Question 6 of 244

Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

Answer

Suggested Answer

The suggested answer is E.

Software-as-a-service (SaaS) is the cloud-based service model that enables companies to provide client-based access for partners to databases or applications. In this model, software applications are hosted on the cloud, and users access them through web browsers. SaaS providers manage the underlying infrastructure, application, and data, allowing companies to focus on their core business rather than managing software and hardware.

Community Votes13 votes
AMost voted
54%
ESuggested
46%
Question 7 of 244

CCM: The following list of controls belong to which domain of the CCM?

GRM 06 `" Policy GRM 07 `" Policy Enforcement GRM 08 `" Policy Impact on Risk Assessments GRM 09 `" Policy Reviews GRM 10 `" Risk Assessments GRM 11

`" Risk Management Framework`

Answer

Suggested Answer

The suggested answer is B.

The controls listed, such as Policy, Policy Enforcement, Policy Impact on Risk Assessments, Policy Reviews, Risk Assessments, and Risk Management Framework, clearly fall under the domain of Governance and Risk Management. This domain focuses on policies and frameworks that guide and control an organization's risk management practices.

Community Votes4 votes
BSuggested
100%
Question 8 of 244

Which attack surfaces, if any, does virtualization technology introduce?

Answer

Suggested Answer

The suggested answer is D.

Virtualization technology introduces multiple attack surfaces. The hypervisor is a critical component that can be targeted. In addition, virtualization management components apart from the hypervisor, such as those used to manage and configure virtual machines, are also potential targets. Configuration and VM sprawl issues can introduce vulnerabilities due to misconfigurations and the difficulty of managing numerous virtual machines. Therefore, all of these factors collectively constitute the attack surfaces introduced by virtualization technology.

Community Votes9 votes
DSuggested
78%
A
22%
Question 9 of 244

APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

Answer

Suggested Answer

The suggested answer is B.

APIs and web services require extensive hardening because they are susceptible to attacks from both authenticated and unauthenticated adversaries. Proper hardening includes implementing industry-standard authentication methods, ensuring secure coding practices, and deploying regular security assessments to identify and mitigate potential vulnerabilities.

Question 10 of 244

Which of the following is NOT a cloud computing characteristic that impacts incidence response?

Answer

Suggested Answer

The suggested answer is D.

The correct option is object-based storage in a private cloud. The on-demand self-service nature of cloud computing environments, privacy concerns for co-tenants, the possibility of data crossing geographic or jurisdictional boundaries, and resource pooling with rapid elasticity are all cloud characteristics that can impact incident response. However, object-based storage in a private cloud is a storage architecture and does not directly impact incident response processes.

Community Votes13 votes
DSuggested
92%
B
8%