Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

In relation to testing business continuity management and operational resilience, an auditor should review which of the following database documentation?

A.

Database backup and replication guidelines

B.

System backup documentation

C.

Incident management documentation

D.

Operational manuals

To ensure integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?

A.

Parallel testing

B.

Full application stack unit testing

C.

Functional verification

D.

Regression testing

After finding a vulnerability in an Internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite parts of some files with random data. In reference to the Top Threats Analysis methodology, how would the technical impact of this incident be categorized?

A.

As an availability breach

B.

As a control breach

C.

As a confidentiality breach

D.

As an integrity breach

Which of the following aspects of risk management involves identifying the potential reputational and financial harm when an incident occurs?

A.

Likelihood

B.

Mitigation

C.

Residual risk

D.

Impact analysis

The PRIMARY objective for an auditor to understand the organization's context for a cloud audit is to:

A.

determine whether the organization has carried out control self-assessment (CSA) and validated audit reports of the cloud service providers.

B.

validate an understanding of the organization's current state and how the cloud audit plan fits into the existing audit approach.

C.

validate the organization's performance effectiveness utilizing cloud service provider solutions.

D.

validate whether an organization has a cloud audit plan in place.

Who is accountable for the use of a cloud service?

A.

The cloud access security broker (CASB)

B.

The supplier

C.

The cloud service provider

D.

The organization (client)

When an organization is moving to the cloud, responsibilities are shared based upon the cloud service provider's model and accountability is:

A.

shared.

B.

avoided.

C.

transferred.

D.

maintained.

Cloud Controls Matrix (CCM) controls can be used by cloud customers to:

A.

develop new security baselines for the industry.

B.

define different control frameworks for different cloud service providers.

C.

build an operational cloud risk management program.

D.

facilitate communication with their legal department.

Which of the following is an example of availability technical impact?

A.

The cloud provider reports a breach of customer personal data from an unsecured server.

B.

A hacker using a stolen administrator identity alters the discount percentage in the product database.

C.

A distributed denial of service (DDoS) attack renders the customer’s cloud inaccessible for 24 hours.

D.

An administrator inadvertently clicked on phish bait, exposing the company to a ransomware attack

For an auditor auditing an organization's cloud resources, which of the following should be of GREATEST concern?

A.

The organization does not have separate policies for governing its cloud environment.

B.

The organization's IT team does not include resources with cloud certifications.

C.

The organization does not perform periodic reviews or control monitoring for its cloud environment, but it has a documented audit plan and performs an audit for its cloud environment every alternate year.

D.

The risk management team reports to the head of audit.