Uncategorized

21 Sep

Posted at 16:23h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. In an infrastructure as a service (IaaS) environment where a vendor supplies a customer with access to storage services, who is normally responsible for removing sensitive data from drives that are taken out of service? A. Customer's Security Team B. Customer’s Storage Team C. Customer’s Vendor Management Team D. Vendor Correct Answer: D In an infrastructure as a service environment, security duties follow a shared responsibility model. Since the vendor is responsible for managing the storage hardware, the vendor would retain responsibility for destroying or wiping drives as they are taken out of service. However, it is still the customer’s responsibility to validate that the vendor’s sanitization procedures meet their requirements prior to utilizing the vendor’s storage services. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

21 Sep

Posted at 16:20h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Ed has a question about the applicability of PCI DSS requirements to his organization’s credit card processing environment. What organization is the regulator in this case? A. The SEC B. The FDA C. The FTC D. The PCI SSC Correct Answer: D The Payment Card Industry Data Security Standard (PCI DSS) is overseen by the Payment Card Industry Security Standards Council (PCI SSC). This is not the responsibility of the Securities and Exchange Commission (SEC), the Food and Drug Administration (FDA), or the Federal Trade Commission (FTC). Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

21 Sep

Posted at 16:17h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Gavin is looking for guidance on how his organization should approach the evaluation of cloud service providers. What ISO document can help him with this work? A. ISO 27001 B. ISO 27701 C. ISO 27017 D. ISO 17789 Correct Answer: C ISO 27001 is a general description of controls appropriate for a cybersecurity program, while ISO 27701 provides control guidance for privacy programs neither of which are what we are looking for here. ISO 27017 provides guidance on the security controls that should be implemented by cloud service providers and would be useful to Gavin in evaluating such a provider. ISO 17789 provides a cloud reference architecture and does not offer specific security guidance, so that makes it another incorrect answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...