CASP Mark B Mock 2 Flashcards
A company works with a cloud service provider (CSP) that provides bleeding-edge technology to perform data analytics and deep learning techniques on the company’s data. As the technology becomes more widespread, it appears that a rival CSP can offer the same solutions for a 50% cost saving. However, it seems that the database format and rule sets that have been created can’t be transferred to the rival CSP. What term would best describe this situation?
A. Vendor risk
B. Vendor lock-in
C. Third-party liability
D. Vendor management plan
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 828-829). Packt Publishing. Kindle Edition.
B. Vendor lock-in
Explanation:
This makes it difficult to switch providers as the technology is often proprietary
A major retailer works with a small, highly regarded, third-party development team. They intend to invest significant resources into a new customer-facing set of APIs. The retailer is concerned about the financial stability of the development company and worries that they may need to start the development project from scratch if the developers go bust. What could be used to allay the fears of the retailer?
A. Change management
B. Staff turnover
C. Peer code review
D. Source code escrow
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 829). Packt Publishing. Kindle Edition.
D. Source code escrow
Explanation:
External developers represent third party risk. This can be mitigated by storing the code with an escrow service. This protects the IP of the developers but also protects the customer
Andy is the CSO within a department of the United Kingdom’s HM Revenue and Customs (HMRC). All new systems that will require government funding must be assessed concerning cost savings by working with a CSP. Andy is overseeing a proposed new system that will reduce the workload of the Inland Revenue HMRC employees. What must a government agency consider when planning to store sensitive data with a global CSP?
A. Data sovereignty
B. Data ownership
C. Data classifications
D. Data retention
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 829). Packt Publishing. Kindle Edition.
A. Data sovereignty
Explanation:
The type of data that’s stored by a government department would typically have strict regulatory controls. A global CSP may store the data offshore.
A Privacy Impact Assessment is being conducted on behalf of a private healthcare provider. A consultant is assessing regulatory requirements for the hospital’s employee and patient data (within Europe). The data that is currently being held includes the following:
Patient’s address
Patient’s bank account details
Patient’s medical history
Patient’s X-ray records
Employee bank account details
What type of information will need to be protected and which regulations are the most important? (Choose two)
A. COPPA
B. Personally identifiable information (PII)
C. Financial records
D. Intellectual property
E. GDPR
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 830). Packt Publishing. Kindle Edition.
B. Personally identifiable information (PII)
E. GDPR
Explanation:
This type of data would be labeled as PII and GDPR regulatory controls would be important as the patients and employees may be EU citizens
A regional bank intends to work with a CSP to harness some of the benefits associated with cloud computing. The bank wants the assurance that data will not be accessible when their contract with a CSP expires. What technology would be most applicable?
A. Crypto erase
B. Pulping
C. Shredding
D. Degaussing
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 830-831). Packt Publishing. Kindle Edition.
A. Crypto erase
Explanation:
The customer will not have physical access to the data, so they will not be able to ensure other methods of destruction can be implemented. Erase will render the data unrecoverable.
A company manufactures medical devices, including instruments and scanners. The company intends to sell and market its devices to a global customer base. The company must ensure its products are compatible with its worldwide customer base. What regulations or standards will be the most important?
A. Export Control Regulations
B. General Data Protection Regulation (GDPR)
C. International Organization for Standardization (ISO)
D. National Institute of Standards and Technology (NIST)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 831). Packt Publishing. Kindle Edition.
C. International Organization for Standardization (ISO)
Explanation:
This will ensure that the products will be suitable across international boundaries and
A startup software development company is trying to win a US Federal Government contract to provision an Enterprise Resource Planning (ERP) application. They must assure the customer that they have a robust security framework for delivering software and services. What is the most relevant accreditation?
A. Open Web Application Security Project (OWASP)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 831-832). Packt Publishing. Kindle Edition.
B. Capability Maturity Model Integration (CMMI)
Explanation:
This accreditation is required to tender for US government software contracts
A large US-based retailer is transitioning toward an online selling platform. While customer details and payment card details will be stored in-house, a CSP will be used to host the e-commerce site, including the online shop. What compliance will be most important to the retailer concerning storing cardholder data and electronic transactions?
A. Payment Card Industry Data Security Standard (PCI DSS)
B. General Data Protection Regulation (GDPR)
C. Interconnection security agreement (ISA)
D. Non-disclosure agreement (NDA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 832). Packt Publishing. Kindle Edition.
