Because of multitenancy, specific risks in the public cloud that don’t exist in the other cloud service models include all the following except:

A. DoS/DDoS
B. Information bleed
C. Risk of loss/disclosure due to legal seizures
D. Escalation of privilege

Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except:

A. The cloud provider’s utilities
B. The cloud provider’s suppliers
C. The cloud provider’s resellers
D. The cloud provider’s vendors

Countermeasures for protecting cloud operations against internal threats include all of the following except:

A. Extensive and comprehensive training programs, including initial, recurring, and refresher sessions
B. Skills and knowledge testing
C. Hardened perimeter devices
D. Aggressive background checks

User access to the cloud environment can be administered in all of the following ways except:

A. Provider provides administration on behalf the customer
B. Customer directly administers access
C. Third party provides administration on behalf of the customer
D. Customer provides administration on behalf of the provider

Countermeasures for protecting cloud operations against external attackers include all of the following except:

A. Continual monitoring for anomalous activity.
B. Detailed and extensive background checks.
C. Regular and detailed configuration/change management activities
D. Hardened devices and systems, including servers, hosts, hypervisors, and virtual machines.

The cloud customer will have the most control of their data and systems, and the cloud provider will have the least amount of responsibility, in which cloud computing arrangement?

A. IaaS
B. SaaS
C. Community cloud
D. PaaS

Countermeasures for protecting cloud operations against internal threats include all of the following except:

A. Mandatory vacation
B. Least privilege
C. Separation of duties
D. Conflict of interest

What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud?

A. Obfuscation
B. Elasticity
C. Mobility
D. Portability

When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is:

A. Many states have data breach notification laws.
B. Breaches can cause the loss of proprietary data.
C. Breaches can cause the loss of intellectual property.
D. Legal liability can’t be transferred to the cloud provider.

Which kind of SSAE audit report is most beneficial for a cloud customer, even though it’s unlikely the cloud provider will share it?

A. SOC 3
B. SOC 1 Type 2
C. SOC 2 Type 2
D. SOC 1 Type 1