To address shared monitoring and testing responsibilities in a cloud configuration, the provider might offer all these to the cloud customer except:
To address shared monitoring and testing responsibilities in a cloud configuration, the provider might offer all these to the cloud customer except:
In a cloud configuration, the provider will share various data with the customer to help with monitoring and testing responsibilities, such as access to audit logs, performance data, DLP solution results, and various logs like SIM, SEIM, and SEM logs. However, the administration of security controls remains strictly the responsibility of the cloud provider to ensure the integrity and security of their infrastructure. Therefore, the provider will not share administration of security controls with the customer.
Does option D makes any sense ?
No, it doesn't.
I figured it was put in just to confuse everyone, makes no sense. Bad question.
I figured it was put in just to confuse everyone, makes no sense. Bad question.
To be fair none of these make much sense to me...
This is from official book, chapter 6. Security control administration is correct answer per book as well.
Agree, It's a silly misleading question
In a shared monitoring and testing model within a cloud environment, cloud providers typically offer visibility into security controls, logs, and administrative functions. However, DLP (Data Loss Prevention) solution results are generally not provided by the cloud provider because: DLP is typically a customer-side control, meaning the customer manages and implements DLP policies. Cloud providers focus on infrastructure security, while DLP focuses on data-level security within the customer's environment. DLP results are highly sensitive and specific to an organization’s data policies, and sharing them could pose security and privacy risks.