- (Exam Topic 4)
The cloud customer will have the most control of their data and systems, and the cloud provider will have the least amount of responsibility, in which cloud computing arrangement?

1. A. IaaS
2. B. SaaS
3. C. Community cloud
4. D. PaaS

Correct Answer: A
IaaS entails the cloud customer installing and maintaining the OS, programs, and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data. In a community cloud, data and device owners are distributed.

- (Exam Topic 1)
Which of the following storage types is most closely associated with a traditional file system and tree structure?

1. A. Volume
2. B. Unstructured
3. C. Object
4. D. Structured

Correct Answer: A
Volume storage works as a virtual hard drive that is attached to a virtual machine. The operating system sees the volume the same as how a traditional drive on a physical server would be seen.

- (Exam Topic 4)
When an organization is considering a cloud environment for hosting BCDR solutions, which of the following would be the greatest concern?

1. A. Self-service
2. B. Resource pooling
3. C. Availability
4. D. Location

Correct Answer: D
If an organization wants to use a cloud service for BCDR, the location of the cloud hosting becomes a very important security consideration due to regulations and jurisdiction, which could be dramatically different from the organization's normal hosting locations. Availability is a hallmark of any cloud service provider, and likely will not be a prime consideration when an organization is considering using a cloud for BCDR; the same goes for self-service options. Resource pooling is common among all cloud systems and would not be a concern when an organization is dealing with the provisioning of resources during a disaster.

- (Exam Topic 1)
What is the first stage of the cloud data lifecycle where security controls can be implemented?

1. A. Use
2. B. Store
3. C. Share
4. D. Create

Correct Answer: B
The "store" phase of the cloud data lifecycle, which typically occurs simultaneously with the "create" phase, or immediately thereafter, is the first phase where security controls can be implemented. In most case, the manner in which the data is stored will be based on its classification.

- (Exam Topic 4)
Which of the following is the least challenging with regard to eDiscovery in the cloud?

1. A. Identifying roles such as data owner, controller and processor
2. B. Decentralization of data storage
3. C. Forensic analysis
4. D. Complexities of International law

Correct Answer: C
Forensic analysis is the least challenging of the answers provided as it refers to the analysis of data once it is obtained. The challenges revolve around obtaining the data for analysis due to the complexities of international law, the decentralization of data storage or difficulty knowing where to look, and identifying the data owner, controller, and processor.