To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?A . Provider documentation B. Provider run audits and reports C. Third-party attestations D. Provider and consumer contracts E. EDiscovery toolsView AnswerAnswer: C
Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?
Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?A . Code Review B. Static Application Security Testing (SAST) C. Unit Testing D. Functional Testing E. Dynamic Application Security Testing (DAST)View AnswerAnswer: E
Which of the following statements is true in regards to Data Loss Prevention (DLP)?
Which of the following statements is true in regards to Data Loss Prevention (DLP)?A . DLP can provide options for quickly deleting all of the data stored in a cloud environment. B. DLP can classify all data in a storage repository. C. DLP never provides options for how data found...
Vulnerability assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions.
Vulnerability assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions.A . False B. TrueView AnswerAnswer: A
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?A . An entitlement matrix B. A support table C. An entry log D. A validation process E. An access...
What is known as the interface used to connect with the metastructure and configure the cloud environment?
What is known as the interface used to connect with the metastructure and configure the cloud environment?A . Administrative access B. Management plane C. Identity and Access Management D. Single sign-on E. Cloud dashboardView AnswerAnswer: B
Which statement best describes the Data Security Lifecycle?
Which statement best describes the Data Security Lifecycle?A . The Data Security Lifecycle has six stages, is strictly linear, and never varies. B. The Data Security Lifecycle has six stages, can be non-linear, and varies in that some data may never pass through all stages. C. The Data Security Lifecycle...
Which opportunity helps reduce common application security issues?
Which opportunity helps reduce common application security issues?A . Elastic infrastructure B. Default deny C. Decreased use of micro-services D. Segregation by default E. Fewer serverless configurationsView AnswerAnswer: A
ENISA: “VM hopping” is:
ENISA: “VM hopping” is:A . Improper management of VM instances, causing customer VMs to be commingled with other customer systems. B. Looping within virtualized routing systems. C. Lack of vulnerability management standards. D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs. E. Instability...
How should an SDLC be modified to address application security in a Cloud Computing environment?
How should an SDLC be modified to address application security in a Cloud Computing environment?A . Integrated development environments B. Updated threat and trust models C. No modification is needed D. Just-in-time compilers E. Both B and CView AnswerAnswer: A