The criteria for limiting services allowing non-critical services or services requiring high availability and resilience to be moved to the cloud is an important consideration to be included PRIMARILY in the:

• A.information security standard for cloud technologies.
• B.risk management policy.
• C.business continuity plan.
• D.cloud policy.

Comment: *

Name: *

Email: *

Verification: *

Supply chain agreements between CSP and cloud customers should, at minimum, include:

• A.Audits, assessments and independent verification of compliance certifications with agreement terms
• B.Organization chart of the CSP
• C.Regulatory guidelines impacting the cloud customer
• D.Policies and procedures of the cloud customer

Comment: *

Name: *

Email: *

Verification: *

ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

• A.Audit or certification not available to customers
• B.Unclear asset ownership
• C.Lack of information onjurisdictions
• D.No source escrow agreement
• E.Lack of completeness and transparency in terms of use

Comment: *

Name: *

Email: *

Verification: *

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?

• A.Implement ISO/IEC 27002 and complement it with additional controls from the CCM.
• B.Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.
• C.Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.
• D.Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be considered as a factor to trust in a cloud service provider?

• A.The level of exposure for public information
• B.The level of willingness to cooperate
• C.The level of proved technical skills
• D.The level of open source evidence available

Comment: *

Name: *

Email: *

Verification: *