Loading questions...
Updated
When building a cloud governance model, which of the following requirements will focus more on the cloud service provider’s evaluation and control checklist?
Prioritizing assurance activities for an organization’s cloud services portfolio depends PRIMARILY on an organization’s ability to:
If the degree of verification for information shared with the auditor during an audit is low, the auditor should:
Which best describes the difference between a type 1 and a type 2 SOC report?
You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?
Which of the following parties should have accountability for cloud compliance requirements?
Which of the following data destruction methods is the MOST effective and efficient?
Under GDPR, an organization should report a data breach within what time frame?
The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:
Which of the following cloud models prohibits penetration testing?
What type of termination occurs at the initiative of one party, and without the fault of the other party?
An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:
The MOST critical concept of managing the build and test of code in DevOps is:
The Cloud Computing Compliance Controls Catalogue (C5) framework is maintained by which of the following agencies?
Which statement about compliance responsibilities and ownership of accountability is correct?
Which objective is MOST appropriate to measure the effectiveness of password policy?
A Dot Release of Cloud Control Matrix (CCM) indicates what?
What should be the auditor’s PRIMARY objective while examining a cloud service provider’s (CSP’s) SLA?
Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
Which of the following is an example of a corrective control?
Which of the following is a cloud-specific security standard?
Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization’s SaaS vendor?
When a client’s business process changes, the CSP SLA should: