Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system?

• A.Service Level Agreement (SLA)
• B.Service Level Objective (SLO)
• C.Recovery Point Objectives (RPO)
• D.Recovery Time Objectives (RTO)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way for a client to enforce a policy violation committed by a cloud service provider (CSP)?

• A.The violation is agreed upon and documented.
• B.Violations will be automatically enforced so no action is needed.
• C.The violation is agreed to verbally by the CSP.
• D.Nothing can be done to enforce violations as this is a cloud service.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a cloud-native solution designed to counter threats that do not exist within the enterprise?

• A.Rule based access control
• B.Role based access control
• C.Policy based access control
• D.Attribute based access control

Comment: *

Name: *

Email: *

Verification: *

How is encryption managed on multi-tenant storage?

• A.Single key for all data owners
• B.C for data subject to the EU Data Protection Directive; B for all others
• C.One key per data owner
• D.Multiple keys per data owner
• E.The answer could be A, B, or C depending on the provider

Comment: *

Name: *

Email: *

Verification: *

An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:

• A.assess the existence and adequacy of a security awareness training program at the cloud service provider's organization as the cloud customer hired the auditor to review and cloud service.
• B.assess the existence and adequacy of a security awareness training program at both the cloud customer's organization and the cloud service provider's organization.
• C.not assess the security awareness training program as it is each organization's responsibility
• D.assess the existence and adequacy of a security awareness training program at the cloud customer's organization as they hired the auditor.

Comment: *

Name: *

Email: *

Verification: *