93 Which of these is most likely to have the greatest negative impact on data discovery effort?Bandwidth latency issuesPoor physical security of the data centerSevere statutory regulationInaccurate or incomplete data
94 Cloud customers performing data discovery efforts will have to ensure that the cloud provider attends to all of the following requirements except _______________.Allowing sufficient access to large volumes of dataPreserving metadata tagsAssigning labelsPreserving and maintaining the data
95 Where should the cloud provider’s data discovery requirements be listed?National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53Applicable laws and regulationsPayment Card Industry Data Security Standard (PCI DSS)The managed services contract and SLA
96 Who will determine data classifications for the cloud customer?The cloud providerNational Institute of Standards and Technology (NIST)RegulatorsThe cloud customer
97 An organization’s data classification scheme must include which of the following categories?File sizeOrigin of the dataSensitivity of the dataWhatever the data owner decides
98 Classification is usually considered a facet of data ____________.SecurityLabelingControlMarkup
99 Data classification can be ____________ or ____________.Inverse or obverseAutomatic or manualCorrect or incorrectDiurnal or nocturnal
100 Data may need to be reclassified for all the following reasons except _______________.Color changeTimeRepurposingTransfer of ownership
101 Proper __________ need(s) to be assigned to each data classification/category.Dollar valuesMetadataSecurity controlsPolicies
102 Data transformation in a cloud environment should be of great concern to organizations considering cloud migration because ____________ could affect data classification processes and implementations.MultitenancyVirtualizationRemote accessPhysical distance
103 Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?The userThe subjectThe cloud providerThe cloud customer
104 In a personally identifiable information (PII) context, who is the subject?The cloud customerThe cloud providerThe regulatorThe individual
105 In a personally identifiable information (PII) context, who is the processor?The cloud customerThe cloud providerThe regulatorThe individual
106 In a personally identifiable information (PII) context, who is the controller?The cloud customerThe cloud providerThe regulatorThe individual
107 In a personally identifiable information (PII) context, which of the following is not normally considered “processing”?StoringViewingDestroyingPrinting
108 Which of the following countries does not have a national privacy law that concerns personally identifiable information (PII) and applies to all entities?ArgentinaThe United StatesItalyAustralia
109 In protections afforded to personally identifiable information (PII) under the U.S. Health Information Portability and Accountability Act (HIPAA), the subject must __________ in order to allow the vendor to share their personal data.Opt inOpt outUndergo screeningProvide a biometric template
110 In protections afforded to personally identifiable information (PII) under the U.S. Gramm-Leach-Bliley Act (GLBA), the subject must __________ in order to prevent the vendor from sharing their personal data.Opt inOpt outUndergo screeningProvide a biometric template
111 The European Union (EU), with its implementation of privacy directives and regulations, treats individual privacy as ____________.A passing fadA human rightA legal obligationA business expense
112 If your organization collects/creates privacy data associated with European Union (EU) citizens and you operate in the cloud, you must prevent your provider from storing/moving/processing that data where?ArgentinaThe United StatesJapanIsrael
113 European Union (EU) personal privacy protections include the right to be _______________.SecureDeliveredForgottenProtected
114 The Cloud Security Alliance (CSA) has developed a model for cloud privacy frameworks called the Privacy Level Agreement (PLA). Why might a cloud service provider be reluctant to issue or adhere to a PLA?A PLA might limit the provider’s liability.A PLA would force the provider to accept more liability.A PLA is nonbinding.A PLA is not enforceable.
115 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) lists security controls from all the following frameworks except _______________.ISACA’s Control Objectives for Information and Related Technology (COBIT)Payment Card Industry Data Security Standard (PCI DSS)The Capability Maturity Model (CMM)International Organization for Standardization (ISO) 27001
116 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) lists security controls from all the following laws except _______________.Health Information Portability and Accountability Act (HIPAA)Family Education Rights and Privacy Act (FERPA)Personal Information Protection and Electronic Documents Act (PIPEDA)Digital Millennium Copyright Act (DMCA)
117 Digital rights management (DRM) tools might be used to protect all the following assets except _______________.A trusted deviceProprietary softwareMedical recordsFinancial data
118 Deploying digital rights management (DRM) tools in a bring-your-own-device (BYOD) environment will require _______________.User consent and actionEnhanced security protocolsUse of the cloudNewer, upgraded devices
119 Deploying digital rights management (DRM) tools in a bring-your-own-device (BYOD) environment will require _______________.A uniform browser installationPlatform-agnostic solutionsTurnstilesA secondary business continuity and disaster recovery (BC/DR) vendor
120 The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) addresses all the following security architecture elements except _______________.Physical securityInfrastructure as a service (IaaS)Application securityBusiness drivers
121 DRM requires that every data resource be provisioned with __________.A tracking deviceAn access policyA hardware security module (HSM)A biometric system
122 Digital rights management (DRM) tools can be combined with __________ to enhance security capabilities.Roaming identity services (RIS)Egress monitoring solutions (DLP)Internal hardware settings (BIOS)The TEMPEST program
123 Digital rights management (DRM) tools should enforce __________, which is the characteristic of access rights following the object, in whatever form or location it might be or move to.Continuous audit trailLimiting printing outputPersistenceAutomatic expiration
124 Digital rights management (DRM) tools should enforce __________, which is the practice of capturing all relevant system events.Continuous audit trailLimiting printing outputPersistenceAutomatic expiration
125 Digital rights management (DRM) tools should enforce __________, which is the capability to revoke access based on the decision of the object owner or an administrator action.Integration with email filtering enginesDisabling screencap capabilitiesContinuous audit trailDynamic policy control
126 Digital rights management (DRM) tools should enforce __________, which is the revocation of access based on time.PersistenceDisabling screencap capabilitiesAutomatic expirationDynamic policy control
127 Digital rights management (DRM) tools should enforce __________, which is interoperability with the organization’s other access control activities.PersistenceSupport for existing authentication security infrastructureContinuous audit trailDynamic policy control
128 In a data retention policy, what is perhaps the most crucial element?Location of the data archiveFrequency of backupsSecurity controls in long-term storageData recovery procedures
129 __________ is the practice of taking data out of the production environment and putting it into long-term storage.DeletionArchivingCrypto-shreddingStoring
130 In general, all policies within an organization should include each of the following elements except _______________.The date on which