Question 1

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

Options :

A : CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.

B : CCM has a set of security questions, whereas CAIQ has a set of security controls.

C : CCM has 14 domains and CAIQ has 16 domains.

D : CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Answer: D

Question 2

What should be an organization’s control audit schedule of a cloud service provider’s business continuity plan and operational resilience policy?

Options :

A : Annual

B : Quarterly

C : Monthly

D : Semi-annual

Answer: A

Question 3

Supply chain agreements between a cloud service provider and cloud customers should, at a minimum, include:

Options :

A : Organization chart of the CSP

B : Policies and procedures of the cloud customer

C : Audits, assessments and independent verification of compliance certifications with agreement terms

D : Regulatory guidelines impacting the cloud customer

Answer: C

Question 4

The Cloud Octagon Model was developed to support organizations:

Options :

A : risk assessment methodology

B : risk treatment methodology.

C : incident response methodology.

D : incident detection methodology.

Answer: A

Question 5

A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel. Which access control method will allow IT personnel to be segregated across the various locations?

Options :

A : Role Based Access Control

B : Attribute Based Access Control

C : Policy Based Access Control

D : Rule Based Access Control

Answer: A