لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP). What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?
A. eview third-party audit reports
B. eview CSP?s published questionnaires
C. irectly audit the CSP
D. end supplier questionnaire to the CSP
عرض الإجابة
اجابة صحيحة: B
السؤال #2
What areas should be reviewed when auditing a public cloud?
A. atching, source code reviews, hypervisor, access controls
B. dentity and access management, data protection
C. atching, configuration, hypervisor, backups
D. ulnerability management, cyber security reviews, patching
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?
A. loud process owners
B. nternal control function
C. egal functions
D. loud strategy owners
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following CSP activities requires a client’s approval?
A. elete the guest account or test accounts
B. elete the master account or subscription owner accounts
C. elete the guest account or destroy test data
D. elete the test accounts or destroy test data
عرض الإجابة
اجابة صحيحة: D
السؤال #5
A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?
A. urpose
B. bjectives
C. ature of relationship
D. cope
عرض الإجابة
اجابة صحيحة: B
السؤال #6
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?
A. SO/IEC 27701
B. SO/IEC 22301
C. SO/IEC 27002
D. SO/IEC 27017
عرض الإجابة
اجابة صحيحة: D
السؤال #7
An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
A. se of an established standard/regulation to map controls and use as the audit criteria
B. or efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment
C. s this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes
D. evelopment of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
A. OC3 - Type2
B. loud Control Matrix (CCM)
C. OC2 - Type1
D. OC1 - Type1
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?
A. itigations
B. esidual risk
C. ikelihood
D. mpact Analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #10
When using a SaaS solution, who is responsible for application security?
A. he cloud service provider only
B. he cloud service consumer only
C. oth cloud consumer and the enterprise
D. oth cloud provider and the consumer
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?
A. ligning the cloud service delivery with the organization’s objective
B. ligning the cloud provider’s SLA with the organization’s policy
C. ligning shared responsibilities between provider and customer
D. ligning the organization’s activity with the cloud provider’s policy
عرض الإجابة
اجابة صحيحة: A
السؤال #12
What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?
A. ccess controls
B. ulnerability management
C. ource code reviews
D. atching
عرض الإجابة
اجابة صحيحة: A
السؤال #13
The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:
A. SA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance
B. SA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
C. SA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control
D. SA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?
A. se often, provide many times
B. e economical, act deliberately
C. se existing, provide many times
D. o once, use many times
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?
A. ompliance risk
B. rovider administration risk
C. udit risk
D. irtualization risk
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?
A. o
B. es
C. es
D. o
عرض الإجابة
اجابة صحيحة: C
السؤال #17
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?
A. eview the CSP audit reports
B. eview the security white paper of the CSP
C. eview the contract and DR capability
D. lan an audit of the CSP
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public SaaS application to ease the recruiting process?
A. nsure HIPAA compliance
B. mplement a cloud access security broker
C. onsult the legal department
D. o not allow data to be in cleratext
عرض الإجابة
اجابة صحيحة: B
السؤال #19
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
A. ervice Provider control
B. mpact and Risk control
C. ata Inventory control
D. ompliance control
عرض الإجابة
اجابة صحيحة: A
السؤال #20
What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?
A. nlike SAST, DAST is a blackbox and programming language agnostic
B. AST can dynamically integrate with most CI/CD tools
C. AST delivers more false positives than SAST
D. AST is slower but thorough
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to other international standards and regulations?
A. CM mapping entitles cloud service providers to be listed as an approved supplier for tenders and government contracts
B. CM mapping enables cloud service providers and customers alike to streamline their own compliance and security efforts
C. CM mapping enables an uninterrupted data flow and, in particular, the export of personal data across different jurisdictions
D. CM mapping entitles cloud service providers to be certified under the CSA STAR program
عرض الإجابة
اجابة صحيحة: B
السؤال #22
The criteria for limiting services allowing non-critical services or services requiring high availability and resilience to be moved to the cloud is an important consideration to be included PRIMARILY in the:
A. isk management policy
B. loud policy
C. usiness continuity plan
D. nformation security standard for cloud technologies
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?
A. esign
B. takeholder identification
C. evelopment
D. isk assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #24
Customer management interface, if compromised over public internet, can lead to:
A. ustomer’s computing and data compromise
B. ccess to the RAM of neighboring cloud computer
C. ase of acquisition of cloud services
D. ncomplete wiping of the data
عرض الإجابة
اجابة صحيحة: A
السؤال #25
To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:
A. bject-oriented architecture
B. oftware architecture
C. ervice-oriented architecture
D. nterprise architecture
عرض الإجابة
اجابة صحيحة: C
السؤال #26
How should controls be designed by an organization?
A. y the internal audit team
B. sing the ISO27001 framework
C. y the cloud provider
D. sing the organization’s risk management framework
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system?
A. ervice Level Objective (SLO)
B. ecovery Point Objectives (RPO)
C. ervice Level Agreement (SLA)
D. ecovery Time Objectives (RTO)
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?
A. OC 3
B. OC 2, TYPE 2
C. OC 1
D. OC 2, TYPE 1
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which of the following activities are part of the implementation phase of a cloud assurance program during a cloud migration?
A. evelopment of the monitoring goals and requirements
B. dentification of processes, functions, and systems
C. dentification of the relevant laws, regulations, and standards
D. dentification of roles and responsibilities
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Which of the following would be considered as a factor to trust in a cloud service provider?
A. he level of exposure for public information
B. he level of proved technical skills
C. he level of willingness to cooperate
D. he level of open source evidence available
عرض الإجابة
اجابة صحيحة: C
السؤال #31
When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?
A. loud Service Provider encryption capabilities
B. he presence of PII
C. rganizational security policies
D. ost-benefit analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #32
A certification target helps in the formation of a continuous certification framework by incorporating:
A. SA STAR level 2 attestation
B. ervice level objective and service qualitative objective
C. requency of evaluating security attributes
D. cope description and security attributes to be tested
عرض الإجابة
اجابة صحيحة: B
السؤال #33
In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?
A. loud service customer
B. hared responsibility
C. loud service provider
D. atching on hypervisor layer is not required
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Supply chain agreements between CSP and cloud customers should, at minimum, include:
A. rganization chart of the CSP
B. olicies and procedures of the cloud customer
C. udits, assessments and independent verification of compliance certifications with agreement terms
D. egulatory guidelines impacting the cloud customer
عرض الإجابة
اجابة صحيحة: C
السؤال #35
Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?
A. rag and Drop
B. ift and shift
C. lexibility to move
D. ransition and data portability
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Which of the following is a cloud-native solution designed to counter threats that do not exist within the enterprise?
A. olicy based access control
B. ttribute based access control
C. ule based access control
D. ole based access control
عرض الإجابة
اجابة صحيحة: C
السؤال #37
The Cloud Octagon Model was developed to support organizations:
A. isk assessment methodology
B. isk treatment methodology
C. ncident response methodology
D. ncident detection methodology
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: