- (Exam Topic 1)
Which of the following threat types can occur when baselines are not appropriately applied or unauthorized changes are made?

1. A. Insecure direct object references
2. B. Unvalidated redirects and forwards
3. C. Security misconfiguration
4. D. Sensitive data exposure

Correct Answer: C
Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner. This can be caused from a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches.

- (Exam Topic 1)
Which of the following standards primarily pertains to cabling designs and setups in a data center?

1. A. IDCA
2. B. BICSI
3. C. NFPA
4. D. Uptime Institute

Correct Answer: B
The standards put out by Building Industry Consulting Service International (BICSI) primarily cover complex cabling designs and setups for data centers, but also include specifications on power, energy efficiency, and hot/cold aisle setups.

- (Exam Topic 2)
Which process serves to prove the identity and credentials of a user requesting access to an application or data?

1. A. Repudiation
2. B. Authentication
3. C. Identification
4. D. Authorization

Correct Answer: B
Authentication is the process of proving whether the identity presented by a user is true and valid. This can be done through common mechanisms such as user ID and password combinations or with more secure methods such as multifactor authentication.

- (Exam Topic 1)
Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, and OneDrive?

1. A. Hybrid
2. B. Public
3. C. Private
4. D. Community

Correct Answer: B
Popular services such as iCloud, Dropbox, and OneDrive are all publicly available and are open to any user for free, with possible add-on services offered for a cost.

- (Exam Topic 4)
Security is a critical yet often overlooked consideration for BCDR planning. At which stage of the planning process should security be involved?

1. A. Scope definition
2. B. Requirements gathering
3. C. Analysis
4. D. Risk assessment

Correct Answer: A
Defining the scope of the plan is the very first step in the overall process. Security should be included from the very earliest stages and throughout the entire process. Bringing in security at a later stage can lead to additional costs and time delays to compensate for gaps in planning. Risk assessment, requirements gathering, and analysis are all later steps in the process, and adding in security at any of those points can potentially cause increased costs and time delays.