{"id":37868,"date":"2022-04-04T05:49:56","date_gmt":"2022-04-04T05:49:56","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=37868"},"modified":"2025-09-22T06:39:21","modified_gmt":"2025-09-22T06:39:21","slug":"updated-ccak-dumps-questions-2022-pass-isaca-ccak-exam","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/updated-ccak-dumps-questions-2022-pass-isaca-ccak-exam.html","title":{"rendered":"Updated CCAK Dumps Questions [2022] Pass ISACA CCAK Exam"},"content":{"rendered":"\r\n<p>For better preparing CCAK Certificate of Cloud Auditing Knowledge certification exam, you can choose the most updated CCAK dumps questions of DumpsBase. DumpsBase gives 100% success guarantee on updated CCAK dumps questions. With CCAK updated dumps questions and verified answers, you can pass Certificate of Cloud Auditing Knowledge (CCAK) exam in the first attempt. Process your preparation with CCAK exam dumps and get superb preparation and know the fundamentals on the preparation that will aid you to be a Certificate of Cloud Auditing Knowledge (CCAK) certified.<\/p>\r\n<h2><em><span style=\"background-color: #ff9900;\">Check CCAK Free Dumps<\/span><\/em> To Verify The Updated CCAK Dumps Questions<\/h2>\r\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam6167\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-6167\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-6167\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-213830'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='213830' \/><input type='hidden' id='answerType213830' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213830[]' id='answer-id-852381' class='answer   answerof-213830 ' value='852381'   \/><label for='answer-id-852381' id='answer-label-852381' class=' answer'><span>SOC3 - Type2<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213830[]' id='answer-id-852382' class='answer   answerof-213830 ' value='852382'   \/><label for='answer-id-852382' id='answer-label-852382' class=' answer'><span>Cloud Control Matrix (CCM)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213830[]' id='answer-id-852383' class='answer   answerof-213830 ' value='852383'   \/><label for='answer-id-852383' id='answer-label-852383' class=' answer'><span>SOC2 - Type1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213830[]' id='answer-id-852384' class='answer   answerof-213830 ' value='852384'   \/><label for='answer-id-852384' id='answer-label-852384' class=' answer'><span>SOC1 - Type1<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-213831'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='213831' \/><input type='hidden' id='answerType213831' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213831[]' id='answer-id-852385' class='answer   answerof-213831 ' value='852385'   \/><label for='answer-id-852385' id='answer-label-852385' class=' answer'><span>Compliance risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213831[]' id='answer-id-852386' class='answer   answerof-213831 ' value='852386'   \/><label for='answer-id-852386' id='answer-label-852386' class=' answer'><span>Provider administration risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213831[]' id='answer-id-852387' class='answer   answerof-213831 ' value='852387'   \/><label for='answer-id-852387' id='answer-label-852387' class=' answer'><span>Audit risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213831[]' id='answer-id-852388' class='answer   answerof-213831 ' value='852388'   \/><label for='answer-id-852388' id='answer-label-852388' class=' answer'><span>Virtualization risk<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-213832'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>Which of the following CSP activities requires a client\u2019s approval?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='213832' \/><input type='hidden' id='answerType213832' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213832[]' id='answer-id-852389' class='answer   answerof-213832 ' value='852389'   \/><label for='answer-id-852389' id='answer-label-852389' class=' answer'><span>Delete the guest account or test accounts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213832[]' id='answer-id-852390' class='answer   answerof-213832 ' value='852390'   \/><label for='answer-id-852390' id='answer-label-852390' class=' answer'><span>Delete the master account or subscription owner accounts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213832[]' id='answer-id-852391' class='answer   answerof-213832 ' value='852391'   \/><label for='answer-id-852391' id='answer-label-852391' class=' answer'><span>Delete the guest account or destroy test data<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213832[]' id='answer-id-852392' class='answer   answerof-213832 ' value='852392'   \/><label for='answer-id-852392' id='answer-label-852392' class=' answer'><span>Delete the test accounts or destroy test data<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-213833'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='213833' \/><input type='hidden' id='answerType213833' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213833[]' id='answer-id-852393' class='answer   answerof-213833 ' value='852393'   \/><label for='answer-id-852393' id='answer-label-852393' class=' answer'><span>Cloud compliance program<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213833[]' id='answer-id-852394' class='answer   answerof-213833 ' value='852394'   \/><label for='answer-id-852394' id='answer-label-852394' class=' answer'><span>Legacy IT compliance program<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213833[]' id='answer-id-852395' class='answer   answerof-213833 ' value='852395'   \/><label for='answer-id-852395' id='answer-label-852395' class=' answer'><span>Internal audit program<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213833[]' id='answer-id-852396' class='answer   answerof-213833 ' value='852396'   \/><label for='answer-id-852396' id='answer-label-852396' class=' answer'><span>Service organization controls report<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-213834'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization\u2019s DevOps pipeline?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='213834' \/><input type='hidden' id='answerType213834' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213834[]' id='answer-id-852397' class='answer   answerof-213834 ' value='852397'   \/><label for='answer-id-852397' id='answer-label-852397' class=' answer'><span>Verify the inclusion of security gates in the pipeline.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213834[]' id='answer-id-852398' class='answer   answerof-213834 ' value='852398'   \/><label for='answer-id-852398' id='answer-label-852398' class=' answer'><span>Conduct an architectural assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213834[]' id='answer-id-852399' class='answer   answerof-213834 ' value='852399'   \/><label for='answer-id-852399' id='answer-label-852399' class=' answer'><span>Review the CI\/CD pipeline audit logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213834[]' id='answer-id-852400' class='answer   answerof-213834 ' value='852400'   \/><label for='answer-id-852400' id='answer-label-852400' class=' answer'><span>Verify separation of development and production pipelines.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-213835'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>Which of the following is an example of integrity technical impact?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='213835' \/><input type='hidden' id='answerType213835' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213835[]' id='answer-id-852401' class='answer   answerof-213835 ' value='852401'   \/><label for='answer-id-852401' id='answer-label-852401' class=' answer'><span>The cloud provider reports a breach of customer personal data from an unsecured server.