Which of the following best describes SAML?
Answer : D
Which of the following best describes the purpose and scope of ISO/IEC 27034-1?
Answer : D
A UPS should have enough power to last how long?
Answer : C
Which of the following best describes the Organizational Normative Framework (ONF)?
Answer : D
Option B is incorrect, because it refers to a specific applications security elements, meaning it is about an ANF, not the ONF. C is true, but not as complete as D, making D the better choice. C suggests that the framework contains only ''some'' of the components, which is why B (which describes ''all'' components) is better
Deviations from the baseline should be investigated and __________________.
Answer : B
All deviations from the baseline should be documented, including details of the investigation and outcome. We do not enforce or encourage deviations. Presumably, we would already be aware of the deviation, so ''revealing'' is not a reasonable answer.
The application normative framework is best described as which of the following?
Answer : D
Remember, there is a one-to-many ratio of ONF to ANF; each organization has one ONF and many ANFs (one for each application in the organization). Therefore, the ANF is a subset of the ONF.
In addition to whatever audit results the provider shares with the customer, what other mechanism does the customer have to ensure trust in the provider's performance and duties?
Answer : B
The contract between the provider and customer enhances the customer's trust by holding the provider financially liable for negligence or inadequate service (although the customer remains legally liable for all inadvertent disclosures). Statutes, however, largely leave customers liable. The security control matrix is a tool for ensuring compliance with regulations. HIPAA is a statute.