Question: 1
You are the security policy lead for your organization, which is considering migrating from your on-premises, legacy environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization.
What is probably the best benefit offered by the CCM?
Response:
Question: 2
What principle must always been included with an SOC 2 report?
Response:
Question: 3
At which phase of the SDLC process should security begin participating?
Response:
Question: 4
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes ''using components with known vulnerabilities.''
Why would an organization ever use components with known vulnerabilities to create software?
Response:
Question: 5
Your organization is considering a move to a cloud environment and is looking for certifications or audit reports from cloud providers to ensure adequate security controls and processes.
Which of the following is NOT a security certification or audit report that would be pertinent?
Response:
