Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls, and penetration testing?
Correct Answer: A
Explanation:
The approach that encompasses social engineering of staff, bypassing of physical access controls, and penetration testing is typically associated with a Red team . A Red team is designed to simulate real-world attacks to test the effectiveness of security measures. They often use tactics like social engineering and penetration testing to identify vulnerabilities. In contrast, a Blue team is responsible for defending against attacks, a White box approach involves testing with internal knowledge of the system, and a Gray box is a combination of both White box and Black box testing methods.
References = The information aligns with the principles of cloud auditing and security assessments as outlined in the resources provided by ISACA and the Cloud Security Alliance, which emphasize the importance of understanding various security testing methodologies to effectively audit cloud systems 1 2 3 .
Question 2
Which of the following is the GREATEST risk associated with hidden interdependencies between cloud services?
Correct Answer: B
Explanation:
The greatest risk associated with hidden interdependencies between cloud services is the lack of visibility over the cloud service providers’ supply chain. Hidden interdependencies are the complex and often unknown relationships and dependencies between different cloud services, providers, sub- providers, and customers. These interdependencies can create challenges and risks for the security, availability, performance, and compliance of the cloud services and data. For example, a failure or breach in one cloud service can affect other cloud services that depend on it, or a change in one cloud provider’s policy or contract can impact other cloud providers or customers that rely on it. 1 2
The lack of visibility over the cloud service providers’ supply chain means that the customers do not have enough information or control over how their cloud services and data are delivered, managed, and protected by the providers and their sub-providers. This can expose the customers to various threats and vulnerabilities, such as data breaches, data loss, service outages, compliance violations, legal disputes, or contractual conflicts. The customers may also face difficulties in monitoring, auditing, or verifying the security and compliance status of their cloud services and data across the supply chain. Therefore, it is important for the customers to understand the hidden interdependencies between cloud services and to establish clear and transparent agreements with their cloud providers and sub-providers regarding their roles, responsibilities, expectations, and obligations. 3 References := How to identify and map service dependencies - Gremlin 1 ; Mitigate Risk for Data Center Network Migration - Cisco 2 ; Practical Guide to Cloud Service Agreements Version 2.0 3 ; HIDDEN INTERDEPENDENCIES BETWEEN INFORMATION AND ORGANIZATIONAL …
Demo Practice Mode
You are viewing only the questions marked as Demo.