Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
180 Cards in this Set
- Front
- Back
|
What are the five essential characteristics of cloud computing as defined by NIST?
|
Broad Network Access
Rapid Elasticity Measured Service On-Demand Self Service Resource Pooling |
|
|
The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?
|
The value at risk
|
|
|
In the majority of data protection laws, when the data is transferred to a third party custodian, who is ultimately responsible for the security of the data?
|
The Data Controller
|
|
|
What is the most important reason for knowing where the cloud service provider will host the data?
|
So that it can address the specific restrictions that foreign data protection laws may impose.
|
|
|
What are the six phases of the data security lifecycle?
|
Create
Store Use Share Archive Destroy |
|
|
Why is the size of data sets a consideration in portability between cloud service providers?
|
The sheer size of data may cause an interruption of service during a transition, or a longer transition period than anticipated.
|
|
|
What are the four D's of perimeter security?
|
Deter
Detect Delay Deny |
|
|
In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?
|
In multi-tenant environments the operator or provider cannot normally accommodate visits by every customer to conduct an audit.
|
|
|
What measures could be taken by the cloud service provider (CSP) that might reduce the occurrence of application level incidents?
|
SaaS providers that generate extensive customer-specific application logs and provide secure storage as well as analysis facilities will ease the IR burden on the customer.
|
|
|
How should an SDLC be modified to address application security in a Cloud Computing environment?
|
Organizations must adopt best practices for development, either by having a good blend of processes, tools, and technologies of their own or adopting one of the maturity models.
|
|
|
What is the most significant reason that customers are advised to maintain in-house key management?
|
To be able to prove that all data has been deleted from the public cloud environment when exiting that environment.
|
|
|
What two types of information will cause additional regulatory issues for all organizations if held as an aspect of an Identity?
|
PII - Personal Identifiable Information
SPI - Sensitive Personal Information |
|
|
Why do blind spots occur in a virtualized environment, where network-based security controls may not be able to monitor certain types of traffic?
|
Virtual machines may communicate with each other over a hardware backplane, rather than a network.
|
|
|
When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?
|
Agreement on the metrics defining the service level required to achieve regulatory objectives
|
|
|
Economic Denial of Service (EDOS), refers to...
|
The destruction of economic resources; the worst case scenario would be bankruptcy of the customer or a serious economic impact
|
|
|
How does SaaS alleviate much of the consumer's direct operational responsibility?
|
The provider is not only responsible for the physical and environmental security controls, but it must also address the security controls on the infrastructure, the applications, and the data.
|
|
|
In Europe, name the group that has enacted data protection laws and the principles on which they follow.
|
The European Economic Area (EEA) Member States follow principles set forth in the 1995 European Union (EU) Data Protective Directive and the 2002 ePrivacy Directive as amended in 2009.
|
|
|
What is the minimum that U.S. state laws require when using a Cloud Service Provider?
|
Written contract with the service provider with reasonable security measures.
|
|
|
What must be included between an organization and a Cloud Service Provider when the organization has contractual obligations to protect the personal information of their clients, contacts or employees, to ensure that the data are not used for secondary use and are not disclosed to third parties?
|
The organization must ensure contractually that it will have the continued ability to meet the promises and commitments that it made in its privacy notice(s) or other contracts.
|
|
|
What is a click-wrap agreement?
|
A non-negotiated contract
|
|
|
How does an organization respond to the evolving nature of the cloud environment?
|
Periodic monitoring, testing, and evaluation of the services.
|
|
|
What must a U.S. litigant provide during e-discovery?
|
All documents that pertain to the case whether favorable to its case or the other litigant's case.
|
|
|
What is ESI?
|
Electronically Stored Information
|
|
|
What are four considerations for a cloud customer to understand in reference to regulatory compliance?
|
- Cross-border or multi-jurisdiction
- Assignment of compliance responsibilities including the CSP's providers - CSP capability to show compliance - Relationship between all parties including customer, CSP, auditors and CSP's providers |
|
|
What role do audits perform in the cloud relationships?
|
Audits must be independently conducted and should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards.
|
|
|
At what stage should compliance be addressed between an organization and CSP?
|
Requirements identification stage
|
|
|
What is multi-tenancy?
|
Use of same resources or application by multiple customers that may belong to the same organization or a different organization.
|
|
|
What does a cloud service model need to include for multi-tenancy consumers?
