- (Exam Topic 4)
For performance purposes, OS monitoring should include all of the following except:

1. A. Disk space
2. B. Disk I/O usage
3. C. CPU usage
4. D. Print spooling

Correct Answer: D
Print spooling is not a metric for system performance; all the rest are.

- (Exam Topic 4)
Which of the following could be used as a second component of multifactor authentication if a user has an RSA token?

1. A. Access card
2. B. USB thumb drive
3. C. Retina scan
4. D. RFID

Correct Answer: C
A retina scan could be used in conjunction with an RSA token because it is a biometric factor, and thus a different type of factor. An access card, RFID, and USB thumb drive are all items in possession of a user, the same as an RSA token, and as such would not be appropriate.

- (Exam Topic 4)
Which of the following components are part of what a CCSP should review when looking at contracting with a cloud service provider?

1. A. Redundant uplink grafts
2. B. Background checks for the provider’s personnel
3. C. The physical layout of the datacenter
4. D. Use of subcontractors

Correct Answer: D
The use of subcontractors can add risk to the supply chain and should be considered; trusting the provider’s management of their vendors and suppliers (including subcontractors) is important to trusting the provider. Conversely, the customer is not likely to be allowed to review the physical design of the datacenter (or, indeed, even know the exact location of the datacenter) or the personnel security specifics for the provider’s staff. “Redundant uplink grafts” is a nonsense term used as a distractor.

- (Exam Topic 2)
Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it?

1. A. Community
2. B. Hybrid
3. C. Private
4. D. Public

Correct Answer: A
A community cloud model is where customers that share a certain common bond or group membership come together to offer cloud services to their members, focused on common goals and interests.

- (Exam Topic 4)
Which of the following provides assurance, to a predetermined acceptable level of certainty, that an entity is indeed who they claim to be?

1. A. Authentication
2. B. Identification
3. C. Proofing
4. D. Authorization

Correct Answer: A
Authentication goes a step further than identification by providing a means for proving an entity's identification. Authentication is most commonly done through mechanisms such as passwords. Identification involves ascertaining who the entity is, but without a means of proving it, such as a name or user ID. Authorization occurs after authentication and sets access permissions and other privileges within a system or application for the user. Proofing is not a term that is relevant to the question.