A. Payment Card Industry Data Security Standard (PCI DSS)
Explanation:
Storage and processing of customer card details will be subject to PCI DSS compliance
Eva is the CISO for a global stocks and shares trading site. She is performing a risk assessment that focuses on customer data being stored and transmitted. Customers are mainly based in North America with a small percentage based globally, including Europe. When it comes to considering regulatory and legal requirements, which of the following will be the most important?
A. General Data Protection Regulation (GDPR)
B. Payment Card Industry Data Security Standard (PCI DSS)
C. International Organization for Standardization (ISO)
D. Federal Information Security Management Act (FISMA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 832-833). Packt Publishing. Kindle Edition.
A. General Data Protection Regulation (GDPR)
Explanation:
As this is not government or payment card data then the focus will be on customers based in the EU
A US smartcard manufacturer needs to sell its products in a global market. They need to ensure that the technology is not sold to countries or governments that are hostile to the US. What guidance or regulations should they consult?
A. Due care
B. Export controls
C. Legal holds
D. E-discovery
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 833). Packt Publishing. Kindle Edition.
B. Export controls
Explanation:
This is important when you are exporting technology
A government department has data privacy requirements and they need to have employees and service providers sign this agreement. They should be made aware of the strict terms of this agreement and the penalties that may be forthcoming if these requirements/standards are not met. What type of agreement will be important?
A. Service-level agreement (SLA)
B. Master service agreement (MSA)
C. Non-disclosure agreement (NDA)
D. Memorandum of understanding (MOU)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 833). Packt Publishing. Kindle Edition.
C. Non-disclosure agreement (NDA)
Explanation:
This is legally enforceable and protect intellectual property
A large multinational company intends to purchase multiple products on a rolling contract from a CSP. They need to document, payment terms, dispute resolution, intellectual property ownership, and geographic operational locations within the scope of the contract. What type of contract would be the most suitable?
A. Service-level agreement (SLA)
B. Master service agreement (MSA)
C. Memorandum of understanding (MOU)
D. Operational-level agreement (OLA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 833-834). Packt Publishing. Kindle Edition.
B. Master service agreement (MSA)
Explanation:
This is useful when it is necessary to set baseline terms for future services
A global pharmaceutical company would like to build resiliency into its network connections. They are working with an ISP, who proposes a highly available MPLS solution. To ensure the vendor can deliver the service at 99.999% uptime, what documentation will be important?
A. Service-level agreement (SLA)
B. Memorandum of understanding (MOU)
C. Interconnection security agreement (ISA)
D. Operational-level agreement (OLA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 834). Packt Publishing. Kindle Edition.
A. Service-level agreement (SLA)
Explanation:
This will allow the customer and the service provider to agree upon delivered services and the metrics that will be used to measure performance
A software development company and a mobile phone manufacturer have entered a business partnership. The business partners need to share data during a series of upcoming projects. This agreement will stipulate a timeline for the information exchange to be supported, security requirements, data types that will be exchanged, and the actual sites that will be part of the data interchange. What documentation best details these requirements?
A. SLA
B. MSA
C. MOU
D. ISA
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 834-835). Packt Publishing. Kindle Edition.
D. ISA
Explanation:
Interconnection security agreement (ISA). This is important for documenting the details when a connection is made between two or more parties
A regional healthcare provider needs to address ever-escalating costs. They propose to host some of the information systems with a CSP. The healthcare provider needs assurances that any sensitive data will be protected by the service provider, and that agreed-upon steps are in place if data breaches or any adverse action were to occur. What document would address these requirements?
A. Non-disclosure agreement (NDA)
B. Memorandum of understanding (MOU)
C. Interconnection security agreement (ISA)
D. Operational-level agreement (OLA)
E. Privacy-level agreement (PLA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 835). Packt Publishing. Kindle Edition.
E. Privacy-level agreement (PLA)
This is important when you are looking to assure customers who must adhere to strict regulatory compliance
+A government agency begins an investigation on an employee suspected of stealing company intellectual property (IP). What must be done first to ensure the data is not deleted?
A. Due care
B. Export controls
C. Legal holds
D. E-discovery
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 835). Packt Publishing. Kindle Edition.
C. Legal holds
Explanation:
This ensures that the data will be retained for any legal process
A company has several internal business units. The business units are semi-autonomous but need to support each other for the business to be efficient. To ensure the business units can work together, it is important to document responsibilities for each business unit. This document will not be written by lawyers and is intended to formalize previous verbal agreements. What documentation would best suit this requirement?
