Which of the following has the MOST substantial impact on how aggressive or conservative the cloud approach of an organization will be?

• A.Risk scoring criteria
• B.Risk appetite and budget constraints
• C.Internal policies and technical standards
• D.Applicable laws and regulations

Comment: *

Name: *

Email: *

Verification: *

What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

• A.DAST can dynamically integrate with most CI/CD tools.
• B.DAST delivers more false positives than SAST.
• C.Unlike SAST, DAST is a blackbox and programming language agnostic.
• D.DAST is slower but thorough.

Comment: *

Name: *

Email: *

Verification: *

The Cloud Computing Compliance Controls Catalogue (C5) framework is maintained by which of the following agencies?

• A.National Institute of Standards and Technology (NIST)
• B.National Security Agency (NSA)
• C.Bundesamt fur Sicherheit in der Informationstechnik (BSI)
• D.Agence nationale de la securite des systemes d'information (ANSSI)

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?

• A.Vendor has exclusive control of IT resources
• B.Changes in services are not tracked
• C.Lack of software escrow provisions
• D.No employee succession plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

• A.Aligning the cloud provider's SLA with the organization's policy
• B.Aligning the cloud service delivery with the organization's objective
• C.Aligning the organization's activity with the cloud provider's policy
• D.Aligning shared responsibilities between provider and customer

Comment: *

Name: *

Email: *

Verification: *