CCSP Topic 4
Question #: 301
Topic #: 1
On large distributed systems with pooled resources, cloud computing relies on extensive orchestration to maintain the environment and the constant provisioning of resources.
Which of the following is crucial to the orchestration and automation of networking resources within a cloud?
A. DNSSEC
B. DNS
C. DCOM
D. DHCP
Selected Answer: D
Question #: 302
Topic #: 1
BCDR strategies do not typically involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the amount of services that need to be recovered to meet BCDR objectives?
A. RSL
B. RTO
C. RPO
D. SRE
Selected Answer: A
Question #: 303
Topic #: 1
During the course of an audit, which of the following would NOT be an input into the control requirements used as part of a gap analysis.
A. Contractual requirements
B. Regulations
C. Vendor recommendations
D. Corporate policy
Selected Answer: C
Question #: 304
Topic #: 1
The GAPP framework was developed through a joint effort between the major Canadian and American professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers.
Which of the following is the meaning of GAPP?
A. General accounting personal privacy
B. Generally accepted privacy practices
C. Generally accepted privacy principles
D. General accounting privacy policies
Selected Answer: C
Question #: 305
Topic #: 1
Which protocol operates at the network layer and provides for full point-to-point encryption of all communications and transmissions?
A. IPSec
B. VPN
C. SSL
D. TLS
Selected Answer: A
Question #: 306
Topic #: 1
When data discovery is undertaken, three main approaches or strategies are commonly used to determine what the type of data, its format, and composition are for the purposes of classification.
Which of the following is NOT one of the three main approaches to data discovery?
A. Content analysis
B. Hashing
C. Labels
D. Metadata
Selected Answer: B
Question #: 307
Topic #: 1
There are many situations when testing a BCDR plan is appropriate or mandated.
Which of the following would not be a necessary time to test a BCDR plan?
A. After software updates
B. After regulatory changes
C. After major configuration changes
D. Annually
Selected Answer: D
Question #: 308
Topic #: 1
Key maintenance and security are paramount within a cloud environment due to the widespread use of encryption for both data and transmissions.
Which of the following key-management systems would provide the most robust control over and ownership of the key-management processes for the cloud customer?
A. Remote key management service
B. Local key management service
C. Client key management service
D. Internal key management service
Selected Answer: C
Question #: 309
Topic #: 1
Security is a critical yet often overlooked consideration for BCDR planning.
At which stage of the planning process should security be involved?
A. Scope definition
B. Requirements gathering
C. Analysis
D. Risk assessment
Selected Answer: A
Question #: 310
Topic #: 1
Which type of testing uses the same strategies and toolsets that hackers would use?
A. Static
B. Malicious
C. Penetration
D. Dynamic
Selected Answer: C
Question #: 311
Topic #: 1
Which of the following statements about Type 1 hypervisors is true?
A. The hardware vendor and software vendor are different.
B. The hardware vendor and software vendor are the same
C. The hardware vendor provides an open platform for software vendors.
D. The hardware vendor and software vendor should always be different for the sake of security.
Selected Answer: C
Question #: 312
Topic #: 1
Which format is the most commonly used standard for exchanging information within a federated identity system?
A. XML
B. HTML
C. SAML
D. JSON
Selected Answer: C
Question #: 313
Topic #: 1
Which ITIL component is focused on anticipating predictable problems and ensuring that configurations and operations are in place to prevent these problems from ever occurring?
A. Availability management
B. Continuity management
C. Configuration management
D. Problem management
Selected Answer: A
Question #: 314
Topic #: 1
Which of the following areas of responsibility would be shared between the cloud customer and cloud provider within the Software as a Service (SaaS) category?
A. Data
B. Governance
C. Application
D. Physical
Selected Answer: C
Question #: 315
Topic #: 1
When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?
A. Firewall
B. Proxy
C. Honeypot
D. Bastion
Selected Answer: D
Question #: 316
Topic #: 1
With the rapid emergence of cloud computing, very few regulations were in place that pertained to it specifically, and organizations often had to resort to using a collection of regulations that were not specific to cloud in order to drive audits and policies.
Which standard from the ISO/IEC was designed specifically for cloud computing?
