Managing Cloud Security Online Practice Questions

Explanation:
The procurement function is directly responsible for vendor selection and contract management, including risk assessments of new or renewed vendor relationships. This ensures that third-party providers meet security, compliance, and performance requirements.
Software development and quality assurance focus on product creation and validation. Marketing manages branding and outreach. None of these directly involve evaluating external vendor risk.
Procurement integrates due diligence, contract clauses, and performance monitoring into enterprise risk management. This reduces exposure to third-party threats and ensures compliance with frameworks such as ISO 27036 (supplier relationships) and NIST vendor risk management guidelines.

Explanation:
Once a vendor has been chosen, the onboarding phase requires confirming contractual details and
arranging technical agreements. This includes specifying encryption standards, data transfer methods, SLAs, and compliance responsibilities. These discussions establish a clear foundation for the partnership.
Auditing and monitoring occur later, during ongoing vendor management. Evaluating requirements and policies occurs earlier, during vendor selection. Terminating a relationship is an offboarding activity, not onboarding.
Clarifying technical and contractual details at onboarding ensures a secure, compliant, and efficient partnership. It reduces risks of miscommunication and enforces accountability from the beginning.

Explanation:
The correct approach for sanitizing a USB thumb drive while preserving its usability is overwriting. Overwriting involves replacing the existing data on the device with random data or specific patterns to ensure that the original information cannot be recovered. This process leaves the physical device intact, allowing it to be reused securely.
Physical destruction, such as shredding, renders the device unusable. Degaussing only works on magnetic media like hard disks or tapes, not on solid-state or flash-based USB drives. Key revocation applies to cryptographic keys and not to physical devices.
By using overwriting, organizations comply with data sanitization standards while balancing operational efficiency. Many tools exist that perform multi-pass overwrites to meet regulatory requirements such as those from NIST or ISO. This ensures that sensitive data is removed while allowing the device to remain in circulation for continued use.

Explanation:
In a cloud environment, responsibility for hardware management shifts primarily to the cloud provider. Customers no longer manage servers, storage devices, or physical networks directly. As a result, hardware management policies are less critical for customer audits compared to data classification, procurement, or acceptable use.
Data classification remains essential to secure sensitive information. Software procurement policies are important to control licensing and compliance. Acceptable use policies govern employee behavior in cloud environments.
While organizations may still need high-level oversight of hardware through contracts and SLAs, detailed hardware policies have a reduced role. Instead, emphasis shifts to managing the shared responsibility model, ensuring cloud provider controls complement customer governance.

Explanation:
The unplanned event described is a disruption of service. In IT service management frameworks like ITIL, disruptions occur when an incident prevents normal service delivery. The goal of incident management is to restore service quickly and minimize impact on customers.
A bug refers to a software defect, which may cause disruptions but is not synonymous with the event itself. An error represents a fault, while change refers to deliberate modifications. Only disruption captures the unplanned nature of service unavailability.
Recognizing incidents as disruptions helps organizations apply structured processes such as escalation, root-cause analysis, and communication. It ensures resilience in cloud-based environments where uptime is a key performance indicator and customer trust is closely tied to availability.