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213835[]' id='answer-id-852402' class='answer   answerof-213835 ' value='852402'   \/><label for='answer-id-852402' id='answer-label-852402' class=' answer'><span>A hacker using a stolen administrator identity alerts the discount percentage in the product database.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213835[]' id='answer-id-852403' class='answer   answerof-213835 ' value='852403'   \/><label for='answer-id-852403' id='answer-label-852403' class=' answer'><span>A DDoS attack renders the customer\u2019s cloud inaccessible for 24 hours.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213835[]' id='answer-id-852404' class='answer   answerof-213835 ' value='852404'   \/><label for='answer-id-852404' id='answer-label-852404' class=' answer'><span>An administrator inadvertently click on Phish bait exposing his company to a ransomware attack.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-213836'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>Which of the following parties should have accountability for cloud compliance requirements?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='213836' \/><input type='hidden' id='answerType213836' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213836[]' id='answer-id-852405' class='answer   answerof-213836 ' value='852405'   \/><label for='answer-id-852405' id='answer-label-852405' class=' answer'><span>Customer<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213836[]' id='answer-id-852406' class='answer   answerof-213836 ' value='852406'   \/><label for='answer-id-852406' id='answer-label-852406' class=' answer'><span>Equally shared between customer and provider<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213836[]' id='answer-id-852407' class='answer   answerof-213836 ' value='852407'   \/><label for='answer-id-852407' id='answer-label-852407' class=' answer'><span>Provider<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213836[]' id='answer-id-852408' class='answer   answerof-213836 ' value='852408'   \/><label for='answer-id-852408' id='answer-label-852408' class=' answer'><span>Either customer or provider, depending on requirements<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-213837'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>SAST testing is performed by:<\/div><input type='hidden' name='question_id[]' id='qID_8' value='213837' \/><input type='hidden' id='answerType213837' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213837[]' id='answer-id-852409' class='answer   answerof-213837 ' value='852409'   \/><label for='answer-id-852409' id='answer-label-852409' class=' answer'><span>scanning the application source code.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213837[]' id='answer-id-852410' class='answer   answerof-213837 ' value='852410'   \/><label for='answer-id-852410' id='answer-label-852410' class=' answer'><span>scanning the application interface.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213837[]' id='answer-id-852411' class='answer   answerof-213837 ' value='852411'   \/><label for='answer-id-852411' id='answer-label-852411' class=' answer'><span>scanning all infrastructure components.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213837[]' id='answer-id-852412' class='answer   answerof-213837 ' value='852412'   \/><label for='answer-id-852412' id='answer-label-852412' class=' answer'><span>performing manual actions to gain control of the application.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-213838'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>Under GDPR, an organization should report a data breach within what time frame?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='213838' \/><input type='hidden' id='answerType213838' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213838[]' id='answer-id-852413' class='answer   answerof-213838 ' value='852413'   \/><label for='answer-id-852413' id='answer-label-852413' class=' answer'><span>72 hours<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213838[]' id='answer-id-852414' class='answer   answerof-213838 ' value='852414'   \/><label for='answer-id-852414' id='answer-label-852414' class=' answer'><span>2 weeks<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213838[]' id='answer-id-852415' class='answer   answerof-213838 ' value='852415'   \/><label for='answer-id-852415' id='answer-label-852415' class=' answer'><span>1 week<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213838[]' id='answer-id-852416' class='answer   answerof-213838 ' value='852416'   \/><label for='answer-id-852416' id='answer-label-852416' class=' answer'><span>48 hours<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-213839'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='213839' \/><input type='hidden' id='answerType213839' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213839[]' id='answer-id-852417' class='answer   answerof-213839 ' value='852417'   \/><label for='answer-id-852417' id='answer-label-852417' class=' answer'><span>Cloud Service Provider encryption capabilities<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213839[]' id='answer-id-852418' class='answer   answerof-213839 ' value='852418'   \/><label for='answer-id-852418' id='answer-label-852418' class=' answer'><span>The presence of PII<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213839[]' id='answer-id-852419' class='answer   answerof-213839 ' value='852419'   \/><label for='answer-id-852419' id='answer-label-852419' class=' answer'><span>Organizational security policies<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213839[]' id='answer-id-852420' class='answer   answerof-213839 ' value='852420'   \/><label for='answer-id-852420' id='answer-label-852420' class=' answer'><span>Cost-benefit analysis<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-213840'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>Which of the following is the BEST recommendation to offer an organization\u2019s HR department planning to adopt a new public SaaS application to ease the recruiting process?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='213840' \/><input type='hidden' id='answerType213840' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213840[]' id='answer-id-852421' class='answer   answerof-213840 ' value='852421'   \/><label for='answer-id-852421' id='answer-label-852421' class=' answer'><span>Ensure HIPAA compliance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213840[]' id='answer-id-852422' class='answer   answerof-213840 ' value='852422'   \/><label for='answer-id-852422' id='answer-label-852422' class=' answer'><span>Implement a cloud access security broker<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213840[]' id='answer-id-852423' class='answer   answerof-213840 ' value='852423'   \/><label for='answer-id-852423' id='answer-label-852423' class=' answer'><span>Consult the legal department<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213840[]' id='answer-id-852424' class='answer   answerof-213840 ' value='852424'   \/><label for='answer-id-852424' id='answer-label-852424' class=' answer'><span>Do not allow data to be in cleratext<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-213841'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>Which of the following configuration change controls is acceptable to a cloud auditor?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='213841' \/><input type='hidden' id='answerType213841' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213841[]' id='answer-id-852425' class='answer   answerof-213841 ' value='852425'   \/><label for='answer-id-852425' id='answer-label-852425' class=' answer'><span>Development, test and production are hosted in the same network environment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213841[]' id='answer-id-852426' class='answer   answerof-213841 ' value='852426'   \/><label for='answer-id-852426' id='answer-label-852426' class=' answer'><span>Programmers have permanent access to production software.