- (Exam Topic 4)
What category of PII data can carry potential fines or even criminal charges for its improper use or disclosure?

1. A. Protected
2. B. Legal
3. C. Regulated
4. D. Contractual

Correct Answer: C
Regulated PII data carries legal and jurisdictional requirements, along with official penalties for its misuse or disclosure, which can be either civil or criminal in nature. Legal and protected are similar terms, but neither is the correct answer in this case. Contractual requirements can carry financial or contractual impacts for the improper use or disclosure of PII data, but not legal or criminal penalties that are officially enforced.

- (Exam Topic 3)
Which cloud storage type is typically used to house virtual machine images that are used throughout the environment?

1. A. Structured
2. B. Unstructured
3. C. Volume
4. D. Object

Correct Answer: D
Object storage is typically used to house virtual machine images because it is independent from other systems and is focused solely on storage. It is also the most appropriate for handling large individual files. Volume storage, because it is allocated to a specific host, would not be appropriate for the storing of virtual images. Structured and unstructured are storage types specific to PaaS and would not be used for storing items used throughout a cloud environment.

- (Exam Topic 1)
What is the biggest concern with hosting a key management system outside of the cloud environment?

1. A. Confidentiality
2. B. Portability
3. C. Availability
4. D. Integrity

Correct Answer: C
When a key management system is outside of the cloud environment hosting the application, availability is a primary concern because any access issues with the encryption keys will render the entire application unusable.

- (Exam Topic 2)
Which audit type has been largely replaced by newer approaches since 2011?

1. A. SOC Type 1
2. B. SSAE-16
3. C. SAS-70
4. D. SOC Type 2

Correct Answer: C
SAS-70 reports were replaced in 2011 with the SSAE-16 reports throughout the industry.

- (Exam Topic 4)
Countermeasures for protecting cloud operations against external attackers include all of the following except:

1. A. Continual monitoring for anomalous activity.
2. B. Detailed and extensive background checks.
3. C. Regular and detailed configuration/change management activities
4. D. Hardened devices and systems, including servers, hosts, hypervisors, and virtual machines.

Correct Answer: B
Background checks are controls for attenuating potential threats from internal actors; external threats aren’t likely to submit to background checks.