In reference to the Top Threats Analysis methodology, how would the technical impact of this incident be categorized?

After finding a vulnerability in an Internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite parts of some files with random data. In reference to the Top Threats Analysis methodology, how would the technical impact of this incident...

February 23, 2025 No Comments READ MORE +

When establishing cloud governance, an organization should FIRST test by migrating:

When establishing cloud governance, an organization should FIRST test by migrating:A . legacy applications to the cloud.B . a few applications to the cloud.C . all applications at once to the cloud.D . complex applications to the cloudView AnswerAnswer: B Explanation: When establishing cloud governance, an organization should first test...

February 22, 2025 No Comments READ MORE +

Visibility to which of the following would give an auditor the BEST view of design and implementation decisions when an organization uses programmatic automation for Infrastructure as a Service (laaS) deployments?

Visibility to which of the following would give an auditor the BEST view of design and implementation decisions when an organization uses programmatic automation for Infrastructure as a Service (laaS) deployments?A . Source code within build scriptsB . Output from threat modeling exercisesC . Service level agreements (SLAs)D . Results...

February 20, 2025 No Comments READ MORE +

Which of the following aspects of risk management involves identifying the potential reputational and financial harm when an incident occurs?

Which of the following aspects of risk management involves identifying the potential reputational and financial harm when an incident occurs?A . Impact analysisB . LikelihoodC . MitigationD . Residual riskView AnswerAnswer: A Explanation: According to the web search results, impact analysis is the aspect of risk management that involves identifying...

February 17, 2025 No Comments READ MORE +

Which of the following is a category of trust in cloud computing?

Which of the following is a category of trust in cloud computing?A . Loyalty-based trustB . Background-based trustC . Reputation-based trustD . Transparency-based trustView AnswerAnswer: C Explanation: Reputation-based trust is a category of trust in cloud computing that relies on the feedback, ratings, reviews, or recommendations of other users or...

February 17, 2025 No Comments READ MORE +

What is an advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

What is an advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?A . DAST is slower but thorough.B . Unlike SAST, DAST is a black box and programming language agnostic.C . DAST can dynamically integrate with most continuous integration and continuous delivery (CI/CD) tools.D...

February 15, 2025 No Comments READ MORE +

In relation to testing business continuity management and operational resilience, an auditor should review which of the following database documentation?

In relation to testing business continuity management and operational resilience, an auditor should review which of the following database documentation?A . Database backup and replication guidelinesB . System backup documentationC . Incident management documentationD . Operational manualsView AnswerAnswer: A Explanation: Database backup and replication guidelines are essential for ensuring the...

February 13, 2025 No Comments READ MORE +

Which of the following would be the BEST information security control framework to implement?

A new company has all its operations in the cloud. Which of the following would be the BEST information security control framework to implement?A . NIST 800-73, because it is a control framework implemented by the main cloud providersB . ISO/IEC 27018C . ISO/IEC 27002D . (S) Cloud Security Alliance...

February 11, 2025 No Comments READ MORE +

Which of the following is a cloud-specific security standard?

Which of the following is a cloud-specific security standard?A . 15027017B . 15014001C . 15022301D . 15027701View AnswerAnswer: A Explanation: ISO/IEC 15027017 is a cloud-specific security standard that provides guidelines for information security controls applicable to the provision and use of cloud services. It is based on ISO/IEC 27002, which...

February 8, 2025 No Comments READ MORE +

To support a customer's verification of the cloud service provider claims regarding its responsibilities according to the shared responsibility model, which of the following tools and techniques is appropriate?

To support a customer's verification of the cloud service provider claims regarding its responsibilities according to the shared responsibility model, which of the following tools and techniques is appropriate?A . External auditB . Internal auditC . Contractual agreementD . Security assessmentView AnswerAnswer: A Explanation: An external audit is an appropriate...

February 7, 2025 No Comments READ MORE +