- All Exams Instant Download
The Cloud Octagon Model was developed to support organizations:
The Cloud Octagon Model was developed to support organizations:A . risk assessment methodology.B . risk treatment methodology.C . incident response methodology.D . incident detection methodology.View AnswerAnswer: A
Which access control method will allow IT personnel to be segregated across the various locations?
A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel . Which access control method will allow IT personnel to be segregated across the various locations?A . Role Based Access ControlB . Attribute...
Which of the following configuration change controls is acceptable to a cloud auditor?
Which of the following configuration change controls is acceptable to a cloud auditor?A . Development, test and production are hosted in the same network environment.B . Programmers have permanent access to production software.C . The Head of Development approves changes requested to production.D . Programmers cannot make uncontrolled changes to...
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?A . SOC3 - Type2B . Cloud Control Matrix (CCM)C . SOC2 - Type1D . SOC1 - Type1View AnswerAnswer: C Explanation: Reference: https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventing-the-next-cybersecurity-attack-with-effective-cloud-security-audits
Which of the following parties should have accountability for cloud compliance requirements?
Which of the following parties should have accountability for cloud compliance requirements?A . CustomerB . Equally shared between customer and providerC . ProviderD . Either customer or provider, depending on requirementsView AnswerAnswer: B
The MOST critical concept of managing the build and test of code in DevOps is:
The MOST critical concept of managing the build and test of code in DevOps is:A . continuous build.B . continuous delivery.C . continuous deployment.D . continuous integration.View AnswerAnswer: B Explanation: Reference: https://smartbear.com/blog/devops-testing-strategy-best-practices-tools/
What areas should be reviewed when auditing a public cloud?
What areas should be reviewed when auditing a public cloud?A . Patching, source code reviews, hypervisor, access controlsB . Identity and access management, data protectionC . Patching, configuration, hypervisor, backupsD . Vulnerability management, cyber security reviews, patchingView AnswerAnswer: B
Which of the following is an example of financial business impact?
Which of the following is an example of financial business impact?A . A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.B . While the breach was reported in a timely manner to...
Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public SaaS application to ease the recruiting process?
Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public SaaS application to ease the recruiting process?A . Ensure HIPAA complianceB . Implement a cloud access security brokerC . Consult the legal departmentD . Do not allow data to be...
SAST testing is performed by:
SAST testing is performed by:A . scanning the application source code.B . scanning the application interface.C . scanning all infrastructure components.D . performing manual actions to gain control of the application.View AnswerAnswer: A Explanation: SAST analyzes application code offline. SAST is generally a rules-based test that will scan software code...
