Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Which of the following is the MOST significant difference between a cloud risk management program and a traditional risk management program?

A.

Virtualization of the IT landscape

B.

Shared responsibility model

C.

Risk management practices adopted by the cloud service provider

D.

Hosting sensitive information in the cloud environment

What does “The Egregious 11" refer to?

A.

The OWASP Top 10 adapted to cloud computing

B.

A list of top shortcomings of cloud computing

C.

A list of top breaches in cloud computing

D.

A list of top threats to cloud computing

What type of termination occurs at the initiative of one party and without the fault of the other party?

A.

Termination without the fault

B.

Termination at the end of the term

C.

Termination for cause

D.

Termination for convenience

A cloud service provider utilizes services of other service providers for its cloud service. Which of the following is the BEST approach for the auditor while performing the audit for the cloud service?

A.

The auditor should review the service providers' security controls even more strictly, as they are further separated from the cloud customer.

B.

The auditor should review the relationship between the cloud service provider and its service provider to help direct and estimate the level of effort and analysis the auditor should apply.

C.

As the contract for the cloud service is between the cloud customer and the cloud service provider, there is no need for the auditor to review the services provided by the service providers.

D.

As the relationship between the cloud service provider and its service providers is governed by separate contracts between them, there is no need for the auditor to review the services

What legal documents should be provided to the auditors in relation to risk management?

A.

Enterprise cloud strategy and policy

B.

Contracts and service level agreements (SLAs) of cloud service providers

C.

Policies and procedures established around third-party risk assessments

D.

Inventory of third-party attestation reports

Which of the following is a good candidate for continuous auditing?

A.

Procedures

B.

Governance

C.

Cryptography and authentication

D.

Documentation quality

The CSA STAR Certification is based on criteria outlined the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to:

A.

GDPR CoC certification.

B.

GB/T 22080-2008.

C.

SOC 2 Type 1 or 2 reports.

D.

ISO/IEC 27001 implementation.

What areas should be reviewed when auditing a public cloud?

A.

Identity and access management (IAM) and data protection

B.

Source code reviews and hypervisor

C.

Patching and configuration

D.

Vulnerability management and cyber security reviews

Which of the following would be the MOST critical finding of an application security and DevOps audit?

A.

Certifications with global security standards specific to cloud are not reviewed, and the impact of noted findings are not assessed.

B.

Outsourced cloud service interruption, breach, or loss of stored data occurred at the cloud service provider.

C.

The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.

D.

Application architecture and configurations did not consider security measures.

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

A.

Separation of production and development pipelines

B.

Ensuring segregation of duties in the production and development pipelines

C.

Role-based access controls in the production and development pipelines

D.

Periodic review of the continuous integration and continuous delivery (CI/CD) pipeline audit logs to identify any access violations