- All Exams Instant Download
In the context of Infrastructure as a Service (laaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
In the context of Infrastructure as a Service (laaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:A . both operating system and application infrastructure contained within the cloud service provider’s instances.B . both operating system and application infrastructure contained within the customer’s instances.C . only application infrastructure...
What do cloud service providers offer to encourage clients to extend the cloud platform?
What do cloud service providers offer to encourage clients to extend the cloud platform?A . Cloud consoleB . Reward programsC . Access to the cloud infrastructureD . Application programming interfaces (APIs)View AnswerAnswer: D Explanation: Cloud service providers offer application programming interfaces (APIs) to encourage clients to extend the cloud platform....
The BEST method to report continuous assessment of a cloud provider’s services to the Cloud Security Alliance (CSA) is through:
The BEST method to report continuous assessment of a cloud provider’s services to the Cloud Security Alliance (CSA) is through: A. Cloud Controls Matrix (CCM) assessment by a third-party auditor on a periodic basis. B. tools selected by the third-party auditor. C. SOC 2 Type 2 attestation. D. a set...
Which of the following is a corrective control that may be identified in a SaaS service provider?
Which of the following is a corrective control that may be identified in a SaaS service provider?A . Log monitoringB . Penetration testingC . Incident response plansD . Vulnerability scanView AnswerAnswer: D
When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?
When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?A . Cloud Service Provider encryption capabilitiesB . The presence of PIIC . Organizational security policiesD . Cost-benefit analysisView AnswerAnswer: A
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?A . Blue teamB . White boxC . Gray boxD . Red teamView AnswerAnswer: B Explanation: Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testinga-practical-approach
Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?
Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?A . Cloud compliance programB . Legacy IT compliance programC . Internal audit programD . Service organization controls reportView AnswerAnswer: D
If the degree of verification for information shared with the auditor during an audit is low, the auditor should:
If the degree of verification for information shared with the auditor during an audit is low, the auditor should:A . reject the information as audit evidence.B . stop evaluating the requirement altogether and review other audit areas.C . delve deeper to obtain the required information to decide conclusively.D . use...
What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?
What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?A . Access controlsB . Vulnerability managementC . Source code reviewsD . PatchingView AnswerAnswer: A Explanation: Reference: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=919233
Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?
Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?A . Security, confidentiality, availability, privacy and processing integrityB . Security, applicability, availability, privacy and processing integrityC . Security, confidentiality, availability, privacy and trustworthinessD . Security, data integrity, availability, privacy...
