Correct answer:

GAPP is correct. The Generally Accepted Privacy Principles (GAPP) standard is a common approach that all applications and systems can use, and it is not specific to any type of data or specific regulatory requirement.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Gap analysis is correct. A gap analysis is performed to determine if the results found from information discovery and testing match with the configuration standards and policies. Any resulting deviation from them will be considered a finding and a gap between the desired state of a system or operations and the actual verified current state.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

95/46/EC is correct. Directive 95/46/EC is titled “On the protection of individuals with regard to the processing of personal data and on the free movement of such data.”

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

IaaS is correct. IaaS gives patching responsibility to the cloud customer because they are responsible for the virtual machines and images. The other cloud service models all fall to the cloud provider for patching responsibility.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

PCI DSS is correct. The PCI DSS standard was developed by the major credit card labels. All merchants that accept credit cards under those labels are required to comply with the PCI DSS standard and its requirements. It is a tiered system of technical and nontechnical requirements based on the number of transactions a vendor processes per year.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

XML is correct. Security Assertion Markup Language (SAML) is based on the XML data format and contains standardized naming conventions of elements as well as a common set of required elements.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Technical and organizational is correct. A security operations center (SOC) is a centralized group that deals with security issues within an organization or enterprise and is responsible for the monitoring, reporting, and handling of security incidents. This is done from both a technical and organizational level and touches all information assets within the organization.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Public is correct. Popular services such as iCloud, Dropbox, and OneDrive are all publicly available and are open to any user for free, with possible add-on services offered for a cost.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Integrity is correct. DNSSEC is a security extension to the regular DNS protocol and services that allows for the validation of the integrity of DNS lookups. It does not address confidentiality or availability at all. It allows for a DNS client to perform DNS lookups and validate both their origin and authority via the cryptographic signature that accompanies the DNS response.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

OAuth is correct. OpenID is an authentication protocol based on OAuth specifications. It is designed to allow developers an easy and flexible mechanism to support authentication across organizations and utilize external identity providers, thus alleviating the need to maintain their own password stores and systems.

Incorrect answers:

All other answers choices are incorrect.