To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Some new sample questions:
Question:
Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public Software as a Service (SaaS) application to ease the recruiting process?
A. Implement a cloud access security broker (CASB).
B. Do not allow data to be in clear text.
C. Ensure HIPAA compliance.
D. Consult the legal department.
Question:
Which of the following configuration change controls is acceptable to a cloud auditor?
A. Programmers have permanent access to production software.
B. Programmers cannot make uncontrolled changes to the source code production version.
C. Development, test, and production are hosted in the same network environment.
D. The head of development approves changes requested to production.
Question:
Account design in the cloud should be driven by:
A. business continuity policies.
B. security requirements.
C. management structure.
D. organizational structure.
Question:
To ensure that compliance obligations for data residency in the cloud are aligned with an organization’s risk appetite, which of the following activities is MOST important to perform?
A. Manage compliance obligations through a structured risk management process.
B. Communicate the organization’s risk appetite across cloud service providers.
C. Perform a cloud vendor assessment every time there is a change to data flows.
D. Develop risk metrics to show how the organization is meeting the obligations.
………
Some new questions:
Q
If a customer management interface is compromised over the public Internet, it can lead to:
A. incomplete wiping of the data.
B. computing and data compromise for customers.
C. ease of acquisition of cloud services.
D. access to the RAM of neighboring cloud computers.
Q
Which of the following is an example of a corrective control?
A. A central antivirus system installing the latest signature files before allowing a connection to the network
B. All new employees having standard access rights until their manager approves privileged rights
C. Unsuccessful access attempts being automatically logged for investigation
D. Privileged access to critical information systems requiring a second factor of authentication using a soft token
Q
During the cloud service provider evaluation process, which of the following BEST helps identify baseline configuration requirements?
A. Vendor requirements
B. Product benchmarks
C. Benchmark controls lists
D. Contract terms and conditions
Q
Which of the following is MOST useful for an auditor to review when seeking visibility into the cloud supply chain for a newly acquired Software as a Service (SaaS) solution?
A. SaaS provider contract
B. Payments made by the service owner
C. SaaS vendor white papers
D. Cloud compliance obligations register
Q
Which of the following is the BEST method to demonstrate assurance in the cloud services to multiple cloud customers?
A. Provider’s financial stability report and market value
B. Reputation of the service provider in the industry
C. Provider self-assessment and technical documents
D. External attestation and certification audit reports
……..