|
Policy-driven enforcement
Segmentation Isolation Governance Service Levels Chargeback/billing models |
|
|
What services can be shared in multi-tenancy cloud service models?
|
Infrastructure
Data Metadata Services Applications |
|
|
What three cloud services make up the Cloud Reference Model?
|
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS) Software as a Service (SaaS) |
|
|
Define IaaS
|
IaaS delivers computer infrastructure as a service along with raw storage and networking.
|
|
|
Define PaaS
|
PaaS delivers computing platform and solution stack as a service.
|
|
|
Define SaaS
|
SaaS delivers software and its associated data hosted centrally typically in the cloud and are usually accessed by users via a web browser over the Internet.
|
|
|
List the four dimensions in the Jericho Cloud Cube Model
|
- Internal (I) / External (E): Physical Location
- Proprietary (P) / Open (O): State of Ownership - Perimeterised (Per) / De-perimeterised (D-p): Architectural mindset - Insourced / Outsourced: Who provides the cloud service |
|
|
List the four cloud deployment models
|
Public
Private - internal/external Hybrid Community |
|
|
What is the key takeaway for security architecture?
|
The lower down the stack the CSP stops, the more security capabilities and management consumers are responsible for implementing and managing themselves.
|
|
|
What are the risks and pitfalls to consider in the Cloud Security Reference Model?
|
- How / where cloud service are deployed
- Manner in which cloud services are consumed - Re-perimeterization of enterprise networks - Types of assets, resources and information being managed - Who manages them and how - Which controls are selected and how they are integrated - Compliance issues |
|
|
How do you determine the general security posture of a service and how it relates to an asset's assurance and protection requirements?
|
- Classify a cloud service against the cloud architectural model
- Map the security architecture and business, regulatory, and other compliance requirements as a gap-analysis exercise |
|
|
What do cloud service brokers provide?
|
- Intermediation
- Monitoring - Transformation/portability - Governance - Provisioning - Integration services - Relationship negotiation between CSP and consumers |
|
|
What are included in a Service Level Agreement (SLA)?
|
- Service levels
- Security - Governance - Compliance - Liability expectations of the service and provider |
|
|
What are two types of Service Level Agreements (SLA)?
|
Negotiable
Non-negotiable |
|
|
Name the five basic principles followed in Corporate Governance.
|
- Auditing supply chains
- Board and management structure and process - Corporate responsibility and compliance - Financial transparency and information disclosure - Ownership structure and exercise of control rights |
|
|
Define Corporate Governance
|
The set of processes, technologies, customs, policies, laws and institutions affecting the way an enterprise is directed, administered or controlled.
|
|
|
Define Information Risk Management
|
The process of identifying and understanding exposure to risk and the capability of managing it, aligned with the risk appetite and tolerance of the data owner.
|
|
|
Define Enterprise Risk Management
|
The methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.
|
|
|
List four of the specific risks identified and analyzed by management in a cloud environment.
|
- Avoidance: exiting the activities giving rise to risk
- Reduction: taking action to reduce the likelihood or impact related to the risk - Share or insure: transferring or sharing a portion of the risk to finance it - Accept: no action is taken due to a cost/benefit decision |
|
|
What should be specifically targeted in the assessment of a CSP's third party service providers?
|
- Incident management
- Business continuity - Disaster recovery policies, processes and procedures - Review of co-location and back-up facilities |
|
|
What is a CSP's supply chain?
|
Their service provider relationships and dependencies
|
|
|
How should the cost savings obtained by cloud computing services be utilized?
|
Reinvest into increased scrutiny of the security capabilities of the provider, application of security controls, and ongoing detailed assessments and audits to ensure requirements are continuously met.
|
|
|
Define Public Cloud
|
The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
|
|
|
Define Private Cloud
|
The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or by a third party and may be located on-premise or off-premise.
|
|
|
Define Community Cloud
|
The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy or compliance considerations). It may be managed by the organizations or by a third party and may be located on-premise or off-premise.
|
|
|
Define Hybrid Cloud
|
The cloud infrastructure is a composition of two or more clouds (private, community of public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
|
|
|
Define Cloud Bursting
|
Where an enterprise shares the load with external cloud providers to meet peak demands
|
|
|
In most jurisdictions in the U.S., what types of information are a party obligated to produce?
|
Documents and data within its possession, custody or control.
|
|
|
What types of data hosted by a CSP could be outside the control of a client?
