1. Which of the following statements regarding risk transfer is not true?


2. In which phase of the application design and development process, the focus is on architecture?


3. In which of the following service models cloud consumer may only be able to manage authorization and entitlements?


4. Which of the following leverages virtual network topologies to run smaller, and more isolated networks without incurring additional hardware costs?


5. Cloud user does not require special permission to perform vulnerability assessment on its environment in cloud.


6. Which of the following is not one of the benefits of Cloud Computing?


7. Which process is used to determine and defend the applications from any weakness before they are introduced into production?


8. The data and information like content in database or file storage are part of which layer of Logical Model?


9. Who manages the web console which is one of the ways the management plane is delivered?


10. Which of the following is a cloud infrastructure that is shared by several organizations and supports a specific group that has shared concerns?


11. How will you ensure that you have provided sufficient encryption protection to your data in the cloud?


12. Which of the following is an underlying vulnerability related to loss of Governance?


13. Which of the following is the most commonly used application programming interface?


14. Identity and Access Management (IAM) includes which of the following?


15. CCM: How many Domains and Controls are in CCM V.3.0.1?


16. Which of the following governance domain focuses on proper and adequate incident detection, response, notification and remediation?


17. Which communication method is used by customers to access database information using a web console?


18. Which of the following WAN virtualization technology is used to create networks which span multiple base networks?


19. Which of the following reflects the claim of an individual to have certain data deleted so that third persons can no longer trace them?


20. The nature of contracts with cloud providers will often preclude things like on-premises audits. What options does the customer have in this situation?


21. What is the role of the Scope Applicability column in the CCM?


22. Which of the following statement about CSA s CCM and Security Guidance is not true?


23. Which of the following statement regarding service administrator account is not true?


24. CCM: The CCM provides an anchor-point and common language for balanced measurement of security and compliance postures.

With CCM all supply chain parties can speak the same language ?


25. The main difference between traditional virtualization and cloud computing and is abstraction.


26. The following list of controls belongs to which domain of the CCM?
GRM 04 – Management Program
GRM 05 – Support / Involvement
GRM 06 – Policy
GRM 07 – Policy Enforcement


27. Which of the following is true about the pass-through audit which is a form of compliance inheritance?


28. Which of the following tools provide a standard template for cloud providers to document their security and compliance controls?


29. Which of the following can the cloud provider implement to mitigate the credential compromise or theft?


30. Which of the following is not one of the five key legal issues common across all scenarios?


31. If an attacker gets into your management plane, they have full remote access to your entire cloud environment.


32. The Cloud Security Alliance STAR Registry is used for which of the following purposes?


33. The management plane controls and configures which of the following:


34. Business Continuity and Disaster Recovery is not a shared responsibility and the cloud user is completely responsible for it.


35. Which of the following is an important consideration in management plane usage?


36. In which type of environment it is impractical to allow clients to conduct their own audits?


37. Which of the following is among the top security benefits?


38. How can web security as a service be offered to the cloud customer?


39. Dedicated or private tenancy model is not possible in a cloud environment.


40. PaaS needs to be built on top of IaaS and it cannot be a custom designed stand-alone architecture


41. The key difference between cloud and traditional computing is the infrastructure.


42. Which plane is used by consumers to launch virtual machines or configuring virtual networks?


43. When entrusting a third party to process the data on its behalf, who remains responsible for the collection and processing of the data?


44. Which of the following allows you to create an infrastructure template to configure all or some aspects of a cloud deployment?


45. Which of the following is a key tool in enabling and enforcing separation and isolation in multi-tenancy environment?


46. How can a single administrator access multiple service administrator accounts with just the privileges they need for that particular action?


47. Which of the following is a key area of control for the cloud provider network architecture?


48. Which of the following statements regarding SDN (Software Defined Networking) is not true?


49. In the United States, a party is obligated to take reasonable steps to prevent the destruction or modification of data in its possession that it knows, is relevant to pending litigation or government investigation.


50. Which of the following describes the cloud management plane?


51. Attestations and certifications are activities that will be valid at any future point in time and providers must keep any published results readily available for quick reference.


52. All assets in the cloud require same business continuity.


53. When it comes to securing the management plane, how are access identification, authentication, and authorization implemented?


54. All services from a particular provider meet the same audit/assessment standards.


55. SLA’s may limit a client’s ability to collect large volumes of data quickly and in a forensically sound manner.


56. Which of the following statement is true for orchestration?


57. Logs, documentation, and other materials that are needed for audits and compliance and are used as evidence to support compliance activities are called as-


58. In which of the five main phases of secure application design and development, you perform Threat Modelling?


59. Which of the following tools lists cloud security controls and maps them to multiple security and compliance standards. ?


60. Cloud service providers leverage which of the following to manage costs and enable capabilities?


Question 1 of 60