Which of the following is the primary purpose of an SOC 3 report?
The SOC 3 report is more of an attestation than a full evaluation of controls associated with a service provider.
Which of the following is not a risk management framework?
Hex GBL is a reference to a computer part in Terry Pratchett's fictional Discworld universe. The rest are not.
Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers.
Which of the following is NOT a unit covered by limits?
The hypervisor level, as a backend cloud infrastructure component, is not a unit where limits may be applied to control resource utilization. Limits can be placed at the service, virtual machine, and cloud customer levels within a cloud environment.
Gap analysis is performed for what reason?
The primary purpose of the gap analysis is to begin the benchmarking process against risk and security standards and frameworks.
The baseline should cover which of the following?
The more systems that be included in the baseline, the more cost-effective and scalable the baseline is. The baseline does not deal with breaches or version control; those are the provinces of the security office and CMB, respectively. Regulatory compliance might (and usually will) go beyond the baseline and involve systems, processes, and personnel that are not subject to the baseline.
Submit Cancel