Organizations maintain mappings between the different control frameworks they adopt to:

• A.help identify controls with different assessment status.
• B.help identify controls with common assessment status.
• C.start a compliance assessment using latest assessment.
• D.avoid duplication of work when assessing compliance.

Comment: *

Name: *

Email: *

Verification: *

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

• A.Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
• B.Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
• C.Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
• D.Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.

Comment: *

Name: *

Email: *

Verification: *

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization's SaaS vendor?

• A.Board oversight
• B.Risk appetite
• C.Contractual requirements
• D.Risk exceptions policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

• A.Cloud Access and Security Brokers (CASB)
• B.Intrusion Prevention System
• C.URL filters
• D.Database Activity Monitoring
• E.Data Loss Prevention

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an IS auditor's GREATEST concern when reviewing an outsourcing arrangement with a third-party cloud service provider to host personally identifiable data?

• A.The data is not adequately segregated on the host platform.
• B.Fees are charged based on the volume of data stored by the host.
• C.The outsourcing contract does not contain a right-to-audit clause.
• D.The organization's servers are not compatible with the third party's infrastructure

Comment: *

Name: *

Email: *

Verification: *