A. ISO/IEC 27001
B. ISO/IEC 19889
C. ISO/IEC 27001:2015
D. ISO/IEC 27018
Selected Answer: D
Question #: 317
Topic #: 1
Which of the following is NOT considered a type of data loss?
A. Data corruption
B. Stolen by hackers
C. Accidental deletion
D. Lost or destroyed encryption keys
Selected Answer: D
Question #: 318
Topic #: 1
Which of the following jurisdictions lacks a comprehensive national policy on data privacy and the protection of personally identifiable information (PII)?
A. European Union
B. Asian-Pacific Economic Cooperation
C. United States
D. Russia
Selected Answer: C
Question #: 319
Topic #: 1
Which component of ITIL involves planning for the restoration of services after an unexpected outage or incident?
A. Continuity management
B. Problem management
C. Configuration management
D. Availability management
Selected Answer: A
Question #: 320
Topic #: 1
Which component of ITIL pertains to planning, coordinating, executing, and validating changes and rollouts to production environments?
A. Release management
B. Availability management
C. Problem management
D. Change management
Selected Answer: B
Question #: 321
Topic #: 1
What process entails taking sensitive data and removing the indirect identifiers from each data object so that the identification of a single entity would not be possible?
A. Tokenization
B. Encryption
C. Anonymization
D. Masking
Selected Answer: C
Question #: 322
Topic #: 1
Because cloud providers will not give detailed information out about their infrastructures and practices to the general public, they will often use established auditing reports to ensure public trust, where the reputation of the auditors serves for assurance.
Which type of audit reports can be used for general public trust assurances?
A. SOC 2
B. SAS-70
C. SOC 3
D. SOC 1
Selected Answer: C
Question #: 323
Topic #: 1
Which of the following concepts is NOT one of the core components to an encryption system architecture?
A. Software
B. Network
C. Keys
D. Data
Selected Answer: B
Question #: 324
Topic #: 1
For optimal security, trust zones are used for network segmentation and isolation. They allow for the separation of various systems and tiers, each with its own security level.
Which of the following is typically used to allow administrative personnel access to trust zones?
A. IPSec
B. SSH
C. VPN
D. TLS
Selected Answer: C
Question #: 325
Topic #: 1
Which of the following is NOT a major regulatory framework?
A. PCI DSS
B. HIPAA
C. SOX
D. FIPS 140-2
Selected Answer: A
Question #: 326
Topic #: 1
As part of the auditing process, getting a report on the deviations between intended configurations and actual policy is often crucial for an organization.
What term pertains to the process of generating such a report?
A. Deficiencies
B. Findings
C. Gap analysis
D. Errors
Selected Answer: C
Question #: 327
Topic #: 1
An audit scope statement defines the limits and outcomes from an audit.
Which of the following would NOT be included as part of an audit scope statement?
A. Reports
B. Certification
C. Billing
D. Exclusions
Selected Answer: C
Question #: 328
Topic #: 1
What concept and operational process must be spelled out clearly, as far as roles and responsibilities go, between the cloud provider and cloud customer for the mitigation of any problems or security events?
A. Incident response
B. Problem management
C. Change management
D. Conflict response
Selected Answer: A
Question #: 329
Topic #: 1
Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.
Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?
A. Data in transit
B. Data in use
C. Data at rest
D. Data custodian
Selected Answer: D
Question #: 330
Topic #: 1
Cloud systems are increasingly used for BCDR solutions for organizations.
What aspect of cloud computing makes their use for BCDR the most attractive?
A. On-demand self-service
B. Measured service
C. Portability
D. Broad network access
Selected Answer: C
Question #: 331
Topic #: 1
What’s a potential problem when object storage versus volume storage is used within IaaS for application use and dependency?
A. Object storage is only optimized for small files.
B. Object storage is its own system, and data consistency depends on replication.
C. Object storage may have availability issues.
D. Object storage is dependent on access control from the host server.
Selected Answer: B
Question #: 332
Topic #: 1
Many aspects of cloud computing bring enormous benefits over a traditional data center, but also introduce new challenges unique to cloud computing.
Which of the following aspects of cloud computing makes appropriate data classification of high importance?
