APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

• A.True
• B.False

Comment: *

Name: *

Email: *

Verification: *

Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

• A.Cloud Access and Security Brokers (CASB)
• B.Database Activity Monitoring
• C.Intrusion Prevention System
• D.Data Loss Prevention
• E.URL filters

Comment: *

Name: *

Email: *

Verification: *

Which data security control is the LEAST likely to be assigned to an IaaSprovider?

• A.Encryption solutions
• B.Access controls
• C.Physical destruction
• D.Asset management and tracking
• E.Application logic

Comment: *

Name: *

Email: *

Verification: *

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

• A.CCM has 14 domains and CAIQ has 16 domains.
• B.CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.
• C.CCM has a set of security questions, whereas CAIQ has a set of security controls.
• D.CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.

Comment: *

Name: *

Email: *

Verification: *

A CSP providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?

• A.ISO/IEC 27001:2013 Certification
• B.FedRAMP Authorization
• C.CSA STAR Level Certificate
• D.Multi-Tier Cloud Security (MTCS) Attestation

Comment: *

Name: *

Email: *

Verification: *