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213841[]' id='answer-id-852427' class='answer   answerof-213841 ' value='852427'   \/><label for='answer-id-852427' id='answer-label-852427' class=' answer'><span>The Head of Development approves changes requested to production.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213841[]' id='answer-id-852428' class='answer   answerof-213841 ' value='852428'   \/><label for='answer-id-852428' id='answer-label-852428' class=' answer'><span>Programmers cannot make uncontrolled changes to the source code production version.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-213842'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>What type of termination occurs at the initiative of one party, and without the fault of the other party?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='213842' \/><input type='hidden' id='answerType213842' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213842[]' id='answer-id-852429' class='answer   answerof-213842 ' value='852429'   \/><label for='answer-id-852429' id='answer-label-852429' class=' answer'><span>Termination for cause<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213842[]' id='answer-id-852430' class='answer   answerof-213842 ' value='852430'   \/><label for='answer-id-852430' id='answer-label-852430' class=' answer'><span>Termination for convenience<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213842[]' id='answer-id-852431' class='answer   answerof-213842 ' value='852431'   \/><label for='answer-id-852431' id='answer-label-852431' class=' answer'><span>Termination at the end of the term<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213842[]' id='answer-id-852432' class='answer   answerof-213842 ' value='852432'   \/><label for='answer-id-852432' id='answer-label-852432' class=' answer'><span>Termination without the fault<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-213843'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization\u2019s architecture? The threat model:<\/div><input type='hidden' name='question_id[]' id='qID_14' value='213843' \/><input type='hidden' id='answerType213843' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213843[]' id='answer-id-852433' class='answer   answerof-213843 ' value='852433'   \/><label for='answer-id-852433' id='answer-label-852433' class=' answer'><span>recognizes the shared responsibility for risk management between the customer and the CS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213843[]' id='answer-id-852434' class='answer   answerof-213843 ' value='852434'   \/><label for='answer-id-852434' id='answer-label-852434' class=' answer'><span>leverages SaaS threat models developed by peer organizations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213843[]' id='answer-id-852435' class='answer   answerof-213843 ' value='852435'   \/><label for='answer-id-852435' id='answer-label-852435' class=' answer'><span>is developed by an independent third-party with expertise in the organization\u2019s industry sector.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213843[]' id='answer-id-852436' class='answer   answerof-213843 ' value='852436'   \/><label for='answer-id-852436' id='answer-label-852436' class=' answer'><span>considers the loss of visibility and control from transitioning to the cloud.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-213844'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='213844' \/><input type='hidden' id='answerType213844' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213844[]' id='answer-id-852437' class='answer   answerof-213844 ' value='852437'   \/><label for='answer-id-852437' id='answer-label-852437' class=' answer'><span>Parallel testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213844[]' id='answer-id-852438' class='answer   answerof-213844 ' value='852438'   \/><label for='answer-id-852438' id='answer-label-852438' class=' answer'><span>Full application stack unit testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213844[]' id='answer-id-852439' class='answer   answerof-213844 ' value='852439'   \/><label for='answer-id-852439' id='answer-label-852439' class=' answer'><span>Regression testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213844[]' id='answer-id-852440' class='answer   answerof-213844 ' value='852440'   \/><label for='answer-id-852440' id='answer-label-852440' class=' answer'><span>Functional verification<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-213845'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>Which of the following would be considered as a factor to trust in a cloud service provider?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='213845' \/><input type='hidden' id='answerType213845' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213845[]' id='answer-id-852441' class='answer   answerof-213845 ' value='852441'   \/><label for='answer-id-852441' id='answer-label-852441' class=' answer'><span>The level of exposure for public information<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213845[]' id='answer-id-852442' class='answer   answerof-213845 ' value='852442'   \/><label for='answer-id-852442' id='answer-label-852442' class=' answer'><span>The level of proved technical skills<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213845[]' id='answer-id-852443' class='answer   answerof-213845 ' value='852443'   \/><label for='answer-id-852443' id='answer-label-852443' class=' answer'><span>The level of willingness to cooperate<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213845[]' id='answer-id-852444' class='answer   answerof-213845 ' value='852444'   \/><label for='answer-id-852444' id='answer-label-852444' class=' answer'><span>The level of open source evidence available<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-213846'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>An auditor is performing an audit on behalf of a cloud customer. <br \/>\r<br>For assessing security awareness, the auditor should:<\/div><input type='hidden' name='question_id[]' id='qID_17' value='213846' \/><input type='hidden' id='answerType213846' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213846[]' id='answer-id-852445' class='answer   answerof-213846 ' value='852445'   \/><label for='answer-id-852445' id='answer-label-852445' class=' answer'><span>assess the existence and adequacy of a security awareness training program at the cloud service provider\u2019s organization as the cloud customer hired the auditor to review and cloud service.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213846[]' id='answer-id-852446' class='answer   answerof-213846 ' value='852446'   \/><label for='answer-id-852446' id='answer-label-852446' class=' answer'><span>assess the existence and adequacy of a security awareness training program at both the cloud customer\u2019s organization and the cloud service provider\u2019s organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213846[]' id='answer-id-852447' class='answer   answerof-213846 ' value='852447'   \/><label for='answer-id-852447' id='answer-label-852447' class=' answer'><span>assess the existence and adequacy of a security awareness training program at the cloud customer\u2019s organization as they hired the auditor.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213846[]' id='answer-id-852448' class='answer   answerof-213846 ' value='852448'   \/><label for='answer-id-852448' id='answer-label-852448' class=' answer'><span>not assess the security awareness training program as it is each organization\u2019s responsibility<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-213847'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. <br \/>\r<br>Given this discovery, what should be the most appropriate action for the auditor to perform?