Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

Which of the following attestations allows for immediate adoption of the Cloud Controls Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?

A.

BSI Criteria Catalogue C5

B.

PCI-DSS

C.

MTCS

D.

CSA STAR Attestation

What aspect of Software as a Service (SaaS) functionality and operations would the cloud customer be responsible for and should be audited?

A.

Source code reviews

B.

Patching

C.

Access controls

D.

Vulnerability management

Regarding suppliers of a cloud service provider, it is MOST important for the auditor to be aware that the:

A.

client organization does not need to worry about the provider's suppliers, as this is the

provider's responsibility.

B.

suppliers are accountable for the provider's service that they are providing.

C.

client organization and provider are both responsible for the provider's suppliers.

D.

client organization has a clear understanding of the provider's suppliers.

The effect of which of the following should have priority in planning the scope and objectives of a cloud audit?

A.

Applicable industry good practices

B.

Applicable statutory requirements

C.

Organizational policies and procedures

D.

Applicable corporate standards

Which of the following aspects of risk management involves identifying the potential reputational and financial harm when an incident occurs?

A.

Impact analysis

B.

Likelihood

C.

Mitigation

D.

Residual risk

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:

A.

treated as confidential information and withheld from all sub cloud service providers.

B.

treated as sensitive information and withheld from certain sub cloud service providers.

C.

passed to the sub cloud service providers.

D.

passed to the sub cloud service providers based on the sub cloud service providers' geographic location.

In a situation where duties related to cloud risk management and control are split between an organization and its cloud service providers, which of the following would BEST help to ensure a coordinated approach to risk and control processes?

A.

Establishing a joint security operations center

B.

Automating reporting of risk and control compliance

C.

Co-locating compliance management specialists

D.

Maintaining a centralized risk and controls dashboard

Which of the following is a PRIMARY benefit of using a standardized control framework?

A.

It enables senior management to receive regular and detailed executive reports easily.

B.

It enables the organization to implement an effective process of control measurement.

C.

It enables auditors to assess an information system based on a well-defined set of controls.

D.

It enables consultants to speed up the implementation of management systems, thus reducing costs.

Regarding suppliers of a cloud service provider, it is MOST important for the auditor to be aware that the:

A.

client organization has a clear understanding of the provider s suppliers.

B.

suppliers are accountable for the provider's service that they are providing.

C.

client organization does not need to worry about the provider's suppliers, as this is the

provider's responsibility.

D.

client organization and provider are both responsible for the provider's suppliers.

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?

A.

ISO/IEC 27002

B.

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

C.

NISTSP 800-146

D.

ISO/IEC 27017:2015