Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?

• A.The proper authorities were not notified.
• B.The handling procedures of the attacked system are not documented.
• C.An image copy of the attacked system was not taken.
• D.The investigation report does not indicate a conclusion.

Comment: *

Name: *

Email: *

Verification: *

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

• A.Development standards for addressing integration, testing, and deployment issues
• B.Process of security integration using automation in software development
• C.Making software development simpler, faster, and easier using automation
• D.Operational framework that promotes software consistency through automation

Comment: *

Name: *

Email: *

Verification: *

CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services fortracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document topotential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?

• A.The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.
• B.The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
• C.The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

Comment: *

Name: *

Email: *

Verification: *

Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed.
Assuming that the situation is communicated in the cloud audit report which course of action is MOST relevant?

• A.Focusing on auditing high-risk areas
• B.Relying on management testing of cloud controls
• C.Testing the operational effectiveness of cloud controls
• D.Testing the adequacy of cloud controls design

Comment: *

Name: *

Email: *

Verification: *