- (Exam Topic 1)
Which of the following is NOT a regulatory system from the United States federal government?

1. A. PCI DSS
2. B. FISMA
3. C. SOX
4. D. HIPAA

Correct Answer: A
The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.

- (Exam Topic 4)
APIs are defined as which of the following?

1. A. A set of protocols, and tools for building software applications to access a web-based software application or tool
2. B. A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or tool
3. C. A set of standards for building software applications to access a web-based software application or tool
4. D. A set of routines and tools for building software applications to access web-based software applications

Correct Answer: B
All the answers are true, but B is the most complete.

- (Exam Topic 3)
Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle?

1. A. Modify data
2. B. Modify metadata
3. C. New data
4. D. Import data

Correct Answer: B
Modifying the metadata does not change the actual data. Although this initial phase is called "create," it can also refer to modification. In essence, any time data is considered "new," it is in the create phase. This can come from data that is newly created, data that is imported into a system and is new to that system, or data that is already present and is modified into a new form or value.

- (Exam Topic 1)
Which aspect of archiving must be tested regularly for the duration of retention requirements?

1. A. Availability
2. B. Recoverability
3. C. Auditability
4. D. Portability

Correct Answer: B
In order for any archiving system to be deemed useful and compliant, regular tests must be performed to ensure the data can still be recovered and accessible, should it ever be needed, for the duration of the retention requirements.

- (Exam Topic 3)
Many aspects and features of cloud computing can make eDiscovery compliance more difficult or costly. Which aspect of cloud computing would be the MOST complicating factor?

1. A. Measured service
2. B. Broad network access
3. C. Multitenancy
4. D. Portability

Correct Answer: C
With multitenancy, multiple customers share the same physical hardware and systems. With the nature of a cloud environment and how it writes data across diverse systems that are shared by others, the process of eDiscovery becomes much more complicated. Administrators cannot pull physical drives or easily isolate which data to capture. They not only have to focus on which data they need to collect, while ensuring they find all of it, but they also have to make sure that other data is not accidently collected and exposed along with it. Measured service is the aspect of a cloud where customers only pay for the services they are actually using, and for the duration of their use. Portability refers to the ease with which an application or service can be moved among different cloud providers. Broad network access refers to the nature of cloud services being accessed via the public Internet, either with or without secure tunneling technologies. None of these concepts would pertain to eDiscovery.