A. Multitenancy
B. Interoperability
C. Portability
D. Reversibility
Selected Answer: A
Question #: 333
Topic #: 1
Without the extensive funds of a large corporation, a small-sized company could gain considerable and cost-effective services for which of the following concepts by moving to a cloud environment?
A. Regulatory
B. Security
C. Testing
D. Development
Selected Answer: B
Question #: 334
Topic #: 1
BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the amount of data and services needed to reach the predetermined level of operations?
A. SRE
B. RPO
C. RSL
D. RTO
Selected Answer: C
Question #: 335
Topic #: 1
Which of the following is NOT a commonly used communications method within cloud environments to secure data in transit?
A. IPSec
B. HTTPS
C. VPN
D. DNSSEC
Selected Answer: D
Question #: 336
Topic #: 1
Which crucial aspect of cloud computing can be most threatened by insecure APIs?
A. Automation
B. Resource pooling
C. Elasticity
D. Redundancy
Selected Answer: A
Question #: 337
Topic #: 1
The WS-Security standards are built around all of the following standards except which one?
A. SAML
B. WDSL
C. XML
D. SOAP
Selected Answer: B
Question #: 338
Topic #: 1
Which protocol, as a part of TLS, handles negotiating and establishing a connection between two parties?
A. Record
B. Binding
C. Negotiation
D. Handshake
Selected Answer: D
Question #: 339
Topic #: 1
BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the required amount of time to restore services to the predetermined level?
A. RPO
B. RSL
C. RTO
D. SRE
Selected Answer: C
Question #: 340
Topic #: 1
Your company is in the planning stages of moving applications that have large data sets to a cloud environment.
What strategy for data removal would be the MOST appropriate for you to recommend if costs and speed are primary considerations?
A. Shredding
B. Media destruction
C. Crypthographic erasure
D. Overwriting
Selected Answer: C
Question #: 342
Topic #: 1
IRM solutions allow an organization to place different restrictions on data usage than would otherwise be possible through traditional security controls.
Which of the following controls would be possible with IRM that would not with traditional security controls?
A. Copy
B. Read
C. Delete
D. Print
Selected Answer: D
Question #: 343
Topic #: 1
Which data protection strategy would be useful for a situation where the ability to remove sensitive data from a set is needed, but a requirement to retain the ability to map back to the original values is also present?
A. Masking
B. Tokenization
C. Encryption
D. Anonymization
Selected Answer: B
Question #: 344
Topic #: 1
A comprehensive BCDR plan will encapsulate many or most of the traditional concerns of operating a system in any data center.
However, what is one consideration that is often overlooked with the formulation of a BCDR plan?
A. Availability of staff
B. Capacity at the BCDR site
C. Restoration of services
D. Change management processes
Selected Answer: A
Question #: 345
Topic #: 1
Which of the following is NOT one of the components of multifactor authentication?
A. Something the user knows
B. Something the user has
C. Something the user sends
D. Something the user is
Selected Answer: C
Question #: 346
Topic #: 1
Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.
Which of the following is not a regulatory framework for more sensitive or specialized data?
A. FIPS 140-2
B. FedRAMP
C. PCI DSS
D. HIPAA
Selected Answer: A
Question #: 347
Topic #: 1
Which data sanitation method is also commonly referred to as “zeroing”?
A. Overwriting
B. Nullification
C. Blanking
D. Deleting
Selected Answer: A
Question #: 348
Topic #: 1
What is the concept of isolating an application from the underlying operating system for testing purposes?
A. Abstracting
B. Application virtualization
C. Hosting
D. Sandboxing
Selected Answer: D
Question #: 349
Topic #: 1
Which of the following could be used as a second component of multifactor authentication if a user has an RSA token?
A. Access card
B. USB thumb drive
C. Retina scan
D. RFID
Selected Answer: C
Question #: 350
Topic #: 1
Which of the following is NOT one of the official risk rating categories?
A. Critical
B. Low
C. Catastrophic
D. Minimal
Selected Answer: C
Question #: 351
Topic #: 1
SOC Type 1 reports are considered “restricted use,” in that they are intended only for limited audiences and purposes.
Which of the following is NOT a population that would be appropriate for a SOC Type 1 report?
