Question 1

Who would be BEST suited to mitigate on a daily basis the risk related to development and operations practices in a public cloud?

Options :

A : Risk management team

B : DevOps team

C : Internal audit team

D : Cloud infrastructure team

Answer: B

Question 2

When capturing compliance objectives within an organization’s cloud policy, it is MOST important for stakeholders to:

Options :

A : take into consideration the organization’s risk appetite

B : measure the operating effectiveness of existing controls.

C : seek input from external subject matter experts.

D : follow a structured decision-making process.

Answer: A

Question 3

Cloud Controls Matrix (CCM) controls can be used by cloud customers to:

Options :

A : develop new security baselines for the industry.

B : define different control frameworks for different cloud service providers.

C : facilitate communication with their legal department.

D : build an operational cloud risk management program.

Answer: D

Question 4

When mapping controls to architectural implementations, requirements define:

Options :

A : control objectives.

B : control activities.

C : guidelines.

D : policies.

Answer: B

Question 5

What data center and physical security measures should a cloud customer consider when assessing a cloud service provider?

Options :

A : Assess use of monitoring systems to control ingress and egress points of entry to the data center

B : Implement physical security perimeters to safeguard personnel, data and information systems.

C : Conduct a due diligence to verify the cloud provider applies adequate physical security measures.

D : Review internal policies and procedures for relocation of hardware and software to an offsite location

Answer: C