ISC CCSP Practice Test - Questions Answers, Page 33

Because cloud providers will not give detailed information out about their infrastructures and practices to the general public, they will often use established auditing reports to ensure public trust, where the reputation of the auditors serves for assurance.

Which type of audit reports can be used for general public trust assurances?

Which of the following concepts is NOT one of the core components to an encryption system architecture?

For optimal security, trust zones are used for network segmentation and isolation. They allow for the separation of various systems and tiers, each with its own security level.

Which of the following is typically used to allow administrative personnel access to trust zones?

Which of the following is NOT a major regulatory framework?

As part of the auditing process, getting a report on the deviations between intended configurations and actual policy is often crucial for an organization.

What term pertains to the process of generating such a report?

An audit scope statement defines the limits and outcomes from an audit.

Which of the following would NOT be included as part of an audit scope statement?

What concept and operational process must be spelled out clearly, as far as roles and responsibilities go, between the cloud provider and cloud customer for the mitigation of any problems or security events?

Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.

Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?

Cloud systems are increasingly used for BCDR solutions for organizations.

What aspect of cloud computing makes their use for BCDR the most attractive?