- (Exam Topic 2)
What type of data does data rights management (DRM) protect?

1. A. Consumer
2. B. PII
3. C. Financial
4. D. Healthcare

Correct Answer: A
DRM applies to the protection of consumer media, such as music, publications, video, movies, and soon.

- (Exam Topic 1)
What is the best source for information about securing a physical asset's BIOS?

1. A. Security policies
2. B. Manual pages
3. C. Vendor documentation
4. D. Regulations

Correct Answer: C
Vendor documentation from the manufacturer of the physical hardware is the best source of best practices for securing the BIOS.

- (Exam Topic 1)
Which of the following security technologies is commonly used to give administrators access into trust zones within an environment?

1. A. VPN
2. B. WAF
3. C. IPSec
4. D. HTTPS

Correct Answer: A
Virtual private networks (VPNs) are commonly used to allow access into trust zones. Via a VPN, access can be controlled and logged and only allowed through secure channels by authorized users. It also adds an additional layer of encryption and protection to communications.

- (Exam Topic 4)
Without the extensive funds of a large corporation, a small-sized company could gain considerable and cost-effective services for which of the following concepts by moving to a cloud environment?

1. A. Regulatory
2. B. Security
3. C. Testing
4. D. Development

Correct Answer: B
Cloud environments, regardless of the specific deployment model used, have extensive and robust security
controls in place, especially in regard to physical and infrastructure security. A small company can leverage the extensive security controls and monitoring provided by a cloud provider, which they would unlikely ever be able to afford on their own. Moving to a cloud would not result in any gains for development and testing because these areas require the same rigor regardless of where deployment and hosting occur. Regulatory compliance in a cloud would not be a gain for an organization because it would likely result in additional oversight and auditing as well as require the organization to adapt to a new environment.

- (Exam Topic 4)
Which component of ITIL pertains to planning, coordinating, executing, and validating changes and rollouts to production environments?

1. A. Release management
2. B. Availability management
3. C. Problem management
4. D. Change management

Correct Answer: A
Release management involves planning, coordinating, executing, and validating changes and rollouts to the production environment. Change management is a higher-level component than release management and also involves stakeholder and management approval, rather than specifically focusing the actual release itself. Availability management is focused on making sure system resources, processes, personnel, and toolsets are properly allocated and secured to meet SLA requirements. Problem management is focused on identifying and mitigating known problems and deficiencies before they occur.