|
- Disaster recovery systems
- Certain metadata created and maintained by the CSP to operate its environment |
|
|
What should a client account for during e-discovery?
|
Additional time and expense where a client may not have the ability or administrative rights to search or access all of the data hosted in the cloud.
|
|
|
In the U.S. what is generally considered to be the obligation of a client who knows or reasonably should know is relevant to a pending or reasonably anticipated litigation or government investigation?
|
To undertake reasonable steps to prevent the destruction or modification of data or information in its possession, custody or control.
|
|
|
Who is held liable for acts of a subcontractor?
|
Government agencies, such as the FTC or the state Attorney General, have consistently held organizations liable for the activities of their subcontractors.
|
|
|
What does the GLBA and HIPAA require between an organization and their subcontractor?
|
The security and privacy rules require organizations to compel their subcontractors in written contracts to use reasonable security measures and comply with data privacy provisions.
|
|
|
What two general categories do assets supported by the cloud fall into?
|
1. Data
2. Applications/Functions/Process |
|
|
What is the first step in evaluating risk for the cloud?
|
Determine exactly what data or function is being considered for the cloud.
|
|
|
What is the second step in evaluating risk for the cloud?
|
Determine how important the data or function is to the organization.
|
|
|
For each asset, what three areas are assessed if all or part of the asset is handled in the cloud?
|
1. Confidentiality
2. Integrity 3. Availability requirements |
|
|
For each asset, what six areas are examined in how the organization would be harmed if all or part of the asset is handled in the cloud?
|
1. If the asset became widely public and widely distributed
2. If an employee of the cloud provider accessed the asset 3. If the process or function were manipulated by an outsider 4. If the process or function failed to provide expected results 5. If the information/data were unexpectedly changed 6. If the asset were unavailable for a period of time |
|
|
What is the third step in evaluating risk for the cloud?
|
Determine which deployment models are best suited to the organization
|
|
|
What is the fourth step in evaluating risk for the cloud?
|
Evaluate potential cloud service providers
|
|
|
How do you prevent scope creep?
|
Determine potential uses of the data or function being considered for the cloud.
|
|
|
Define cloud computing
|
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.
|
|
|
Define multi-tenancy in cloud service models
|
The need for policy-driven enforcement, segmentation, isolation, governance, service levels, and chargeback/billing models for different consumer constituencies.
|
|
|
In the Application & Interface Security control domain, which of the following architectural references apply to Application Security?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Application & Interface Security control domain, which of the following architectural references apply to Customer Access Requirements?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Application & Interface Security control domain, which of the following architectural references apply to Data Integrity?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Application & Interface Security control domain, which of the following architectural references apply to Data Security / Integrity?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Audit Assurance & Compliance control domain, which of the following architectural references apply to Audit Planning?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Audit Assurance & Compliance control domain, which of the following architectural references apply to Independent Audits?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Audit Assurance & Compliance control domain, which of the following architectural references apply to Information System Regulatory Mapping?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Business Continuity Testing?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Datacenter Utilities / Environmental Conditions?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Documentation?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Environmental Risks?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
|
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Equipment Location?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
|
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Equipment Power Failures?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Impact Analysis?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Management Program?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Policy?
- Physical - Network - Computing - Storage - Application - Data |
- Storage
- Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Retention Policy?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Equipment Maintenance?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Business Continuity Management & Operational Resilience control domain, which of the following architectural references apply to Business Continuity Planning?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Change Control & Configuration Management control domain, which of the following architectural references apply to New Development / Acquisition?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Change Control & Configuration Management control domain, which of the following architectural references apply to Outsourced Development?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Change Control & Configuration Management control domain, which of the following architectural references apply to Quality Testing?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Change Control & Configuration Management control domain, which of the following architectural references apply to Unauthorized Software Installations?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application |
|
|
In the Change Control & Configuration Management control domain, which of the following architectural references apply to Production Changes?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to Classification?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to Data Inventory / Flows?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to eCommerce Transactions?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Data |
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to Handling / Labeling / Security Policy?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to Information Leakage?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to Non-Production Data?
