Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

To ensure that compliance obligations for data residency in the cloud are aligned with an organization's risk appetite, which of the following activities is MOST important to perform?

A.

Manage compliance obligations through a structured risk management process.

B.

Communicate the organization's risk appetite across cloud service providers.

C.

Perform a cloud vendor assessment every time there is a change to data flows.

D.

Develop risk metrics to show how the organization is meeting the obligations.

When mapping controls to architectural implementations, requirements define:

A.

control objectives.

B.

control activities.

C.

guidelines.

D.

policies.

Regarding cloud service provider agreements and contracts, unless otherwise stated, the provider is:

A.

responsible to the cloud customer and its clients.

B.

responsible only to the cloud customer.

C.

not responsible at all to any external parties.

D.

responsible to the cloud customer and its end users

Which of the following is the reason for designing the Consensus Assessments Initiative Questionnaire (CAIQ)?

A.

Cloud users can use CAIQ to sign statement of work (SOW) with cloud access security

brokers (CASBs).

B.

Cloud service providers can document roles and responsibilities for cloud security.

C.

Cloud service providers can document their security and compliance controls.

D.

Cloud service providers need the CAIQ to improve quality of customer service

What is an advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

A.

DAST is slower but thorough.

B.

Unlike SAST, DAST is a black box and programming language agnostic.

C.

DAST can dynamically integrate with most continuous integration and continuous delivery (CI/CD) tools.

D.

DAST delivers more false positives than SAST

Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?

A.

Defining the metrics and indicators to monitor the implementation of the compliance program

B.

Determining the risk treatment options to be used in the compliance program

C.

Mapping who possesses the information and data that should drive the compliance goals

D.

Selecting the external frameworks that will be used as reference

The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:

A.

facilitate an effective relationship between the cloud service provider and cloud client.

B.

enable the cloud service provider to prioritize resources to meet its own requirements.

C.

provide global, accredited, and trusted certification of the cloud service provider.

D.

ensure understanding of true risk and perceived risk by the cloud service users

Which objective is MOST appropriate to measure the effectiveness of password policy?

A.

The number of related incidents decreases.

B.

Attempts to log with weak credentials increases.

C.

The number of related incidents increases.

D.

Newly created account credentials satisfy requirements.

If a customer management interface is compromised over the public Internet, it can lead to:

A.

incomplete wiping of the data.

B.

computing and data compromise for customers.

C.

ease of acquisition of cloud services.

D.

access to the RAM of neighboring cloud computers.

Which of the following has been provided by the Federal Office for Information Security in Germany to support customers in selecting, controlling, and monitoring their cloud service providers?

A.

BSI IT-basic protection catalogue

B.

Multi-Tier Cloud Security (MTCS)

C.

German IDW PS 951

D.

BSI Criteria Catalogue C5