A. Current clients
B. Auditors
C. Potential clients
D. The service organization
Selected Answer: A
Question #: 352
Topic #: 1
Having a reservation in a cloud environment can ensure operations continue in the event of high utilization across the cloud.
Which of the following would NOT be a capability covered by reservations?
A. Performing business operations
B. Starting virtual machines
C. Running applications
D. Auto-scaling
Selected Answer: D
Question #: 353
Topic #: 1
What must SOAP rely on for security since it does not provide security as a built-in capability?
A. Encryption
B. Tokenization
C. TLS
D. SSL
Selected Answer: C
Question #: 354
Topic #: 1
With a federated identity system, what does the identity provider send information to after a successful authentication?
A. Relying party
B. Service originator
C. Service relay
D. Service relay
Selected Answer: A
Question #: 355
Topic #: 1
Which of the following technologies is NOT commonly used for accessing systems and services in a cloud environment in a secure manner?
A. KVM
B. HTTPS
C. VPN
D. TLS
Selected Answer: A
Question #: 356
Topic #: 1
Which component of ITIL involves handling anything that can impact services for either internal or public users?
A. Incident management
B. Deployment management
C. Problem management
D. Change management
Selected Answer: C
Question #: 357
Topic #: 1
Which protocol, as a part of TLS, handles the actual secure communications and transmission of data?
A. Negotiation
B. Handshake
C. Transfer
D. Record
Selected Answer: B
Question #: 358
Topic #: 1
Which of the following terms is NOT a commonly used category of risk acceptance?
A. Moderate
B. Critical
C. Minimal
D. Accepted
Selected Answer: D
Question #: 359
Topic #: 1
Many activities within a cloud environment are performed via programmatic means, where complex and distributed operations are handled without the need to perform each step individually.
Which of the following concepts does this describe?
A. Orchestration
B. Provisioning
C. Automation
D. Allocation
Selected Answer: A
Question #: 360
Topic #: 1
Being in a cloud environment, cloud customers lose a lot of insight and knowledge as to how their data is stored and their systems are deployed.
Which concept from the ISO/IEC cloud standards relates to the necessity of the cloud provider to inform the cloud customer on these issues?
A. Disclosure
B. Transparency
C. Openness
D. Documentation
Selected Answer: B
Question #: 361
Topic #: 1
Your IT steering committee has, at a high level, approved your project to begin using cloud services. However, the committee is concerned with getting locked into a single cloud provider and has flagged the ability to easily move between cloud providers as a top priority. It also wants to save costs by reusing components.
Which cross-cutting aspect of cloud computing would be your primary focus as your project plan continues to develop and you begin to evaluate cloud providers?
A. Interoperability
B. Resiliency
C. Scalability
D. Portability
Selected Answer: D
Question #: 362
Topic #: 1
Which of the following provides assurance, to a predetermined acceptable level of certainty, that an entity is indeed who they claim to be?
A. Authentication
B. Identification
C. Proofing
D. Authorization
Selected Answer: A
Question #: 363
Topic #: 1
Whereas a contract articulates overall priorities and requirements for a business relationship, which artifact enumerates specific compliance requirements, metrics, and response times?
A. Service level agreement
B. Service level contract
C. Service compliance contract
D. Service level amendment
Selected Answer: A
Question #: 364
Topic #: 1
When an organization is considering the use of cloud services for BCDR planning and solutions, which of the following cloud concepts would be the most important?
A. Reversibility
B. Elasticity
C. Interoperability
D. Portability
Selected Answer: B
Question #: 365
Topic #: 1
What masking strategy involves the replacing of sensitive data at the time it is accessed and used as it flows between the data and application layers of a service?
A. Active
B. Static
C. Dynamic
D. Transactional
Selected Answer: C
Question #: 366
Topic #: 1
Which of the following would be considered an example of insufficient due diligence leading to security or operational problems when moving to a cloud?
A. Monitoring
B. Use of a remote key management system
C. Programming languages used
D. Reliance on physical network controls
Selected Answer: D
Question #: 367
Topic #: 1
Which aspect of cloud computing serves as the biggest challenge to using DLP to protect data at rest?
