A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the same physical resources.
When conducting the final risk assessment which of the following should the security architect take into consideration?
A . The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering.
B . The cost of resources required to relocate services in the event of resource exhaustion on a particular V
D . The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
E . Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.
Answer: C
Leave a Reply