An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?

• A.Public
• B.Cloud service provider
• C.Shareholders/interested parties
• D.Management of organization being audited

Comment: *

Name: *

Email: *

Verification: *

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

• A.Determine the impact on the physical and environmental security of the organization, excluding informational assets.
• B.Determine the impact on confidentiality, integrity and availability of the information system.
• C.Determine the impact on the controls that were selected by the organization to respond to identified risks.
• D.Determine the impact on the financial, operational, compliance and reputation of the organization.

Comment: *

Name: *

Email: *

Verification: *

In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

• A.Cloud service customer
• B.Cloud service provider
• C.Patching on hypervisor layer is not required
• D.Shared responsibility

Comment: *

Name: *

Email: *

Verification: *

An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives Which of the following findings should be the IS auditor's GREATEST concern?

• A.The business continuity plan (BCP) was not updated.
• B.Mobile devices are not encrypted.
• C.Users are not required to sign updated acceptable
• D.Users have not been trained on the new system.

Comment: *

Name: *

Email: *

Verification: *

Which of the following cloud models prohibits penetration testing?

• A.Community Cloud
• B.Hybrid Cloud
• C.Public Cloud
• D.Private Cloud

Comment: *

Name: *

Email: *

Verification: *