- (Exam Topic 1)
Which of the following roles involves testing, monitoring, and securing cloud services for an organization?

1. A. Cloud service integrator
2. B. Cloud service business manager
3. C. Cloud service user
4. D. Cloud service administrator

Correct Answer: D
The cloud service administrator is responsible for testing cloud services, monitoring services, administering security for services, providing usage reports on cloud services, and addressing problem reports

- (Exam Topic 1)
Which United States law is focused on PII as it relates to the financial industry?

1. A. HIPAA
2. B. SOX
3. C. Safe Harbor
4. D. GLBA

Correct Answer: D
The GLBA, as it is commonly called based on the lead sponsors and authors of the act, is officially known as "The Financial Modernization Act of 1999." It is specifically focused on PII as it relates to financial institutions. There are three specific components of it, covering various areas and use, on top of a general requirement that all financial institutions must provide all users and customers with a written copy of their privacy policies and practices, including with whom and for what reasons their information may be shared with other entities.

- (Exam Topic 3)
Different certifications and standards take different approaches to data center design and operations. Although many traditional approaches use a tiered methodology, which of the following utilizes a macro-level approach to data center design?

1. A. IDCA
2. B. BICSI
3. C. Uptime Institute
4. D. NFPA

Correct Answer: A
The Infinity Paradigm of the International Data Center Authority (IDCA) takes a macro-level approach to data center design. The IDCA does not use a specific, focused approach on specific components to achieve tier status. Building Industry Consulting Services International (BICSI) issues certifications for data center cabling. The National Fire Protection Association (NFPA) publishes a broad range of fire safety and design standards for many different types of facilities. The Uptime Institute publishes the most widely known and used standard for data center topologies and tiers.

- (Exam Topic 4)
Which of the following is NOT a major regulatory framework?

1. A. PCI DSS
2. B. HIPAA
3. C. SOX
4. D. FIPS 140-2

Correct Answer: D
FIPS 140-2 is a United States certification standard for cryptographic modules, and it provides guidance and requirements for their use based on the requirements of the data classification. However, these are not actual regulatory requirements. The Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and the Payment Card Industry Data Security Standard (PCI DSS) are all major regulatory frameworks either by law or specific to an industry.

- (Exam Topic 2)
What is an often overlooked concept that is essential to protecting the confidentiality of data?

1. A. Strong password
2. B. Training
3. C. Security controls
4. D. Policies

Correct Answer: B
While the main focus of confidentiality revolves around technological requirements or particular security methods, an important and often overlooked aspect of safeguarding data confidentiality is appropriate and comprehensive training for those with access to it. Training should be focused on the safe handling of sensitive information overall, including best practices for network activities as well as physical security of the devices or workstations used to access the application.