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='213847' \/><input type='hidden' id='answerType213847' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213847[]' id='answer-id-852449' class='answer   answerof-213847 ' value='852449'   \/><label for='answer-id-852449' id='answer-label-852449' class=' answer'><span>Highlighting the gap to the audit sponsor at the sponsor\u2019s earliest possible availability<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213847[]' id='answer-id-852450' class='answer   answerof-213847 ' value='852450'   \/><label for='answer-id-852450' id='answer-label-852450' class=' answer'><span>Asking the organization\u2019s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213847[]' id='answer-id-852451' class='answer   answerof-213847 ' value='852451'   \/><label for='answer-id-852451' id='answer-label-852451' class=' answer'><span>Documenting the finding in the audit report and sharing the gap with the relevant stakeholders<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213847[]' id='answer-id-852452' class='answer   answerof-213847 ' value='852452'   \/><label for='answer-id-852452' id='answer-label-852452' class=' answer'><span>Informing the organization\u2019s internal audit manager immediately about the gap<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-213848'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. <br \/>\r<br>From the following, to whom should the auditor report the findings?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='213848' \/><input type='hidden' id='answerType213848' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213848[]' id='answer-id-852453' class='answer   answerof-213848 ' value='852453'   \/><label for='answer-id-852453' id='answer-label-852453' class=' answer'><span>Public<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213848[]' id='answer-id-852454' class='answer   answerof-213848 ' value='852454'   \/><label for='answer-id-852454' id='answer-label-852454' class=' answer'><span>Management of organization being audited<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213848[]' id='answer-id-852455' class='answer   answerof-213848 ' value='852455'   \/><label for='answer-id-852455' id='answer-label-852455' class=' answer'><span>Shareholders\/interested parties<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213848[]' id='answer-id-852456' class='answer   answerof-213848 ' value='852456'   \/><label for='answer-id-852456' id='answer-label-852456' class=' answer'><span>Cloud service provider<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-213849'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an Information Security Management System based on ISO\/IEC 27001?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='213849' \/><input type='hidden' id='answerType213849' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213849[]' id='answer-id-852457' class='answer   answerof-213849 ' value='852457'   \/><label for='answer-id-852457' id='answer-label-852457' class=' answer'><span>ISO\/IEC 27017:2015<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213849[]' id='answer-id-852458' class='answer   answerof-213849 ' value='852458'   \/><label for='answer-id-852458' id='answer-label-852458' class=' answer'><span>CSA Cloud Control Matrix (CCM)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213849[]' id='answer-id-852459' class='answer   answerof-213849 ' value='852459'   \/><label for='answer-id-852459' id='answer-label-852459' class=' answer'><span>NIST SP 800-146<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213849[]' id='answer-id-852460' class='answer   answerof-213849 ' value='852460'   \/><label for='answer-id-852460' id='answer-label-852460' class=' answer'><span>ISO\/IEC 27002<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-213850'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>Which of the following data destruction methods is the MOST effective and efficient?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='213850' \/><input type='hidden' id='answerType213850' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213850[]' id='answer-id-852461' class='answer   answerof-213850 ' value='852461'   \/><label for='answer-id-852461' id='answer-label-852461' class=' answer'><span>Crypto-shredding<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213850[]' id='answer-id-852462' class='answer   answerof-213850 ' value='852462'   \/><label for='answer-id-852462' id='answer-label-852462' class=' answer'><span>Degaussing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213850[]' id='answer-id-852463' class='answer   answerof-213850 ' value='852463'   \/><label for='answer-id-852463' id='answer-label-852463' class=' answer'><span>Multi-pass wipes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213850[]' id='answer-id-852464' class='answer   answerof-213850 ' value='852464'   \/><label for='answer-id-852464' id='answer-label-852464' class=' answer'><span>Physical destruction<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-213851'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models . <br \/>\r<br>Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='213851' \/><input type='hidden' id='answerType213851' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213851[]' id='answer-id-852465' class='answer   answerof-213851 ' value='852465'   \/><label for='answer-id-852465' id='answer-label-852465' class=' answer'><span>Use of an established standard\/regulation to map controls and use as the audit criteria<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213851[]' id='answer-id-852466' class='answer   answerof-213851 ' value='852466'   \/><label for='answer-id-852466' id='answer-label-852466' class=' answer'><span>For efficiency reasons, use of its on-premises systems\u2019 audit criteria to audit the cloud environment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213851[]' id='answer-id-852467' class='answer   answerof-213851 ' value='852467'   \/><label for='answer-id-852467' id='answer-label-852467' class=' answer'><span>As this is the initial stage, the ISO\/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213851[]' id='answer-id-852468' class='answer   answerof-213851 ' value='852468'   \/><label for='answer-id-852468' id='answer-label-852468' class=' answer'><span>Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-213852'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>The Cloud Octagon Model was developed to support organizations:<\/div><input type='hidden' name='question_id[]' id='qID_23' value='213852' \/><input type='hidden' id='answerType213852' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213852[]' id='answer-id-852469' class='answer   answerof-213852 ' value='852469'   \/><label for='answer-id-852469' id='answer-label-852469' class=' answer'><span>risk assessment methodology.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213852[]' id='answer-id-852470' class='answer   answerof-213852 ' value='852470'   \/><label for='answer-id-852470' id='answer-label-852470' class=' answer'><span>risk treatment methodology.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213852[]' id='answer-id-852471' class='answer   answerof-213852 ' value='852471'   \/><label for='answer-id-852471' id='answer-label-852471' class=' answer'><span>incident response methodology.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213852[]' id='answer-id-852472' class='answer   answerof-213852 ' value='852472'   \/><label for='answer-id-852472' id='answer-label-852472' class=' answer'><span>incident detection methodology.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-213853'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>If the degree of verification for information shared with the auditor during an audit is low, the auditor should:<\/div><input type='hidden' name='question_id[]' id='qID_24' value='213853' \/><input type='hidden' id='answerType213853' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213853[]' id='answer-id-852473' class='answer   answerof-213853 ' value='852473'   \/><label for='answer-id-852473' id='answer-label-852473' class=' answer'><span>reject the information as audit evidence.