- Physical - Network - Computing - Storage - Application - Data |
- Storage
- Application - Data |
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to Ownership / Stewardship?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Data Security & Information Lifecycle Management control domain, which of the following architectural references apply to Secure Disposal?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Asset Management?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Controlled Access Points?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
|
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Equipment Identification?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application |
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Off-Site Authorization?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Storage - Application |
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Off-Site Equipment?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Policy?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
|
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Secure Area Authorization?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Datacenter Security control domain, which of the following architectural references apply to Unauthorized Persons Entry?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage |
|
|
In the Datacenter Security control domain, which of the following architectural references apply to User Access?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
|
|
|
In the Encryption & Key Management control domain, which of the following architectural references apply to Entitlement?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Encryption & Key Management control domain, which of the following architectural references apply to Key Generation?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Storage - Application - Data |
|
|
In the Encryption & Key Management control domain, which of the following architectural references apply to Sensitive Data Protection?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Encryption & Key Management control domain, which of the following architectural references apply to Storage and Access?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Baseline Requirements?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Data Focus Risk Assessments?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Management Oversight?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Management Program?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Management Support/Involvement?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Policy?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Policy Enforcement?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Policy Impact on Risk Assessments?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Policy Reviews?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Risk Assessments?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Risk Management Framework?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Governance and Risk Management control domain, which of the following architectural references apply to Risk Mitigation / Acceptance?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to Asset Returns?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to Background Screening?
- Physical - Network - Computing - Storage - Application - Data |
- Data
|
|
|
In the Human Resources control domain, which of the following architectural references apply to Employment Agreements?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to Employment Termination?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Human Resources control domain, which of the following architectural references apply to Industry Knowledge / Benchmarking?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Human Resources control domain, which of the following architectural references apply to Mobile Device Management?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to Non-Disclosure Agreements?
- Physical - Network - Computing - Storage - Application - Data |
- Data
|
|
|
In the Human Resources control domain, which of the following architectural references apply to Roles / Responsibilities?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to Technology Acceptable Use?
- Physical - Network - Computing - Storage - Application - Data |
- Application
- Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to Training / Awareness?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to User Responsibility?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Human Resources control domain, which of the following architectural references apply to Workspace?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Audit Tools Access?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Credential Lifecycle / Provision Management?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Diagnostic / Configuration Ports Access?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Application |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Policies and Procedures?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Segregation of Duties?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Source Code Access Restriction?
- Physical - Network - Computing - Storage - Application - Data |
- Computing
- Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Third Party Access?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Trusted Sources?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to User Access Authorization?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to User Access Reviews?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to User Access Revocation?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to User ID Credentials?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application |
|
|
In the Identity & Access Management control domain, which of the following architectural references apply to Utility Programs Access?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application |
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Audit Logging / Intrusion Detection?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Change Detection?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Clock Synchronization?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Application |
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Information System Documentation?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Data |
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Management - Vulnerability Management?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Network Security?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to OS Hardening and Base Controls?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Production / Non-Production Environments?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Segmentation?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to VM Security - vMotion Data Protection?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to VMM Security - Hypervisor Hardening?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Infrastructure & Virtualization Security control domain, which of the following architectural references apply to Wireless Security?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Interoperability & Portability control domain, which of the following architectural references apply to each of the 5 controls?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Mobile Security control domains, which of the following architectural references apply to each of the 20 controls?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Security Incident Management, E-Discovery & Cloud Forensics control domain, which of the following architectural references apply to each of the 5 controls?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Data Quality and Integrity?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Incident Reporting?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Network / Infrastructure Services?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Provider Internal Assessments?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Supply Chain Agreements?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Supply Chain Governance Reviews?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Supply Chain Metrics?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Third Party Assessment?
- Physical - Network - Computing - Storage - Application - Data |
None
|
|
|
In the Supply Chain Management, Transparency and Accountability control domain, which of the following architectural references apply to Third Party Audits?
- Physical - Network - Computing - Storage - Application - Data |
- Physical
- Network - Computing - Storage - Application - Data |
|
|
In the Threat and Vulnerability Management control domain, which of the following architectural references apply to Anti-Virus / Malicious Software?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application |
|
|
In the Threat and Vulnerability Management control domain, which of the following architectural references apply to Vulnerability / Patch Management?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Storage - Application |
|
|
In the Threat and Vulnerability Management control domain, which of the following architectural references apply to Mobile Code?
- Physical - Network - Computing - Storage - Application - Data |
- Network
- Computing - Application |
|
|
Name two mechanisms to automate monitoring and testing of cloud supply chains.
|
- Cloud Audit
- Cloud Trust Protocol |
