What is the only data format permitted with the SOAP API?
Correct Answer: D
The SOAP protocol specifically supports the XML data format. XML is integral to the way SOAP messages are formatted and communicated, enabling structured and standardized message exchange between different systems.
Which data formats are most commonly used with the REST API?
Correct Answer: C
JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State Transfer (REST) API. These formats are widely supported and provide flexibility and ease of use for various applications and services interacting with REST APIs.
Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?
Correct Answer: B
Missing function-level access control is a threat type where an application fails to validate authorization for specific functions after the initial authorization checks. This oversight allows unauthorized users to access portions of the application they shouldn't be able to reach, posing a security risk. Proper checks should be performed each time a function or portion of the application is accessed to ensure that users have the proper permissions.
Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?
Correct Answer: B
The cloud service business manager is responsible for overseeing business and billing administration, purchasing cloud services, and requesting audit reports when necessary. This role directly involves managing financial transactions and organizational processes related to cloud services, which aligns with the duties described in the question.
What is the biggest concern with hosting a key management system outside of the cloud environment?
Correct Answer: A
The biggest concern with hosting a key management system outside of the cloud environment is confidentiality. A key management system is used to securely store and manage keys, which are crucial for encrypting and decrypting data. If this system is outside the cloud environment, it may be more exposed to potential unauthorized access, leading to a compromise of the keys' confidentiality. This exposure increases the risk of the sensitive data being accessed by unauthorized parties, making confidentiality the primary concern.