Why is a service type of network typically isolated on different hardware?

• A.It requires distinct access controls
• B.It manages resource pools for cloud consumers
• C.It has distinct functions from other networks
• D.It manages the traffic between other networks
• E.It requires unique security

Comment: *

Name: *

Email: *

Verification: *

ENISA: "VMhopping" is:

• A.Improper management of VM instances, causing customer VMs to be commingled with other customer systems.
• B.Lack of vulnerability management standards.
• C.Looping within virtualized routing systems.
• D.Instability in VM patch management causing VM routing errors.
• E.Using a compromised VM to exploit a hypervisor, used to take control of other VMs.

Comment: *

Name: *

Email: *

Verification: *

To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

• A.ISO/I 27001: 2013 controls.
• B.all Cloud Control Matrix (CCM) controls and TSPC security principles.
• C.Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.
• D.maturity model criteria.

Comment: *

Name: *

Email: *

Verification: *

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?

• A.Use of an established standard/regulation to map controls and use as the audit criteria
• B.For efficiency reasons, use of its on-premises systems' audit criteria to audit the cloud environment
• C.Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage
• D.As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an IS auditor's GREATEST concern when reviewing an outsourcing arrangement with a third-party cloud service provider to host personally identifiable data?

• A.The outsourcing contract does not contain a right-to-audit clause.
• B.Fees are charged based on the volume of data stored by the host.
• C.The data is not adequately segregated on the host platform.
• D.The organization's servers are not compatible with the third party's infrastructure

Comment: *

Name: *

Email: *

Verification: *