D is correct. A hardware security module (HSM) is a removable device

that can generate and store RSA keys used with servers. The keys can be

used to encrypt data sent to and from the server, but they wouldn’t be used

for full drive encryption. A Trusted Platform Module (TPM) provides full

drive encryption and is included in many laptops. A data loss prevention

(DLP) device is a device that can reduce the risk of employees emailing

confidential information outside the organization. Software as a Service

(SaaS) provides software or applications, such as webmail, via the cloud.

See Chapter 5.

B is correct. Encryption is the best choice to provide confidentiality of

any type of information, including sensitive information. A digital signature

provides integrity, non-repudiation, and authentication. Data masking

modifies the original data, producing data that looks valid but is not

authentic. Hashing provides integrity. See Chapter 5.

A is correct. They created a community cloud. In the scenario, the two

organizations have a common goal of sharing educational materials. The

individual clouds created by each organization are private clouds, but the

shared community cloud resources are not private. A public cloud would be

available to anyone, but the scenario wants to restrict access to just two

organizations. Anything as a Service (XaaS) refers to cloud services beyond

IaaS, PaaS, and SaaS. See Chapter 5.

B is correct. Storage segmentation creates separate storage areas in

mobile devices and can be used with a choose your own device (CYOD)

mobile device deployment model where users own their devices. None of

the other answers are directly related to mobile devices. A supervisory

control and data acquisition (SCADA) system controls industrial control

systems (ICSs), such as those used in nuclear power plants or water

treatment facilities, and SCADA systems should be isolated. Database

security includes the use of permissions and encryption to protect data in a

database but is unrelated to mobile device deployment. Some embedded

systems use a real-time operating system (RTOS) when the system must

react within a specific time. See Chapter 5.

D is correct. Anything as a Service (XaaS) refers to cloud services

beyond IaaS, PaaS, and SaaS. It would include desktops as a service.

Infrastructure as a Service (IaaS) is a cloud computing option where the

vendor provides access to a computer. Still, customers must install the

operating system and maintain the system. A cloud access security broker

(CASB) is a software tool used to provide additional security for cloud

resources, but it provides the underlying cloud services. Software as a

Service (SaaS) provides access to specific applications such as an email

application, but not entire desktops. See Chapter 5.

B is correct. A managed security service provider (MSSP) is a third-

party vendor that provides security services for an organization, and it is the

best solution for this scenario. A Security Orchestration, Automation, and

Response (SOAR) solution automates incident response for some events,

but it will augment services already provided by security staff within an

organization. SOAR would not work here because the small business

doesn’t have any security staff. Software as a Service (SaaS) includes any

software or application provided to users over a network such as the

Internet. Anything as a Service (XaaS) refers to cloud services beyond

SaaS, IaaS, and PaaS. See Chapter 5.

C is correct. A choose your own device (CYOD) mobile device

deployment model includes a list of acceptable devices that employees can

purchase and connect to the network. IT management can then implement a

mobile device management (MDM) system to provide standardized

management for these devices. The current policy is a bring your own

device (BYOD) policy, but because of the lack of standardization, it’s

difficult for IT departments to adequately manage the devices and ensure

they don’t introduce vulnerabilities to the network. A corporate-owned

personally enabled (COPE) policy indicates the organization owns the

devices, not the employees. Infrastructure as a Service (IaaS) is a cloud

computing option where the vendor provides access to a computer, but

customers must install the operating system and maintain the system. See

Chapter 5.