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213853[]' id='answer-id-852474' class='answer   answerof-213853 ' value='852474'   \/><label for='answer-id-852474' id='answer-label-852474' class=' answer'><span>stop evaluating the requirement altogether and review other audit areas.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213853[]' id='answer-id-852475' class='answer   answerof-213853 ' value='852475'   \/><label for='answer-id-852475' id='answer-label-852475' class=' answer'><span>delve deeper to obtain the required information to decide conclusively.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213853[]' id='answer-id-852476' class='answer   answerof-213853 ' value='852476'   \/><label for='answer-id-852476' id='answer-label-852476' class=' answer'><span>use professional judgment to determine the degree of reliance that can be placed on the information as evidence.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-213854'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>Which of the following is an example of financial business impact?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='213854' \/><input type='hidden' id='answerType213854' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213854[]' id='answer-id-852477' class='answer   answerof-213854 ' value='852477'   \/><label for='answer-id-852477' id='answer-label-852477' class=' answer'><span>A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213854[]' id='answer-id-852478' class='answer   answerof-213854 ' value='852478'   \/><label for='answer-id-852478' id='answer-label-852478' class=' answer'><span>While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213854[]' id='answer-id-852479' class='answer   answerof-213854 ' value='852479'   \/><label for='answer-id-852479' id='answer-label-852479' class=' answer'><span>A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213854[]' id='answer-id-852480' class='answer   answerof-213854 ' value='852480'   \/><label for='answer-id-852480' id='answer-label-852480' class=' answer'><span>The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-213855'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='213855' \/><input type='hidden' id='answerType213855' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213855[]' id='answer-id-852481' class='answer   answerof-213855 ' value='852481'   \/><label for='answer-id-852481' id='answer-label-852481' class=' answer'><span>Security, confidentiality, availability, privacy and processing integrity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213855[]' id='answer-id-852482' class='answer   answerof-213855 ' value='852482'   \/><label for='answer-id-852482' id='answer-label-852482' class=' answer'><span>Security, applicability, availability, privacy and processing integrity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213855[]' id='answer-id-852483' class='answer   answerof-213855 ' value='852483'   \/><label for='answer-id-852483' id='answer-label-852483' class=' answer'><span>Security, confidentiality, availability, privacy and trustworthiness<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213855[]' id='answer-id-852484' class='answer   answerof-213855 ' value='852484'   \/><label for='answer-id-852484' id='answer-label-852484' class=' answer'><span>Security, data integrity, availability, privacy and processing integrity<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-213856'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='213856' \/><input type='hidden' id='answerType213856' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213856[]' id='answer-id-852485' class='answer   answerof-213856 ' value='852485'   \/><label for='answer-id-852485' id='answer-label-852485' class=' answer'><span>Access controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213856[]' id='answer-id-852486' class='answer   answerof-213856 ' value='852486'   \/><label for='answer-id-852486' id='answer-label-852486' class=' answer'><span>Vulnerability management<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213856[]' id='answer-id-852487' class='answer   answerof-213856 ' value='852487'   \/><label for='answer-id-852487' id='answer-label-852487' class=' answer'><span>Source code reviews<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213856[]' id='answer-id-852488' class='answer   answerof-213856 ' value='852488'   \/><label for='answer-id-852488' id='answer-label-852488' class=' answer'><span>Patching<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-213857'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='213857' \/><input type='hidden' id='answerType213857' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213857[]' id='answer-id-852489' class='answer   answerof-213857 ' value='852489'   \/><label for='answer-id-852489' id='answer-label-852489' class=' answer'><span>Plan --&gt; Develop --&gt; Release<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213857[]' id='answer-id-852490' class='answer   answerof-213857 ' value='852490'   \/><label for='answer-id-852490' id='answer-label-852490' class=' answer'><span>Deploy --&gt; Monitor --&gt; Audit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213857[]' id='answer-id-852491' class='answer   answerof-213857 ' value='852491'   \/><label for='answer-id-852491' id='answer-label-852491' class=' answer'><span>Initiation --&gt; Execution --&gt; Monitoring and Controlling<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213857[]' id='answer-id-852492' class='answer   answerof-213857 ' value='852492'   \/><label for='answer-id-852492' id='answer-label-852492' class=' answer'><span>Preparation --&gt; Execution --&gt; Peer Review and Publication<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-213858'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='213858' \/><input type='hidden' id='answerType213858' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213858[]' id='answer-id-852493' class='answer   answerof-213858 ' value='852493'   \/><label for='answer-id-852493' id='answer-label-852493' class=' answer'><span>Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213858[]' id='answer-id-852494' class='answer   answerof-213858 ' value='852494'   \/><label for='answer-id-852494' id='answer-label-852494' class=' answer'><span>Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213858[]' id='answer-id-852495' class='answer   answerof-213858 ' value='852495'   \/><label for='answer-id-852495' id='answer-label-852495' class=' answer'><span>Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213858[]' id='answer-id-852496' class='answer   answerof-213858 ' value='852496'   \/><label for='answer-id-852496' id='answer-label-852496' class=' answer'><span>Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-213859'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>With regard to the Cloud Control Matrix (CCM), the \u2018Architectural Relevance\u2019 is a feature that enables the filtering of security controls by:<\/div><input type='hidden' name='question_id[]' id='qID_30' value='213859' \/><input type='hidden' id='answerType213859' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213859[]' id='answer-id-852497' class='answer   answerof-213859 ' value='852497'   \/><label for='answer-id-852497' id='answer-label-852497' class=' answer'><span>relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213859[]' id='answer-id-852498' class='answer   answerof-213859 ' value='852498'   \/><label for='answer-id-852498' id='answer-label-852498' class=' answer'><span>relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213859[]' id='answer-id-852499' class='answer   answerof-213859 ' value='852499'   \/><label for='answer-id-852499' id='answer-label-852499' class=' answer'><span>relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213859[]' id='answer-id-852500' class='answer   answerof-213859 ' value='852500'   \/><label for='answer-id-852500' id='answer-label-852500' class=' answer'><span>relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-213860'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>Which of the following contract terms is necessary to meet a company\u2019s requirement that needs to move data from one CSP to another?