- (Exam Topic 4)
What process entails taking sensitive data and removing the indirect identifiers from each data object so that the identification of a single entity would not be possible?

1. A. Tokenization
2. B. Encryption
3. C. Anonymization
4. D. Masking

Correct Answer: C
Anonymization is a type of masking, where indirect identifiers are removed from a data set to prevent the mapping back of data to an individual. Although masking refers to the overall approach of covering sensitive data, anonymization is the best answer here because it is more specific to exactly what is being asked. Tokenization involves the replacement of sensitive data with a key value that can be matched back to the real value. However, it is not focused on indirect identifiers or preventing the matching to an individual. Encryption refers to the overall process of protecting data via key pairs and protecting confidentiality.

- (Exam Topic 4)
Because cloud providers will not give detailed information out about their infrastructures and practices to the general public, they will often use established auditing reports to ensure public trust, where the reputation of the auditors serves for assurance.
Which type of audit reports can be used for general public trust assurances?

1. A. SOC 2
2. B. SAS-70
3. C. SOC 3
4. D. SOC 1

Correct Answer: C
SOC Type 3 audit reports are very similar to SOC Type 2, with the exception that they are intended for general release and public audiences.SAS-70 audits have been deprecated. SOC Type 1 audit reports have a narrow scope and are intended for very limited release, whereas SOC Type 2 audit reports are intended for wider audiences but not general release.

- (Exam Topic 2)
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?

1. A. Platform
2. B. Infrastructure
3. C. Governance
4. D. Application

Correct Answer: C
Regardless of which cloud-hosting model is used, the cloud customer always has sole responsibility for the governance of systems and data.

- (Exam Topic 2)
From a security perspective, which of the following is a major concern when evaluating possible BCDR solutions?

1. A. Access provisioning
2. B. Auditing
3. C. Jurisdictions
4. D. Authorization

Correct Answer: C
When a security professional is considering cloud solutions for BCDR, a top concern is the jurisdiction where the cloud systems are hosted. If the jurisdiction is different from where the production systems are hosted, they may be subjected to different regulations and controls, which would make a seamless BCDR solution far more difficult.

- (Exam Topic 1)
What does the REST API support that SOAP does NOT support?

1. A. Caching
2. B. Encryption
3. C. Acceleration
4. D. Redundancy

Correct Answer: A
The SOAP protocol does not support caching, whereas the REST API does.