Q1. As part of continuous auditing, which of the following should a third-party auditor verify on a regular basis?
A.Reporting tools are reliable and based on defined objectives.
B. The cloud service provider is compliant.
C. Assessment tools are configured based on cloud security best practices.
D. Application programming interfaces (APIs) implemented are appropriate.
Correct Answer: C
Q2. Which of the following is a direct benefit of mapping the Cloud Controls Matrix (CCM) to other international standards and regulations?
A.CCM mapping enables cloud service providers and customers alike to streamline their own compliance and security efforts.
B. CCM mapping entitles cloud service providers to be listed as an approved supplier for tenders and government contracts.
C. CCM mapping entitles cloud service providers to be certified under the CSA STAR program.
D. CCM mapping enables an uninterrupted data flow and in particular the export of personal data across different jurisdictions.
Correct Answer: A
Q3. A business unit introducing cloud technologies to the organization without the knowledge or approval of the appropriate governance function is an example of:
A.IT exception
B. Threat
C. Shadow IT
D. Vulnerability
Correct Answer: C
Q4. What is the MOST effective way to ensure a vendor is compliant with the agreed-upon cloud service?
A.Examine the cloud provider's certifications and ensure the scope is appropriate.
B. Document the requirements and responsibilities within the customer contract
C. Interview the cloud security team and ensure compliance.
D. Pen test the cloud service provider to ensure compliance.
Correct Answer: A
$ 39
Reviews
There are no reviews yet.