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='213860' \/><input type='hidden' id='answerType213860' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213860[]' id='answer-id-852501' class='answer   answerof-213860 ' value='852501'   \/><label for='answer-id-852501' id='answer-label-852501' class=' answer'><span>Drag and Drop<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213860[]' id='answer-id-852502' class='answer   answerof-213860 ' value='852502'   \/><label for='answer-id-852502' id='answer-label-852502' class=' answer'><span>Lift and shift<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213860[]' id='answer-id-852503' class='answer   answerof-213860 ' value='852503'   \/><label for='answer-id-852503' id='answer-label-852503' class=' answer'><span>Flexibility to move<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213860[]' id='answer-id-852504' class='answer   answerof-213860 ' value='852504'   \/><label for='answer-id-852504' id='answer-label-852504' class=' answer'><span>Transition and data portability<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-213861'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>Which plan will guide an organization on how to react to a security incident that might occur on the organization\u2019s systems, or that might be affecting one of their service providers?<\/div><input type='hidden' name='question_id[]' id='qID_32' value='213861' \/><input type='hidden' id='answerType213861' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213861[]' id='answer-id-852505' class='answer   answerof-213861 ' value='852505'   \/><label for='answer-id-852505' id='answer-label-852505' class=' answer'><span>Incident Response Plans<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213861[]' id='answer-id-852506' class='answer   answerof-213861 ' value='852506'   \/><label for='answer-id-852506' id='answer-label-852506' class=' answer'><span>Security Incident Plans<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213861[]' id='answer-id-852507' class='answer   answerof-213861 ' value='852507'   \/><label for='answer-id-852507' id='answer-label-852507' class=' answer'><span>Unexpected Event Plans<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213861[]' id='answer-id-852508' class='answer   answerof-213861 ' value='852508'   \/><label for='answer-id-852508' id='answer-label-852508' class=' answer'><span>Emergency Incident Plans<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-213862'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure . <br \/>\r<br>Which of the following is your BEST option?<\/div><input type='hidden' name='question_id[]' id='qID_33' value='213862' \/><input type='hidden' id='answerType213862' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213862[]' id='answer-id-852509' class='answer   answerof-213862 ' value='852509'   \/><label for='answer-id-852509' id='answer-label-852509' class=' answer'><span>Implement ISO\/IEC 27002 and complement it with additional controls from the CC<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213862[]' id='answer-id-852510' class='answer   answerof-213862 ' value='852510'   \/><label for='answer-id-852510' id='answer-label-852510' class=' answer'><span>Implement ISO\/IEC 27001 and complement it with additional controls from ISO\/IEC 27017.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213862[]' id='answer-id-852511' class='answer   answerof-213862 ' value='852511'   \/><label for='answer-id-852511' id='answer-label-852511' class=' answer'><span>Implement ISO\/IEC 27001 and complement it with additional controls from ISO\/IEC 27002.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213862[]' id='answer-id-852512' class='answer   answerof-213862 ' value='852512'   \/><label for='answer-id-852512' id='answer-label-852512' class=' answer'><span>Implement ISO\/IEC 27001 and complement it with additional controls from the NIST SP 800-145.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-213863'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='213863' \/><input type='hidden' id='answerType213863' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213863[]' id='answer-id-852513' class='answer   answerof-213863 ' value='852513'   \/><label for='answer-id-852513' id='answer-label-852513' class=' answer'><span>Design<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213863[]' id='answer-id-852514' class='answer   answerof-213863 ' value='852514'   \/><label for='answer-id-852514' id='answer-label-852514' class=' answer'><span>Stakeholder identification<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213863[]' id='answer-id-852515' class='answer   answerof-213863 ' value='852515'   \/><label for='answer-id-852515' id='answer-label-852515' class=' answer'><span>Development<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213863[]' id='answer-id-852516' class='answer   answerof-213863 ' value='852516'   \/><label for='answer-id-852516' id='answer-label-852516' class=' answer'><span>Risk assessment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-213864'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?<\/div><input type='hidden' name='question_id[]' id='qID_35' value='213864' \/><input type='hidden' id='answerType213864' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213864[]' id='answer-id-852517' class='answer   answerof-213864 ' value='852517'   \/><label for='answer-id-852517' id='answer-label-852517' class=' answer'><span>Blue team<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213864[]' id='answer-id-852518' class='answer   answerof-213864 ' value='852518'   \/><label for='answer-id-852518' id='answer-label-852518' class=' answer'><span>White box<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213864[]' id='answer-id-852519' class='answer   answerof-213864 ' value='852519'   \/><label for='answer-id-852519' id='answer-label-852519' class=' answer'><span>Gray box<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213864[]' id='answer-id-852520' class='answer   answerof-213864 ' value='852520'   \/><label for='answer-id-852520' id='answer-label-852520' class=' answer'><span>Red team<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-213865'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>One of the Cloud Control Matrix\u2019s (CCM\u2019s) control specifications states that \u201cIndependent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.\u201d <br \/>\r<br>Which of the following controls under the Audit Assurance and Compliance domain does this match to?<\/div><input type='hidden' name='question_id[]' id='qID_36' value='213865' \/><input type='hidden' id='answerType213865' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213865[]' id='answer-id-852521' class='answer   answerof-213865 ' value='852521'   \/><label for='answer-id-852521' id='answer-label-852521' class=' answer'><span>Audit planning<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213865[]' id='answer-id-852522' class='answer   answerof-213865 ' value='852522'   \/><label for='answer-id-852522' id='answer-label-852522' class=' answer'><span>Information system and regulatory mapping<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213865[]' id='answer-id-852523' class='answer   answerof-213865 ' value='852523'   \/><label for='answer-id-852523' id='answer-label-852523' class=' answer'><span>GDPR auditing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213865[]' id='answer-id-852524' class='answer   answerof-213865 ' value='852524'   \/><label for='answer-id-852524' id='answer-label-852524' class=' answer'><span>Independent audits<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-213866'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>What areas should be reviewed when auditing a public cloud?