New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

CCM: The following list of controls belong to which domain of the CCM?

GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework

A.

Governance and Retention Management

B.

Governance and Risk Management

C.

Governing and Risk Metrics

Which governance domain focuses on proper and adequate incident detection, response, notification, and remediation?

A.

Data Security and Encryption

B.

Information Governance

C.

Incident Response, Notification and Remediation

D.

Compliance and Audit Management

E.

Infrastructure Security

Without virtualization, there is no cloud.

A.

False

B.

True

What is a commonly used method by which hybrid cloud integrates data centers with public cloud?

A.

Using VPN or dedicated links

B.

Using peer-to-peer networks

C.

Using local area network (LAN)

D.

Using satellite connections

For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

A.

Scope of the assessment and the exact included features and services for the assessment

B.

Provider infrastructure information including maintenance windows and contracts

C.

Network or architecture diagrams including all end point security devices in use

D.

Service-level agreements between all parties

E.

Full API access to all required services

Which of the following enhances Platform as a Service (PaaS) security by regulating traffic into PaaS components?

A.

Intrusion Detection Systems

B.

Hardware Security Modules

C.

Network Access Control Lists

D.

API Gateways

Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

A.

False

B.

True

Which approach creates a secure network, invisible to unauthorized users?

A.

Firewalls

B.

Software-Defined Perimeter (SDP)

C.

Virtual Private Network (VPN)

D.

Intrusion Detection System (IDS)

How does virtualized storage help avoid data loss if a drive fails?

A.

Multiple copies in different locations

B.

Drives are backed up, swapped, and archived constantly

C.

Full back ups weekly

D.

Data loss is unavoidable with drive failures

E.

Incremental backups daily

Which of the following best describes compliance in the context of cybersecurity?

A.

Defining and maintaining the governance plan

B.

Adherence to internal policies, laws, regulations, standards, and best practices

C.

Implementing automation technologies to monitor the control implemented

D.

Conducting regular penetration testing as stated in applicable laws and regulations