Join the discussion
Question 1/71
Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?
Correct Answer: A
Add Comments
- Other Question (71q)
- Q1. Which of the following is the MOST feasible way to validate the performance of CSPs for th...
- Q2. Sending data to a provider's storage over an API is likely as much morereliable and secure...
- Q3. Which of the following metrics are frequently immature?...
- Q4. Which of the following is an example of a corrective control?...
- Q5. When building a cloud governance model, which of the following requirements will focus mor...
- Q6. Which of the following would be a logical starting point for an auditor who has been engag...
- Q7. Which of the following has the MOST substantial impact on how aggressive or conservative t...
- Q8. Which of the following is the GREATEST security risk associated with data migration from a...
- Q9. To identify key actors and requirements, which of the following MUST be considered when de...
- Q10. Prioritizing assurance activities for an organization's cloud services portfolio depends P...
- Q11. Which of the following is an example of integrity technical impact?...
- Q12. During an audit it was identified that a critical application hosted in an off-premises cl...
- Q13. Due to cloud audit team resource constraints, an audit plan as initially approved cannot b...
- Q14. When developing a cloud compliance program, what is the PRIMARY reason for a cloud custome...
- Q15. What item below allows disparate directory services and independent security domains to be...
- Q16. What areas should be reviewed when auditing a public cloud?...
- Q17. In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan...
- Q18. An organization is in the initial phases of cloud adoption. It is not very knowledgeable a...
- Q19. What should be an organization's control audit schedule of a cloud service provider's busi...
- Q20. Which of the following should be the PRIMARY concern of an IS auditor during a review of a...
- Q21. Which of the following would be the MOST critical finding of an application security and D...
- Q22. Network environments and virtual instances shall be designed and configured to restrict an...
- Q23. Which of the following is MOST important to consider when an organization is building a co...
- Q24. Which concept provides the abstraction needed for resource pools?...
- Q25. What factors should you understand about the data specifically due to legal, regulatory, a...
- Q26. Which of the following is MOST important to consider when developing an effective threat m...
- Q27. All cloud services utilize virtualization technologies....
- Q28. Which of the following key stakeholders should be identified the earliest when an organiza...
- Q29. How can virtual machine communications bypass network security controls?...
- Q30. In an organization, how are policy violations MOST likely to occur?...
- Q31. Segregation of duties would be compromised if:...
- Q32. During a review, an IS auditor notes that an organization's marketing department has purch...
- Q33. Your SLA with your cloudprovider ensures continuity for all services....
- Q34. Which of the following is the common cause of misconfiguration in a cloud environment?...
- Q35. Which of the following statements are NOT requirements of governance and enterprise risk m...
- Q36. When migrating to a cloud environment, which of the following should be the PRIMARY driver...
- Q37. Which of the following is a corrective control that may be identified in a SaaS service pr...
- Q38. To support customer's verification of the CSP claims regarding their responsibilities acco...
- Q39. Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to ot...
- Q40. Which of the following configuration change controls is acceptable to a cloud auditor?...
- Q41. What aspect of SaaS functionality and operations would the cloud customer be responsible f...
- Q42. Which of the following data destruction methods is the MOST effective and efficient?...
- Q43. From the perspective of a senior cloud security audit practitioner in an organization of a...
- Q44. The criteria for limiting services allowing non-critical services or services requiring hi...
- Q45. To ensure that cloud audit resources deliver the best value to the organization, the PRIMA...
- Q46. A certification target helps in the formation of a continuous certification framework by i...
- Q47. One of the Cloud Control Matrix's (CCM's) control specifications states that "Independent ...
- Q48. Account design in the cloud should be driven by:...
- Q49. What is resource pooling?
- Q50. The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative...
- Q51. Which term is used to describe the use of tools to selectively degrade portions of the clo...
- Q52. Big data includes high volume, high variety, and high velocity....
- Q53. Which of the following should be the FIRST step to establish a cloud assurance program dur...
- Q54. An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO...
- Q55. Which statement best describes why it is important to know how data is being accessed?...
- Q56. The MOST critical concept of managing the build and test of code in DevOps is:...
- Q57. How does running applications on distinct virtual networks and only connecting networksas ...
- Q58. A Dot Release of Cloud Control Matrix (CCM) indicates what?...
- Q59. What is known as a code execution environment running within an operating system that shar...
- Q60. Cloud Control Matrix (CCM) controls can be used by cloud customers to:...
- Q61. ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability ...
- Q62. What data center and physical security measures should a cloud customer consider when asse...
- Q63. The BEST method to report continuous assessment of a cloud provider's services to the CSA ...
- Q64. The Cloud Octagon Model was developed to support organizations:...
- Q65. If there are gaps in network logging data,what can you do?...
- Q66. CCM: In the CCM tool, "Encryption and Key Management" is an example of which of the follow...
- Q67. Customer management interface, if compromised over public internet, can lead to:...
- Q68. To assist an organization with planning a cloud migration strategy to execution, an audito...
- Q69. Which of the following cloud deployment models would BEST meet the needs of a startup soft...
- Q70. What is true of searching data across cloud environments?...
- Q71. Cloud applications can use virtual networks and other structures, for hyper-segregated env...
