- (Exam Topic 4)
What are the U.S. State Department controls on technology exports known as?

1. A. DRM
2. B. ITAR
3. C. EAR
4. D. EAL

Correct Answer: B
ITAR is a Department of State program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.

- (Exam Topic 4)
What is one of the reasons a baseline might be changed?

1. A. Numerous change requests
2. B. To reduce redundancy
3. C. Natural disaster
4. D. Power fluctuation

Correct Answer: A
If the CMB is receiving numerous change requests to the point where the amount of requests would drop by modifying the baseline, then that is a good reason to change the baseline. None of the other reasons should involve the baseline at all.

- (Exam Topic 4)
Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except:

1. A. The cloud provider’s utilities
2. B. The cloud provider’s suppliers
3. C. The cloud provider’s resellers
4. D. The cloud provider’s vendors

Correct Answer: C
The cloud provider’s resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer.

- (Exam Topic 3)
Digital investigations have adopted many of the same methodologies and protocols as other types of criminal or scientific inquiries.
What term pertains to the application of scientific norms and protocols to digital investigations?

1. A. Scientific
2. B. Investigative
3. C. Methodological
4. D. Forensics

Correct Answer: D
Forensics refers to the application of scientific methods and protocols to the investigation of crimes. Although forensics has traditionally been applied to well-known criminal proceedings and investigations, the term equally applies to digital investigations and methods. Although the other answers provide similar-sounding terms and ideas, none is the appropriate answer in this case.

- (Exam Topic 3)
Which phase of the cloud data lifecycle would be the MOST appropriate for the use of DLP technologies to protect the data?

1. A. Use
2. B. Store
3. C. Share
4. D. Create

Correct Answer: C
During the share phase, data is allowed to leave the application for consumption by other vendors, systems, or services. At this point, as the data is leaving the security controls of the application, the use of DLP technologies is appropriate to control how the data is used or to force expiration. During the use, create, and store phases, traditional security controls are available and are more appropriate because the data is still internal to the application.