A. Portability
B. Resource pooling
C. Interoperability
D. Reversibility
Selected Answer: C
Question #: 368
Topic #: 1
What category of PII data can carry potential fines or even criminal charges for its improper use or disclosure?
A. Protected
B. Legal
C. Regulated
D. Contractual
Selected Answer: C
Question #: 369
Topic #: 1
A variety of security systems can be integrated within a network–some that just monitor for threats and issue alerts, and others that take action based on signatures, behavior, and other types of rules to actively stop potential threats.
Which of the following types of technologies is best described here?
A. IDS
B. IPS
C. Proxy
D. Firewall
Selected Answer: C
Question #: 370
Topic #: 1
Upon completing a risk analysis, a company has four different approaches to addressing risk. Which approach it takes will be based on costs, available options, and adherence to any regulatory requirements from independent audits.
Which of the following groupings correctly represents the four possible approaches?
A. Accept, avoid, transfer, mitigate
B. Accept, deny, transfer, mitigate
C. Accept, deny, mitigate, revise
D. Accept, dismiss, transfer, mitigate
Selected Answer: A
Question #: 371
Topic #: 1
Which of the following is NOT a component of access control?
A. Accounting
B. Federation
C. Authorization
D. Authentication
Selected Answer: A
Question #: 372
Topic #: 1
What concept does the A represent within the DREAD model?
A. Affected users
B. Authorization
C. Authentication
D. Affinity
Selected Answer: A
Question #: 373
Topic #: 1
With an application hosted in a cloud environment, who could be the recipient of an eDiscovery order?
A. Users
B. Both the cloud provider and cloud customer
C. The cloud customer
D. The cloud provider
Selected Answer: B
Question #: 374
Topic #: 1
Which ITIL component focuses on ensuring that system resources, processes, and personnel are properly allocated to meet SLA requirements?
A. Continuity management
B. Availability management
C. Configuration management
D. Problem management
Selected Answer: B
Question #: 375
Topic #: 1
Which ITIL component is an ongoing, iterative process of tracking all deployed and configured resources that an organization uses and depends on, whether they are hosted in a traditional data center or a cloud?
A. Problem management
B. Continuity management
C. Availability management
D. Configuration management
Selected Answer: D
Question #: 376
Topic #: 1
When beginning an audit, both the system owner and the auditors must agree on various aspects of the final audit report.
Which of the following would NOT be something that is predefined as part of the audit agreement?
A. Size
B. Format
C. Structure
D. Audience
Selected Answer: D
Question #: 378
Topic #: 1
Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?
A. Cell blocking
B. Sandboxing
C. Pooling
D. Fencing
Selected Answer: B
Question #: 379
Topic #: 1
Which cloud service category most commonly uses client-side key management systems?
A. Software as a Service
B. Infrastructure as a Service
C. Platform as a Service
D. Desktop as a Service
Selected Answer: B
Question #: 380
Topic #: 1
Apart from using encryption at the file system level, what technology is the most widely used to protect data stored in an object storage system?
A. TLS
B. HTTPS
C. VPN
D. IRM
Selected Answer: A
Question #: 381
Topic #: 1
Which of the following types of data would fall under data rights management (DRM) rather than information rights management (IRM)?
A. Personnel data
B. Security profiles
C. Publications
D. Financial records
Selected Answer: C
Question #: 382
Topic #: 1
Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their specific circumstances.
What does dynamic application security testing (DAST) NOT entail that SAST does?
A. Discovery
B. Knowledge of the system
C. Scanning
D. Probing
Selected Answer: B
Question #: 383
Topic #: 1
You need to gain approval to begin moving your company’s data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition.
Which of the following cloud concepts would this pertain to?
A. Removability
B. Extraction
C. Portability
D. Reversibility
Selected Answer: D
Question #: 384
Topic #: 1
What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?
A. Live testing
B. Source code access
C. Production system scanning
D. Injection attempts
Selected Answer: B
Question #: 385
Topic #: 1
A main objective for an organization when utilizing cloud services is to avoid vendor lock-in so as to ensure flexibility and maintain independence.
Which core concept of cloud computing is most related to vendor lock-in?
