- (Exam Topic 3)
Which of the following threat types involves an application that does not validate authorization for portions of itself beyond when the user first enters it?

1. A. Cross-site request forgery
2. B. Missing function-level access control
3. C. Injection
4. D. Cross-site scripting

Correct Answer: B
It is imperative that applications do checks when each function or portion of the application is accessed to ensure that the user is properly authorized. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted. An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials.

- (Exam Topic 3)
Many tools and technologies are available for securing or monitoring data in transit within a data center, whether it is a traditional data center or a cloud.
Which of the following is NOT a technology for securing data in transit?

1. A. VPN
2. B. TLS
3. C. DNSSEC
4. D. HTTPS

Correct Answer: C
DNSSEC is an extension of the normal DNS protocol that enables a system to verify the integrity of a DNS query resolution by signing it from the authoritative source and verifying the signing chain. It is not used for
securing data transmissions or exchanges. HTTPS is the most common method for securing web service and data calls within a cloud, and TLS is the current standard for encrypting HTTPS traffic. VPNs are widely used for securing data transmissions and service access.

- (Exam Topic 3)
Along with humidity, temperature is crucial to a data center for optimal operations and protection of equipment.
Which of the following is the optimal temperature range as set by ASHRAE?

1. A. 69.8 to 86.0 degrees Fahrenheit (21 to 30 degrees Celsius)
2. B. 51.8 to 66.2 degrees Fahrenheit (11 to 19 degrees Celsius)
3. C. 64.4 to 80.6 degrees Fahrenheit (18 to 27 degrees Celsius)
4. D. 44.6 to 60.8 degrees Fahrenheit (7 to 16 degrees Celsius)

Correct Answer: C
The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) recommends

- (Exam Topic 4)
The GAPP framework was developed through a joint effort between the major Canadian and American
professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers.
Which of the following is the meaning of GAPP?

1. A. General accounting personal privacy
2. B. Generally accepted privacy practices
3. C. Generally accepted privacy principles
4. D. General accounting privacy policies

Correct Answer: C

- (Exam Topic 4)
What is an experimental technology that is intended to create the possibility of processing encrypted data without having to decrypt it first?

1. A. Quantum-state
2. B. Polyinstantiation
3. C. Homomorphic
4. D. Gastronomic

Correct Answer: C
Homomorphic encryption hopes to achieve that goal; the other options are terms that have almost nothing to do with encryption.