What legal documents should be provided to the auditors in relation to risk management?

What legal documents should be provided to the auditors in relation to risk management?A . Enterprise cloud strategy and policyB . Contracts and service level agreements (SLAs) of cloud service providersC . Policies and procedures established around third-party risk assessmentsD . Inventory of third-party attestation reportsView AnswerAnswer: B Explanation: Contracts...

March 27, 2025 No Comments READ MORE +

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?A . Separation of production and development pipelinesB . Ensuring segregation of duties in the production and development pipelinesC . Role-based access controls in the production and development pipelinesD . Periodic...

March 25, 2025 No Comments READ MORE +

Which mode has been selected by the provider?

A cloud service provider contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The provider's security operation center is not notified in advance of the scope of the audit and the test vectors....

March 24, 2025 No Comments READ MORE +

The CSA STAR Certification is based on criteria outlined the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to:

The CSA STAR Certification is based on criteria outlined the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to:A . ISO/IEC 27001 implementation.B . GB/T 22080-2008.C . SOC 2 Type 1 or 2 reports.D . GDPR CoC certification.View AnswerAnswer: A Explanation: The CSA STAR Certification is based on...

March 23, 2025 No Comments READ MORE +

Which of the following is an example of financial business impact?

Which of the following is an example of financial business impact?A . A distributed denial of service (DDoS) attack renders the customer’s cloud inaccessible for 24 hours, resulting in millions in lost sales.B . A hacker using a stolen administrator identity brings down the Software of a Service (SaaS) sales...

March 19, 2025 No Comments READ MORE +

The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:

The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:A . facilitate an effective relationship between the cloud service provider and cloud client.B . enable the cloud service provider to prioritize resources to meet its own requirements.C . provide global, accredited, and trusted certification of...

March 17, 2025 No Comments READ MORE +

Which of the following can BEST help to gain the required information?

An auditor wants to get information about the operating effectiveness of controls addressing privacy, availability, and confidentiality of a service organization. Which of the following can BEST help to gain the required information?A . ISAE 3402 reportB . ISO/IEC 27001 certificationC . SOC1 Type 1 reportD . SOC2 Type 2...

March 15, 2025 No Comments READ MORE +

When an organization is using cloud services, the security responsibilities largely vary depending on the service delivery model used, while the accountability for compliance should remain with the:

When an organization is using cloud services, the security responsibilities largely vary depending on the service delivery model used, while the accountability for compliance should remain with the:A . cloud user.B . cloud service provider. 0C . cloud customer.D . certification authority (CA)View AnswerAnswer: C Explanation: According to the ISACA...

March 8, 2025 No Comments READ MORE +

Which of the following is an example of availability technical impact?

Which of the following is an example of availability technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alters the discount percentage in the product database.C . A distributed denial of service (DDoS) attack...

March 5, 2025 No Comments READ MORE +

During the planning phase of a cloud audit, the PRIMARY goal of a cloud auditor is to:

During the planning phase of a cloud audit, the PRIMARY goal of a cloud auditor is to:A . specify appropriate tests.B . address audit objectives.C . minimize audit resources.D . collect sufficient evidence.View AnswerAnswer: B Explanation: According to the ISACA Cloud Auditing Knowledge Certificate Study Guide, the primary goal of...

March 4, 2025 No Comments READ MORE +