Chapter 14 Compliance Frameworks Flashcards
What must a government agency consider when planning to store sensitive data with a global CSP?
A. Data sovereignty
B. Data ownership
C. Data classification
D. Data retention
A. Data sovereignty
Who is accountable for the storage and protection of customer data?
They must ensure that they implement controls to meet legal and regulatory requirements
A. Data controller
B. Data protection officer
D. Data processor
D. Supervisory Authority
A. Data controller
A CISO is assessing regulatory requirements for hospital employees and patient data (within Europe). What typer of information will need to be protected and which regulation will be most important?
A. GDPR
B. Financial records
C. Intellectual property
D. PII
E. COPPA
A. GDPR
E. COPPA
A multinational company wants the assurance that data will not be accessible when their contract with a CSP expires. What technology may be application?
A. Crypto erase
B. Pulping
C. Shredding
D. Degaussing
A. Crypto erase
A global automobile manufacturer must ensure that its products are compatible with its worldwide customer base. What regulations or standards will be most important?
A. Export control regulations
B. General Data Protection Regulation (GDPR)
C. International Organization for Standardization (ISO)
D. National Institute of Standards and Technology (NIST)
C. International Organization for Standardization (ISO)
A SaaS provider has several products designed to attach a young audience, while revenue is generated by advertising and subscriptions with the US. What regulations will be the most important for the provider?
A. Capability Maturity Model Integration (CMMI)
B. National Institute of Standards and Technology (NIST)
C. Children’s Online Privacy Protection Act (COPPA)
D. Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
C. Children’s Online Privacy Protection Act (COPPA)
A SaaS provider has several commercial products to assist with an automobile manufacturer. They must assure potential customers that the cloud provider is secure and trustworthy. What accreditation can the SaaS provider attain to appeal to its customers?
A. International Organization for Standardization (ISO)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
D. Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
A software development company is trying to win a contract for a US Federal Government Agency. They must assure the customer that they have a robust security framework for the delivery of software and services. What is the most relevant?
A. International Organizattion for Standardization (ISO)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
B. Capability Maturity Model Integration (CMMI)
What compliance will be most important to a US based e-commerce retailer with respect to thee storage of cardholder data and electronic transactions?
A. Payment Card Industry Data Security Standard (PCI DSS)
B. International Organization for Standardization
C. Interconnection security Agreement (ISA)
D. Non disclosure agreement (NDA)
A. Payment Card Industry Data Security Standard (PCI DSS)
A smartcard manufacturer needs to sell product to a global market. They need to show compliance using internationally agreed upon protocols. What would be a useful accreditation or assurance that their products have been evaluated and will meet the security requirements of their customers?
A. Internal Organization for Standardization (ISO)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Common Criteria
D. Common Criteria
What regulatory body is intended to protect the personal data of EU citizens?
A. General Data Protection Regulation (GDPR)
B. National Institute of Standards and Technology (NIST)
C. International Organization for Standardization (ISO)
D. Common Criteria (CC)
A. General Data Protection Regulation (GDPR)
A US Smartcard manufacturer needs to sell its products in a global market. The y need to ensure that the technology is not sold to countries or governments hostile to the US. What guidance or regulations should they consult?
A. Due care
B. Export controls
C. Legal holds
D. E Discovery
B. Export controls
A governement department has data privacy requirements and they need to have employees and service providers sign this agreement. They should be made aware of the strict terms of this agreement and the penalties that may be forthcoming. What type of agreement will be important?
A. Service Level Agreement (SLA)
B. Master Service Agreement (MSA)
C. Non-disclosure agreement (NDA)
D. Memorandum of understanding (MOU)
C. Non-disclosure agreement (NDA)
A large multinational company intends to purchase multiple products on a rolling contract from a CSP. They need to document payment terms, dispute resolution, intellectual property ownership and geographic operational locations within the scope of the contract. What type of contract would be most suitable?
A. Service level agreement (SLA)
B. Master Service Agreement (MSA)
C. Memorandum of understanding (MOU)
D. Operational level agreement (OLA)
B. Master Service Agreement (MSA)
An organization would like to build resiliency into its network connections. They are working with an ISP that proposes a highly available MPLS solution. To ensure the vendor is able to deliver the service with 99.999% uptime, what documentation will be important?
A. Service level agreement (SLA)
B. Memorandum of understanding (MOU)
C. Interconnection security agreement (ISA)
D. Operational Level Agreement (OLA)
A. Service level agreement (SLA)
