Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?

CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients. Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s cloud

In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

CCM: The following list of controls belong to which domain of the CCM? GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework

What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?

Sending data to a provider’s storage over an API is likely as much more reliable and secure than setting up your own SFTP server on a VM in the same provider

Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

CCM: In the CCM tool, a _____________________ is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

What is true of companies considering a cloud computing business relationship?

Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?