Certificate of Cloud Auditing Knowledge v1.0

Page:    1 / 16   
Exam contains 229 questions
Expand All

Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?

  • A. Audit committee
  • B. Compliance manager
  • C. IT manager
  • D. Senior management


Answer : D

An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP). What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?

  • A. Review third-party audit reports.
  • B. Review CSP’s published questionnaires.
  • C. Directly audit the CSP.
  • D. Send supplier questionnaire to the CSP.


Answer : B

What areas should be reviewed when auditing a public cloud?

  • A. Patching, source code reviews, hypervisor, access controls
  • B. Identity and access management, data protection
  • C. Patching, configuration, hypervisor, backups
  • D. Vulnerability management, cyber security reviews, patching


Answer : B

Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?

  • A. Cloud process owners
  • B. Internal control function
  • C. Legal functions
  • D. Cloud strategy owners


Answer : A

Which of the following CSP activities requires a client’s approval?

  • A. Delete the guest account or test accounts
  • B. Delete the master account or subscription owner accounts
  • C. Delete the guest account or destroy test data
  • D. Delete the test accounts or destroy test data


Answer : D

A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?

  • A. Purpose
  • B. Objectives
  • C. Nature of relationship
  • D. Scope


Answer : B

An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

  • A. ISO/IEC 27701
  • B. ISO/IEC 22301
  • C. ISO/IEC 27002
  • D. ISO/IEC 27017


Answer : D

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?

  • A. Use of an established standard/regulation to map controls and use as the audit criteria
  • B. For efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment
  • C. As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
  • D. Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage


Answer : A

Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?

  • A. SOC3 - Type2
  • B. Cloud Control Matrix (CCM)
  • C. SOC2 - Type1
  • D. SOC1 - Type1


Answer : C

Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?

  • A. Mitigations
  • B. Residual risk
  • C. Likelihood
  • D. Impact Analysis


Answer : D

When using a SaaS solution, who is responsible for application security?

  • A. The cloud service provider only
  • B. The cloud service consumer only
  • C. Both cloud consumer and the enterprise
  • D. Both cloud provider and the consumer


Answer : A

Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

  • A. Aligning the cloud service delivery with the organization’s objective
  • B. Aligning the cloud provider’s SLA with the organization’s policy
  • C. Aligning shared responsibilities between provider and customer
  • D. Aligning the organization’s activity with the cloud provider’s policy


Answer : A

What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?

  • A. Access controls
  • B. Vulnerability management
  • C. Source code reviews
  • D. Patching


Answer : A

The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

  • A. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance
  • B. CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
  • C. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control
  • D. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous


Answer : D

Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?

  • A. Use often, provide many times
  • B. Be economical, act deliberately
  • C. Use existing, provide many times
  • D. Do once, use many times


Answer : D

Page:    1 / 16   
Exam contains 229 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy