- (Exam Topic 1)
What is the biggest benefit to leasing space in a data center versus building or maintain your own?

1. A. Certification
2. B. Costs
3. C. Regulation
4. D. Control

Correct Answer: B
When leasing space in a data center, an organization can avoid the enormous startup and building costs associated with a data center, and can instead leverage economies of scale by grouping with other organizations and sharing costs.

- (Exam Topic 4)
Which of the following terms is NOT a commonly used category of risk acceptance?

1. A. Moderate
2. B. Critical
3. C. Minimal
4. D. Accepted

Correct Answer: D

Accepted is not a risk acceptance category. The risk acceptance categories are minimal, low, moderate, high, and critical.

- (Exam Topic 1)
Which is the appropriate phase of the cloud data lifecycle for determining the data's classification?

1. A. Create
2. B. Use
3. C. Share
4. D. Store

Correct Answer: A
Any time data is created, modified, or imported, the classification needs to be evaluated and set from the earliest phase to ensure security is always properly maintained for the duration of its lifecycle.

- (Exam Topic 3)
Which of the following aspects of security is solely the responsibility of the cloud provider?

1. A. Regulatory compliance
2. B. Physical security
3. C. Operating system auditing
4. D. Personal security of developers

Correct Answer: B
Regardless of the particular cloud service used, physical security of hardware and facilities is always the sole responsibility of the cloud provider. The cloud provider may release information about their physical security policies and procedures to ensure any particular requirements of potential customers will meet their regulatory obligations. Personal security of developers and regulatory compliance are always the responsibility of the cloud customer. Responsibility for operating systems, and the auditing of them, will differ based on the cloud service category used.

- (Exam Topic 4)
Which of the following is NOT a component of access control?

1. A. Accounting
2. B. Federation
3. C. Authorization
4. D. Authentication

Correct Answer: B
Federation is not a component of access control. Instead, it is used to allow users possessing credentials from other authorities and systems to access services outside of their domain. This allows for access and trust without the need to create additional, local credentials. Access control encompasses not only the key concepts of authorization and authentication, but also accounting. Accounting consists of collecting and maintaining logs for both authentication and authorization for operational and regulatory requirements.