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='213866' \/><input type='hidden' id='answerType213866' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213866[]' id='answer-id-852525' class='answer   answerof-213866 ' value='852525'   \/><label for='answer-id-852525' id='answer-label-852525' class=' answer'><span>Patching, source code reviews, hypervisor, access controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213866[]' id='answer-id-852526' class='answer   answerof-213866 ' value='852526'   \/><label for='answer-id-852526' id='answer-label-852526' class=' answer'><span>Identity and access management, data protection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213866[]' id='answer-id-852527' class='answer   answerof-213866 ' value='852527'   \/><label for='answer-id-852527' id='answer-label-852527' class=' answer'><span>Patching, configuration, hypervisor, backups<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213866[]' id='answer-id-852528' class='answer   answerof-213866 ' value='852528'   \/><label for='answer-id-852528' id='answer-label-852528' class=' answer'><span>Vulnerability management, cyber security reviews, patching<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-213867'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?<\/div><input type='hidden' name='question_id[]' id='qID_38' value='213867' \/><input type='hidden' id='answerType213867' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213867[]' id='answer-id-852529' class='answer   answerof-213867 ' value='852529'   \/><label for='answer-id-852529' id='answer-label-852529' class=' answer'><span>Cloud service customer<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213867[]' id='answer-id-852530' class='answer   answerof-213867 ' value='852530'   \/><label for='answer-id-852530' id='answer-label-852530' class=' answer'><span>Shared responsibility<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213867[]' id='answer-id-852531' class='answer   answerof-213867 ' value='852531'   \/><label for='answer-id-852531' id='answer-label-852531' class=' answer'><span>Cloud service provider<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213867[]' id='answer-id-852532' class='answer   answerof-213867 ' value='852532'   \/><label for='answer-id-852532' id='answer-label-852532' class=' answer'><span>Patching on hypervisor layer is not required<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-213868'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>Which of the following is a corrective control that may be identified in a SaaS service provider?<\/div><input type='hidden' name='question_id[]' id='qID_39' value='213868' \/><input type='hidden' id='answerType213868' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213868[]' id='answer-id-852533' class='answer   answerof-213868 ' value='852533'   \/><label for='answer-id-852533' id='answer-label-852533' class=' answer'><span>Log monitoring<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213868[]' id='answer-id-852534' class='answer   answerof-213868 ' value='852534'   \/><label for='answer-id-852534' id='answer-label-852534' class=' answer'><span>Penetration testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213868[]' id='answer-id-852535' class='answer   answerof-213868 ' value='852535'   \/><label for='answer-id-852535' id='answer-label-852535' class=' answer'><span>Incident response plans<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213868[]' id='answer-id-852536' class='answer   answerof-213868 ' value='852536'   \/><label for='answer-id-852536' id='answer-label-852536' class=' answer'><span>Vulnerability scan<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-213869'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel . <br \/>\r<br>Which access control method will allow IT personnel to be segregated across the various locations?<\/div><input type='hidden' name='question_id[]' id='qID_40' value='213869' \/><input type='hidden' id='answerType213869' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213869[]' id='answer-id-852537' class='answer   answerof-213869 ' value='852537'   \/><label for='answer-id-852537' id='answer-label-852537' class=' answer'><span>Role Based Access Control<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213869[]' id='answer-id-852538' class='answer   answerof-213869 ' value='852538'   \/><label for='answer-id-852538' id='answer-label-852538' class=' answer'><span>Attribute Based Access Control<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213869[]' id='answer-id-852539' class='answer   answerof-213869 ' value='852539'   \/><label for='answer-id-852539' id='answer-label-852539' class=' answer'><span>Policy Based Access Control<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213869[]' id='answer-id-852540' class='answer   answerof-213869 ' value='852540'   \/><label for='answer-id-852540' id='answer-label-852540' class=' answer'><span>Rule Based Access Control<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-41' style=';'><div id='questionWrap-41'  class='   watupro-question-id-213870'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>41. <\/span>In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:<\/div><input type='hidden' name='question_id[]' id='qID_41' value='213870' \/><input type='hidden' id='answerType213870' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213870[]' id='answer-id-852541' class='answer   answerof-213870 ' value='852541'   \/><label for='answer-id-852541' id='answer-label-852541' class=' answer'><span>both operating system and application infrastructure contained within the CSP\u2019s instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213870[]' id='answer-id-852542' class='answer   answerof-213870 ' value='852542'   \/><label for='answer-id-852542' id='answer-label-852542' class=' answer'><span>both operating system and application infrastructure contained within the customer\u2019s instances<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213870[]' id='answer-id-852543' class='answer   answerof-213870 ' value='852543'   \/><label for='answer-id-852543' id='answer-label-852543' class=' answer'><span>only application infrastructure contained within the CSP\u2019s instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213870[]' id='answer-id-852544' class='answer   answerof-213870 ' value='852544'   \/><label for='answer-id-852544' id='answer-label-852544' class=' answer'><span>only application infrastructure contained within the customer\u2019s instances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-42' style=';'><div id='questionWrap-42'  class='   watupro-question-id-213871'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>42. <\/span>An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP) . <br \/>\r<br>What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?<\/div><input type='hidden' name='question_id[]' id='qID_42' value='213871' \/><input type='hidden' id='answerType213871' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213871[]' id='answer-id-852545' class='answer   answerof-213871 ' value='852545'   \/><label for='answer-id-852545' id='answer-label-852545' class=' answer'><span>Review third-party audit reports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213871[]' id='answer-id-852546' class='answer   answerof-213871 ' value='852546'   \/><label for='answer-id-852546' id='answer-label-852546' class=' answer'><span>Review CSP\u2019s published questionnaires.