Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?
Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?
An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?
Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?
After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?
Which best describes the difference between a type 1 and a type 2 SOC report?
A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?
Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to other international standards and regulations?
Supply chain agreements between CSP and cloud customers should, at minimum, include:
To identify key actors and requirements, which of the following MUST be considered when designing a cloud compliance program?
Customer management interface, if compromised over public internet, can lead to:
Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?