DOMAIN 2 - CLOUD RISK MANAGEMENT TRADE-OFFs AND TOOLS

Question 1

There is less physical control over _______ and their controls and processes. You don’t physically control the infrastructure or the provider’s internal processes.

Answer 1

assets

Question 2

There is a greater reliance on ________, audits, and assessments, as you lack day-to-day visibility or management.

Answer 2

contracts

Question 3

This creates an increased requirement for proactive management of relationship and adherence to contracts, which extends beyond the initial contract signing and audits. Cloud providers also constantly evolve their products and services to remain competitive and these ongoing innovations might
exceed, strain, or not be covered by existing ___________.

Answer 3

agreements and assessments.

Question 4

Cloud customers have a reduced need (and associated reduction in costs) to manage risks that the cloud provider accepts under the _________. You haven’t outsourced accountability for managing the risk, but you can certainly outsource the
management of some risks.

Answer 4

shared responsibility model

Question 5

The __________ sets the groundwork for the cloud risk management program:

Answer 5

supplier assessment

Question 6

After reviewing and understanding what risks the cloud provider manages, what remains is ________.

Answer 6

residual risk

Question 7

_________, most often enabled by insurance, is an imperfect mechanism, especially for information risks

Answer 7

Risk transfer