In a hybrid cloud environment, why would an organization choose cascading log architecture for security purposes?
How does the variability in Identity and Access Management (IAM) systems across cloud providers impact a multi-cloud strategy?
Which principle reduces security risk by granting users only the permissions essential for their role?
What is the primary purpose of the CSA Security, Trust, Assurance, and Risk (STAR) Registry?
What process involves an independent examination of records, operations, processes, and controls within an organization to ensure compliance with cybersecurity policies, standards, and regulations?
Which aspects are most important for ensuring security in a hybrid cloud environment?
Which of the following best describes the multi-tenant nature of cloud computing?
Which of the following best describes the shift-left approach in software development?
Which of the following functionalities is provided by Data Security Posture Management (DSPM) tools?
What is the primary function of landing zones or account factories in cloud environments?
Which of the following best describes the responsibility for security in a cloud environment?
Which technique involves assessing potential threats through analyzing attacker capabilities, motivations, and potential targets?
Which practice minimizes human error in long-running cloud workloads’ security management?
What primary aspects should effective cloud governance address to ensure security and compliance?
Which benefit of automated deployment pipelines most directly addresses continuous security and reliability?
In a cloud environment spanning multiple jurisdictions, what is the most important factor to consider for compliance?
Which of the following events should be monitored according to CIS AWS benchmarks?
In the context of cloud security, which approach prioritizes incoming data logs for threat detection by applying multiple sequential filters?
Which type of controls should be implemented when required controls for a cybersecurity framework cannot be met?
Which AI workload mitigation strategy best addresses model inversion attacks that threaten data confidentiality?
What is an essential security characteristic required when using multi-tenant technologies?
Which of the following cloud computing models primarily provides storage and computing resources to the users?
Which component is primarily responsible for filtering and monitoring HTTP/S traffic to and from a web application?
Which of the following best describes a primary focus of cloud governance with an emphasis on security?
What is a primary benefit of using Identity and Access Management (IAM) roles/identities provided by cloud providers instead of static secrets?
How can the use of third-party libraries introduce supply chain risks in software development?
Which Cloud Service Provider (CSP) security measure is primarily used to filter and monitor HTTP requests to protect against SQL injection and XSS attacks?
How does DevSecOps fundamentally differ from traditional DevOps in the development process?
Which of the following is a primary purpose of establishing cloud risk registries?
Which of the following best describes the purpose of cloud security control objectives?
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
Which cloud service model requires the customer to manage the operating system and applications?
When configured properly, logs can track every code, infrastructure, and configuration change and connect it back to the submitter and approver, including the test results.
CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?
Which data security control is the LEAST likely to be assigned to an IaaS provider?
Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:
CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s cloud service?
Which statement best describes why it is important to know how data is being accessed?
ENISA: An example high risk role for malicious insiders within a Cloud Provider includes
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?
What should every cloud customer set up with its cloud service provider (CSP) that can be utilized in the event of an incident?
ENISA: Which is not one of the five key legal issues common across all scenarios:
What is defined as the process by which an opposing party may obtain private documents for use in litigation?
What can be implemented to help with account granularity and limit
blast radius with laaS an PaaS?
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?
Vulnerability assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions.
CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?
Which cloud security model type provides generalized templates for helping implement cloud security?
When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?
How can Identity and Access Management (IAM) policies on keys ensure adherence to the principle of least privilege?
How does cloud sprawl complicate security monitoring in an enterprise environment?
When designing a cloud-native application that requires scalable and durable data storage, which storage option should be primarily considered?
What is a PRIMARY cloud customer responsibility when managing SaaS applications in terms of security and compliance?
Which activity is a critical part of the Post-Incident Analysis phase in cybersecurity incident response?
How does the variability in Identity and Access Management (IAM) systems across cloud providers impact a multi-cloud strategy?
Which of the following best describes the primary benefit of utilizing cloud telemetry sources in cybersecurity?
How does SASE enhance traffic management when compared to traditional network models?
Which concept focuses on maintaining the same configuration for all infrastructure components, ensuring they do not change once deployed?
What is a key advantage of using Policy-Based Access Control (PBAC) for cloud-based access management?
Which of the following best describes compliance in the context of cybersecurity?
In a cloud environment, what does the Shared Security Responsibility Model primarily aim to define?
How does artificial intelligence pose both opportunities and risks in cloud security?
Which of the following best describes how cloud computing manages shared resources?