- (Exam Topic 4)
What type of solution is at the core of virtually all directory services?

1. A. WS
2. B. LDAP
3. C. ADFS
4. D. PKI

Correct Answer: B
The Lightweight Directory Access Protocol (LDAP) forms the basis of virtually all directory services, regardless of the specific vendor or software package.WS is a protocol for information exchange between two systems and does not actually store the data. ADFS is a Windows component for enabling single sign-on for the operating system and applications, but it relies on data from an LDAP server. PKI is used for managing and issuing security certificates.

- (Exam Topic 4)
When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?

1. A. Firewall
2. B. Proxy
3. C. Honeypot
4. D. Bastion

Correct Answer: D
A bastion is a system that is exposed to the public Internet to perform a specific function, but it is highly restricted and secured to just that function. Any nonessential services and access are removed from the bastion so that security countermeasures and monitoring can be focused just on the bastion's specific duties. A honeypot is a system designed to look like a production system to entice attackers, but it does not contain any real data. It is used for learning about types of attacks and enabling countermeasures for them. A firewall is used within a network to limit access between IP addresses and ports. A proxy server provides additional security to and rulesets for network traffic that is allowed to pass through it to a service destination.

- (Exam Topic 3)
Most APIs will support a variety of different data formats or structures.
However, the SOAP API will only support which one of the following data formats?

1. A. XML
2. B. XSLT
3. C. JSON
4. D. SAML

Correct Answer: A
The Simple Object Access Protocol (SOAP) protocol only supports the Extensible Markup Language (XML) data format. Although the other options are all data formats or data structures, they are not supported by SOAP.

- (Exam Topic 2)
Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?

1. A. Regulatory requirements
2. B. SLAs
3. C. Auditability
4. D. Governance

Correct Answer: B
Whereas a contract spells out general terms and costs for services, the SLA is where the real meat of the business relationship and concrete requirements come into play. The SLA spells out in clear terms the minimum requirements for uptime, availability, processes, customer service and support, security controls and requirements, auditing and reporting, and potentially many other areas that define the business relationship and the success of it.

- (Exam Topic 4)
Cryptographic keys for encrypted data stored in the cloud should be ________.

1. A. Not stored with the cloud provider.
2. B. Generated with redundancy
3. C. At least 128 bits long
4. D. Split into groups

Correct Answer: A
Cryptographic keys should not be stored along with the data they secure, regardless of key length. We don’t split crypto keys or generate redundant keys (doing so would violate the principle of secrecy necessary for keys to serve their purpose).