Question 1

In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?

Options :

A : Service Provider control

B : Impact and Risk control

C : Data Inventory control

D : Compliance control

Answer: A

Question 2

Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to other international standards and regulations?

Options :

A :

CCM mapping entitles cloud service providers to be listed as an approved supplier for tenders and government contracts

B :

CCM mapping enables cloud service providers and customers alike to streamline their own compliance and security efforts.

C :

CCM mapping enables an uninterrupted data flow and, in particular, the export of personal data across different jurisdictions

D : CCM mapping entitles cloud service providers to be certified under the CSA STAR program

Answer: B

Question 3

To ensure integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?

Options :

A : Parallel testing

B : Full application stack unit testing

C : Regression testing

D : Functional verification

Answer: C

Question 4

Which of the following cloud models prohibits penetration testing?

Options :

A : Hybrid Cloud

B : Private Cloud

C : Public Cloud

D : Community Cloud

Answer: B

Question 5

Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

Options :

A : Design

B : Stakeholder identification

C : Development

D : Risk assessment

Answer: C