- (Exam Topic 4)
Key maintenance and security are paramount within a cloud environment due to the widespread use of encryption for both data and transmissions.
Which of the following key-management systems would provide the most robust control over and ownership of the key-management processes for the cloud customer?

1. A. Remote key management service
2. B. Local key management service
3. C. Client key management service
4. D. Internal key management service

Correct Answer: A
A remote key management system resides away from the cloud environment and is owned and controlled by the cloud customer. With the use of a remote service, the cloud customer can avoid being locked into a proprietary system from the cloud provider, but also must ensure that service is compatible with the services offered by the cloud provider. A local key management system resides on the actual servers using the keys, which does not provide optimal security or control over them. Both the terms internal key management service and client key management service are provided as distractors.

- (Exam Topic 4)
What is an experimental technology that is intended to create the possibility of processing encrypted data without having to decrypt it first?

1. A. Quantum-state
2. B. Polyinstantiation
3. C. Homomorphic
4. D. Gastronomic

Correct Answer: C
Homomorphic encryption hopes to achieve that goal; the other options are terms that have almost nothing to do with encryption.

- (Exam Topic 2)
Which security concept would business continuity and disaster recovery fall under?

1. A. Confidentiality
2. B. Availability
3. C. Fault tolerance
4. D. Integrity

Correct Answer: B
Disaster recovery and business continuity are vital concerns with availability. If data is destroyed or compromised, having regular backup systems in place as well as being able to perform disaster recovery in the event of a major or widespread problem allows operations to continue with an acceptable loss of time and data to management. This also ensures that sensitive data is protected and persisted in the event of the loss or corruption of data systems or physical storage systems.

- (Exam Topic 1)
Which of the following is not a component of contractual PII?

1. A. Scope of processing
2. B. Value of data
3. C. Location of data
4. D. Use of subcontractors

Correct Answer: C
The value of data itself has nothing to do with it being considered a part of contractual

- (Exam Topic 4)
Which of the following is a valid risk management metric?

1. A. KPI
2. B. KRI
3. C. SOC
4. D. SLA

Correct Answer: B
KRI stands for key risk indicator. KRIs are the red flags if you will in the world of risk management. When these change, they indicate something is amiss and should be looked at quickly to determine if the change is minor or indicative of something important.