CCAK Exam Dumps : Certificate of Cloud Auditing Knowledge

The correct answer is B. Network security is the type of control that best matches the control description given in the question. Network security involves designing and configuring network environments and virtual instances to restrict and monitor traffic between trusted and untrusted connections, such as firewalls, routers, switches, VPNs, and network segmentation. Network security also requires periodic reviews and documentation of the network configurations and the justification for the allowed services, protocols, ports, and compensating controls.

The other options are not directly related to the question. Option A, virtual instance and OS hardening, refers to the process of applying security configurations and patches to virtual instances and operating systems to reduce their attack surface and vulnerabilities. Option C, network vulnerability management, refers to the process of identifying, assessing, prioritizing, and remediating network vulnerabilities using tools such as scanners, analyzers, and testers. Option D, change detection, refers to the process of monitoring and detecting changes in the system or network environment that could affect the security posture or performance of the system or network.

References :=

IVS-01: Network Security - CSF Tools - Identity Digital1

Certificate of Cloud Auditing Knowledge (CCAK) Study Guide, Chapter 6: Cloud Security Controls

Cloud Controls Matrix (CCM) - CSA2

ISO/IEC 27017:2015 is a standard that provides guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002, as well as additional controls with implementation guidance that specifically relate to cloud services1. ISO/IEC 27017:2015 is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001, which is the international standard for information security management systems1. ISO/IEC 27017:2015 can help organizations to establish, implement, maintain and continually improve their information security in the cloud environment, as well as to demonstrate compliance with contractual and legal obligations1.

ISO/IEC 27002 is a code of practice for information security controls that provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining information security management systems2. However, ISO/IEC 27002 does not provide specific guidance for cloud services, which is why ISO/IEC 27017:2015 was developed as an extension to ISO/IEC 27002 for cloud services1.

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a set of security controls that provides organizations with a detailed understanding of security concepts and principles that are aligned to the cloud model. The CCM is not a standard, but rather a framework that can be used to assess the overall security risk of a cloud provider. The CCM can also be mapped to other standards, such as ISO/IEC 27001 and ISO/IEC 27017:2015, to facilitate compliance and assurance activities.

NIST SP 800-146 is a publication from the National Institute of Standards and Technology (NIST) that provides an overview of cloud computing, its characteristics, service models, deployment models, benefits, challenges and considerations. NIST SP 800-146 is not a standard, but rather a reference document that can help organizations to understand the basics of cloud computing and its implications for information security. NIST SP 800-146 does not provide specific guidance or controls for cloud services, but rather refers to other standards and frameworks, such as ISO/IEC 27001 and CSA CCM, for more detailed information on cloud security. References :=

ISO/IEC 27017:2015 - Information technology — Security techniques …

ISO/IEC 27017:2015(en), Information technology ? Security techniques …

ISO 27017 Certification - Cloud Security Services | NQA

An introduction to ISO/IEC 27017:2015 - 6clicks

ISO/IEC 27017:2015 - Information technology — Security techniques …

[Cloud Controls Matrix | Cloud Security Alliance]

[NIST Cloud Computing Synopsis and Recommendations]