Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed.
Assuming that the situation is communicated in the cloud audit report which course of action is MOST relevant?

• A.Focusing on auditing high-risk areas
• B.Testing the adequacy of cloud controls design
• C.Testing the operational effectiveness of cloud controls
• D.Relying on management testing of cloud controls

Comment: *

Name: *

Email: *

Verification: *

When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?

• A.To determine the total cost of the cloud services to be deployed
• B.To confirm which vendor will be selected based on the compliance with security requirements
• C.To confirm if the compensating controls implemented are sufficient for the cloud
• D.To determine how those services will fit within its policies and procedures

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the MOST critical finding of an application security and DevOps audit?

• A.The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.
• B.Application architecture and configurations did not consider security measures.
• C.Certifications with global security standards specific to cloud are not reviewed and the impact of noted findings are not assessed.
• D.Outsourced cloud service interruption, breach or loss of data stored at the cloud service provider.

Comment: *

Name: *

Email: *

Verification: *

Which concept provides the abstraction needed for resource pools?

• A.Virtualization
• B.Metastructure
• C.Applistructure
• D.Orchestration
• E.Hypervisor

Comment: *

Name: *

Email: *

Verification: *

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

• A.Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
• B.Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
• C.Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
• D.Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.

Comment: *

Name: *

Email: *

Verification: *