A. Service-level agreement (SLA)
B. Master service agreement (MSA)
C. Memorandum of understanding (MOU)
D. Interconnection security agreement (ISA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 835-836). Packt Publishing. Kindle Edition.
C. Memorandum of understanding (MOU)
Explanation:
This is not a legal document but it can be very useful when there needs to be co-operation between two or more parties
An aerospace sub-contractor supplies parts to a major commercial aircraft manufacturer. The SLAs are very strict, with financial penalties for transgressions. Mission-critical processes must be identified within the subcontractor’s plant to avoid any lengthy production delays. What metric can be used by the company to ensure a critical service will be operational within the specified timeframe?
A. Recovery point objective
B. Recovery time objective
C. Recovery service level
D. Mission essential functions
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 836). Packt Publishing. Kindle Edition.
B. Recovery time objective
Explanation:
Recovery time objective is planning objective that is set by stakeholders within the business. It may be cost driven and requires careful consideration
A public transportation provider has recently completed a BIA and has determined that the Continuity of Operations Plan (COOP) will require an alternative site to be available in the event of a major incident at the main operational site. The planning team has identified a requirement for a site, housing equipment, and facilities ready for the business to use. Personnel and data will need to be moved to the site to become operational. What have they identified?
A. Cold site
B. Warm site
C. Hot site
D. Mobile site
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 836-837). Packt Publishing. Kindle Edition.
B. Warm site
Explanation:
A warm site will not be as costly as a host site but will not be operational until data is restored and staff are available to operate the site
A CISO for a cellular telephony provider is working with a Cloud Service Provider (CSP) to define expected day-to-day computing needs. The company wants to be able to choose a plan where spikes in demand result in additional compute resources being automatically provisioned. What technology would best meet this requirement?
A. Autoscaling
B. Caching
C. Bootstrapping
D. Clustering
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 837). Packt Publishing. Kindle Edition.
A. Autoscaling
Explanation:
This allows the company to access additional computing power using automation
A company wants to be more flexible concerning employee work/life balance. To allow for this cultural change, remote access and working from home will become widespread. Senior management has concerns about data security, as most of the company information systems are now cloud-based. The concerns that were discussed include the following: Data loss prevention Control over native features of cloud services, such as collaboration and sharing User and entity behavior analytics (UEBA) Configuration auditing Malware detection Data encryption and key management Context-based access control As employees will not be connected to the company network, various management concerns must be addressed. What solution would best address these concerns?
A. NGFW
B. CASB
C. DLP
D. SWG
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 837-838). Packt Publishing. Kindle Edition.
B. CASB
Explanation:
The company data must be protected in the cloud. Not all users will originate from a company network, so NGFW and SWG will not work. DLP does not address all the requirements
What form of testing uses stakeholder involvement to assess the effectiveness of the plan? Scenarios can be discussed and actions that need to be performed can be evaluated. This exercise ensures the Disaster Recovery Team (DRT) or Cyber Security Incident Response Team (CSIRT) do not need to perform exhaustive testing until the plans are fine-tuned.
A. Checklist
B. Walk-through
C. Tabletop exercises
D. Full interruption test
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 838). Packt Publishing. Kindle Edition.
C. Tabletop exercises
Explanation:
Stakeholders will discuss how they will act when dealing with a presented scenario
A cloud customer needs workloads to be rapidly deployed to support a large and diverse customer base. One important requirement is to allow virtualized infrastructure to be deployed, where configuration is applied to a compute node or cluster as it boots up from a standard image (such as Linux, Unix, or Windows). What technology would best suit this requirement?
A. Autoscaling
B. Distributed allocation
C. Bootstrapping
D. Replication
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 839). Packt Publishing. Kindle Edition.
C. Bootstrapping
Explanation:
This allows the automated deployment of customized workloads from a standard base image. PowerShell Desired State Configuration (DSC) is an example of this technology
A news delivery platform provider needs to deliver content in the form of web pages, media, and images to worldwide consumers. The requirement is for geographically dispersed servers using caching to ensure that data is available on the edge of the network, where users or customers will benefit from lower latency. What technology would best suit this requirement?
A. Autoscaling
B. Distributed network
C. Content delivery network
D. Replicated network
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 839). Packt Publishing. Kindle Edition.
C. Content delivery network
Explanation:
This allows the timely delivery of time sensitive services and reduces latency