian-Pacific Economic Cooperation
3. C. United States
4. D. Russia

Correct Answer: C
The United States has a myriad of regulations focused on specific types of data, such as healthcare and financial, but lacks an overall comprehensive privacy law on the national level. The European Union, the Asian-Pacific Economic Cooperation, and Russia all have national privacy protections and regulations for the handling the PII data of their citizens.