QUESTION 56
Sending data to a provider’s storage over an API is likely as much more reliable and secure than setting up your own SFTP server on a VM in the same provider

QUESTION 57
Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?

QUESTION 58
Which of the following authentication is most secured?

QUESTION 59
If in certain litigations and investigations, the actual cloud application or environment itself is relevant to resolving the dispute in the litigation or investigation, how is the information likely to be obtained?

QUESTION 60
Which is the most common control used for Risk Transfer?

QUESTION 61
ln order to determine critical assets and processes of the organization, it must first conduct a:

QUESTION 62
Which is the document used by Cloud Service Provider to declare the level of personal data protection and security that it sustains for the relevant data processing?

QUESTION 63
When the data is transferred to third party. who is ultimately responsible for security of data?

QUESTION 64
Cloud Security provider is responsible for Platform Security in Platform as a Service(PaaS) model.

QUESTION 65
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

QUESTION 66
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

QUESTION 67
When Database as a Service is offered on Platform as a Service(PaaS) model, who is responsible for security features that needs to applied to the Databases?

QUESTION 68
Lack of standard data formats and service interfaces can lead to:

QUESTION 69
What can be implemented to help with account granularity and limit
blast radius with laaS an PaaS?

QUESTION 70
Which of the following reports the cloud service provide normally share with customer WITHOUT any non-disclosure agreement and is in the public domain?

QUESTION 71
Which of the following is a key consideration in Data security but does not feature in Data Security Life cycle?

QUESTION 72
Logs, documentation, and other materials needed for audits and compliance and often serve as evidence of compliance activities are known as:

QUESTION 73
Centralization of log streams is charactertic of which devices?

QUESTION 74
Cloud customer and cloud service provider are jointly responsible legally for data breach or data loss in absence of any written clause regarding same in contract or SLA.

QUESTION 75
Which of the following establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment?

QUESTION 76
Which of the following phases of data security lifecycle typically occurs nearly simultaneously with creation?