Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
Correct Answer: A
The control description focuses on ensuring the continuity and availability of operations and support personnel through policies, procedures, and technical measures. 'Operations Maintenance' best fits this description as it directly relates to maintaining the day-to-day activities and operations, which would include supporting personnel and their ability to continue operations without interruption. The other options do not encompass the broader scope of maintaining operations and support personnel as effectively.
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?
Correct Answer: D
The approach that encompasses social engineering of staff, bypassing of physical access controls, and penetration testing is Red team. Red teaming involves simulating real-world attacks to test the effectiveness of an organization's security measures, which includes the tactics mentioned in the question.
When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?
Correct Answer: B
When applying the Top Threats Analysis methodology following an incident, the scope of the technical impact identification step is to determine the impact on confidentiality, integrity, and availability of the information system. These three principles, commonly known as the CIA triad, are fundamental to information security and reflect the core concerns during a technical impact assessment.
When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?
Correct Answer: C
When performing audits in relation to Business Continuity Management and Operational Resilience strategy for a cloud customer, the most critical aspect to audit is whether the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization. This includes the invocation of continuity plans and crisis management capabilities. Ensuring these elements are in place is essential for maintaining operational resilience and effective business continuity during disruptions.
Which of the following metrics are frequently immature?
Correct Answer: D
Metrics around specific Software as a Service (SaaS) application services are frequently immature. SaaS providers often have less control over the environment in which their services are deployed, leading to challenges in capturing accurate and comprehensive metrics. Additionally, the variability of use cases and integration points for SaaS applications can complicate metric standardization and maturity.