A. Scalability
B. Interoperability
C. Portability
D. Reversibility
Selected Answer: C
Question #: 386
Topic #: 1
Which of the following areas of responsibility always falls completely under the purview of the cloud provider, regardless of which cloud service category is used?
A. Infrastructure
B. Data
C. Physical
D. Governance
Selected Answer: C
Question #: 387
Topic #: 1
What type of masking would you employ to produce a separate data set for testing purposes based on production data without any sensitive information?
A. Dynamic
B. Tokenized
C. Replicated
D. Static
Selected Answer: D
Question #: 388
Topic #: 1
Which aspect of data poses the biggest challenge to using automated tools for data discovery and programmatic data classification?
A. Quantity
B. Language
C. Quality
D. Number of courses
Selected Answer: C
Question #: 389
Topic #: 1
When an organization is considering a cloud environment for hosting BCDR solutions, which of the following would be the greatest concern?
A. Self-service
B. Resource pooling
C. Availability
D. Location
Selected Answer: C
Question #: 390
Topic #: 1
Just like the risk management process, the BCDR planning process has a defined sequence of steps and processes to follow to ensure the production of a comprehensive and successful plan.
Which of the following is the correct sequence of steps for a BCDR plan?
A. Define scope, gather requirements, assess risk, implement
B. Define scope, gather requirements, implement, assess risk
C. Gather requirements, define scope, implement, assess risk
D. Gather requirements, define scope, assess risk, implement
Selected Answer: A
Question #: 391
Topic #: 1
What type of solution is at the core of virtually all directory services?
A. WS
B. LDAP
C. ADFS
D. PKI
Selected Answer: B
Question #: 392
Topic #: 1
The different cloud service models have varying levels of responsibilities for functions and operations depending with the model’s level of service.
In which of the following models would the responsibility for patching lie predominantly with the cloud customer?
A. DaaS
B. SaaS
C. PaaS
D. IaaS
Selected Answer: D
Question #: 393
Topic #: 1
Which component of ITIL involves the creation of an RFC ticket and obtaining official approvals for it?
A. Problem management
B. Release management
C. Deployment management
D. Change management
Selected Answer: D
Question #: 394
Topic #: 1
Which of the following are attributes of cloud computing?
A. Minimal management effort and shared resources
B. High cost and unique resources
C. Rapid provisioning and slow release of resources
D. Limited access and service provider interaction
Selected Answer: A
Question #: 395
Topic #: 1
In a cloud environment, encryption should be used for all the following, except:
A. Secure sessions/VPN
B. Long-term storage of data
C. Near-term storage of virtualized images
D. Profile formatting
Selected Answer: D
Question #: 396
Topic #: 1
Which of the following is considered a technological control?
A. Firewall software
B. Firing personnel
C. Fireproof safe
D. Fire extinguisher
Selected Answer: A
Question #: 397
Topic #: 1
When using an IaaS solution, what is the capability provided to the customer?
A. To provision processing, storage, networks, and other fundamental computing resources when the consumer is able to deploy and run arbitrary software, which can include OSs and applications.
B. To provision processing, storage, networks, and other fundamental computing resources when the auditor is able to deploy and run arbitrary software, which can include OSs and applications.
C. To provision processing, storage, networks, and other fundamental computing resources when the provider is able to deploy and run arbitrary software, which can include OSs and applications.
D. To provision processing, storage, networks, and other fundamental computing resources when the consumer is not able to deploy and run arbitrary software, which can include OSs and applications.
Selected Answer: D
Question #: 398
Topic #: 1
When using an IaaS solution, what is a key benefit provided to the customer?
A. Metered and priced on the basis of units consumed
B. Increased energy and cooling system efficiencies
C. Transferred cost of ownership
D. The ability to scale up infrastructure services based on projected usage
Selected Answer: D
Question #: 399
Topic #: 1
Which of the following is considered an administrative control?
A. Keystroke logging
B. Access control process
C. Door locks
D. Biometric authentication
Selected Answer: A
Question #: 400
Topic #: 1
What is a key capability or characteristic of PaaS?
A. Support for a homogenous environment
B. Support for a single programming language
C. Ability to reduce lock-in
D. Ability to manually scale
Selected Answer: C
