In the cloud provider and consumer relationship, which entity
manages the virtual or abstracted infrastructure?
What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?
Select the statement below which best describes the relationship between identities and attributes
An important consideration when performing a remote vulnerability test of a cloud-based application is to
When configured properly, logs can track every code, infrastructure, and configuration change and connect it back to the submitter and approver, including the test results.
What is known as the interface used to connect with the metastructure and configure the cloud environment?
CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?
Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?
Any given processor and memory will nearly always be running multiple workloads, often from different tenants.
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?
Which of the following is NOT a cloud computing characteristic that impacts incidence response?
Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?
How does running applications on distinct virtual networks and only connecting networks as needed help?
Which data security control is the LEAST likely to be assigned to an IaaS provider?
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?
If in certain litigations and investigations, the actual cloud application or environment itself is relevant to resolving the dispute in the litigation or investigation, how is the information likely to be obtained?
Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?
When investigating an incident in an Infrastructure as a Service (IaaS) environment, what can the user investigate on their own?
Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?
When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?
In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?