A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP’s security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?
Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report, which course of action is MOST relevant?
In an organization, how are policy violations MOST likely to occur?
Which of the following is the BEST tool to perform cloud security control audits?
Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control description?
Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization’s SaaS vendor?