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213871[]' id='answer-id-852547' class='answer   answerof-213871 ' value='852547'   \/><label for='answer-id-852547' id='answer-label-852547' class=' answer'><span>Directly audit the CS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213871[]' id='answer-id-852548' class='answer   answerof-213871 ' value='852548'   \/><label for='answer-id-852548' id='answer-label-852548' class=' answer'><span>Send supplier questionnaire to the CS<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-43' style=';'><div id='questionWrap-43'  class='   watupro-question-id-213872'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>43. <\/span>To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:<\/div><input type='hidden' name='question_id[]' id='qID_43' value='213872' \/><input type='hidden' id='answerType213872' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213872[]' id='answer-id-852549' class='answer   answerof-213872 ' value='852549'   \/><label for='answer-id-852549' id='answer-label-852549' class=' answer'><span>develop a cloud audit plan on the basis of a detailed risk assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213872[]' id='answer-id-852550' class='answer   answerof-213872 ' value='852550'   \/><label for='answer-id-852550' id='answer-label-852550' class=' answer'><span>schedule the audits and monitor the time spent on each audit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213872[]' id='answer-id-852551' class='answer   answerof-213872 ' value='852551'   \/><label for='answer-id-852551' id='answer-label-852551' class=' answer'><span>train the cloud audit staff on current technology used in the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213872[]' id='answer-id-852552' class='answer   answerof-213872 ' value='852552'   \/><label for='answer-id-852552' id='answer-label-852552' class=' answer'><span>monitor progress of audits and initiate cost control measures.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-44' style=';'><div id='questionWrap-44'  class='   watupro-question-id-213873'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>44. <\/span>After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. <br \/>\r<br>In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?<\/div><input type='hidden' name='question_id[]' id='qID_44' value='213873' \/><input type='hidden' id='answerType213873' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213873[]' id='answer-id-852553' class='answer   answerof-213873 ' value='852553'   \/><label for='answer-id-852553' id='answer-label-852553' class=' answer'><span>As an integrity breach<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213873[]' id='answer-id-852554' class='answer   answerof-213873 ' value='852554'   \/><label for='answer-id-852554' id='answer-label-852554' class=' answer'><span>As control breach<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213873[]' id='answer-id-852555' class='answer   answerof-213873 ' value='852555'   \/><label for='answer-id-852555' id='answer-label-852555' class=' answer'><span>As an availability breach<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213873[]' id='answer-id-852556' class='answer   answerof-213873 ' value='852556'   \/><label for='answer-id-852556' id='answer-label-852556' class=' answer'><span>As a confidentiality breach<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-45' style=';'><div id='questionWrap-45'  class='   watupro-question-id-213874'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>45. <\/span>The MOST critical concept of managing the build and test of code in DevOps is:<\/div><input type='hidden' name='question_id[]' id='qID_45' value='213874' \/><input type='hidden' id='answerType213874' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213874[]' id='answer-id-852557' class='answer   answerof-213874 ' value='852557'   \/><label for='answer-id-852557' id='answer-label-852557' class=' answer'><span>continuous build.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213874[]' id='answer-id-852558' class='answer   answerof-213874 ' value='852558'   \/><label for='answer-id-852558' id='answer-label-852558' class=' answer'><span>continuous delivery.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213874[]' id='answer-id-852559' class='answer   answerof-213874 ' value='852559'   \/><label for='answer-id-852559' id='answer-label-852559' class=' answer'><span>continuous deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-213874[]' id='answer-id-852560' class='answer   answerof-213874 ' value='852560'   \/><label for='answer-id-852560' id='answer-label-852560' class=' answer'><span>continuous integration.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-46'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons6167\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"6167\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-07 19:22:01\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1778181721\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"213830:852381,852382,852383,852384 | 213831:852385,852386,852387,852388 | 213832:852389,852390,852391,852392 | 213833:852393,852394,852395,852396 | 213834:852397,852398,852399,852400 | 213835:852401,852402,852403,852404 | 213836:852405,852406,852407,852408 | 213837:852409,852410,852411,852412 | 213838:852413,852414,852415,852416 | 213839:852417,852418,852419,852420 | 213840:852421,852422,852423,852424 | 213841:852425,852426,852427,852428 | 213842:852429,852430,852431,852432 | 213843:852433,852434,852435,852436 | 213844:852437,852438,852439,852440 | 213845:852441,852442,852443,852444 | 213846:852445,852446,852447,852448 | 213847:852449,852450,852451,852452 | 213848:852453,852454,852455,852456 | 213849:852457,852458,852459,852460 | 213850:852461,852462,852463,852464 | 213851:852465,852466,852467,852468 | 213852:852469,852470,852471,852472 | 213853:852473,852474,852475,852476 | 213854:852477,852478,852479,852480 | 213855:852481,852482,852483,852484 | 213856:852485,852486,852487,852488 | 213857:852489,852490,852491,852492 | 213858:852493,852494,852495,852496 | 213859:852497,852498,852499,852500 | 213860:852501,852502,852503,852504 | 213861:852505,852506,852507,852508 | 213862:852509,852510,852511,852512 | 213863:852513,852514,852515,852516 | 213864:852517,852518,852519,852520 | 213865:852521,852522,852523,852524 | 213866:852525,852526,852527,852528 | 213867:852529,852530,852531,852532 | 213868:852533,852534,852535,852536 | 213869:852537,852538,852539,852540 | 213870:852541,852542,852543,852544 | 213871:852545,852546,852547,852548 | 213872:852549,852550,852551,852552 | 213873:852553,852554,852555,852556 | 213874:852557,852558,852559,852560\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"213830,213831,213832,213833,213834,213835,213836,213837,213838,213839,213840,213841,213842,213843,213844,213845,213846,213847,213848,213849,213850,213851,213852,213853,213854,213855,213856,213857,213858,213859,213860,213861,213862,213863,213864,213865,213866,213867,213868,213869,213870,213871,213872,213873,213874\";\nWatuPROSettings[6167] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 6167;\t    \nWatuPRO.post_id = 37868;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.58527300 1778181721\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(6167);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\r\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13587,429],"tags":[13583,13586],"class_list":["post-37868","post","type-post","status-publish","format-standard","hentry","category-cloud-security-alliance","category-isaca","tag-ccak","tag-ccak-dumps-questions"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/37868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=37868"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/37868\/revisions"}],"predecessor-version":[{"id":37872,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/37868\/revisions\/37872"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=37868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=37868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=37868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}