Correct answer:

Something the user sends is correct. Multifactor authentication systems are composed of something the user knows, something the user has, and/or something the user is, but not something the user sends.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Software is correct. The software service capability gives the cloud customer a fully established application, where only minimal user configuration options are allowed.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Metadata is correct. Metadata is data about data. It contains information about the type of data, how it is stored and organized, or information about its creation and use.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Knowledge of the system is correct. Dynamic application security testing (DAST) is considered “black-box” testing and begins with no inside knowledge of the application or its configurations. Everything about the application must be discovered during the testing.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Security misconfiguration is correct. Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner. This can be caused from a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Costs is correct. The data retention policy covers the duration, format, technologies, protection, and accessibility of archives but does not address the specific costs of its implementation and maintenance.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Cloud service administration is correct. The cloud service administrator is responsible for testing and monitoring cloud services, administering security for services, providing usage reports on cloud services, and addressing problem reports.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Insecure deserialization is correct. Deserialization can occur when an application or API accepts objects from untrusted sources. In this case, an object can be used to modify application logic or initiate remote execution of code by the application.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Jurisdiction is correct. Jurisdiction will dictate much of the compliance and audit requirements for a data center. Although all aspects are very important to security, from a strict compliance perspective, jurisdiction is the most important.

Incorrect answers:

All other answers choices are incorrect.

Correct answer:

Remove unnecessary software is correct. After the initial install, all unnecessary software, utilities, and plug-ins should be removed, and all services that are nonessential should be stopped, disabled, or removed.

Incorrect answers:

All other answers choices are incorrect.