Chapter 15 Business Continuity and Disaster Recovery Flashcards
What must a government agency consider when planning to store sensitive2 data with a global CSP?
A. Data sovereignty
B. Data ownership
C. Data classification
D. Data retention
A. Data sovereignty
Who is accountable for the storage and protection of customer data? They must ensure that they implement controls to meet legal and regulatory requirements
A. Data controller
B. Data protection officer
C. Data processor
D. Supervisory authority
A. Data controller
A CISO is assessing regulatory requirements for hospital employees and patient data (within Europe). What type of information will need to be protected and which regulation will be most important? (Choose two)
A. GDPR
B. Financial records
C. Intellectual property
D. PII
E. COPPA
A. GDPR
D. PII
A multinational company wants the assurance that data will not be accessible when their contract with a CSP expires. What technology may be applicable?
A. Cryptoerase
B. Pulping
C. Shredding
D. Degaussing
A. Cryptoerase
A global automobile manufacturer must ensure that its products are compatible with its worldwide customer base. What regulations or standards will be most important?
A. Export control regulations
B. General Data Protection Regulation (GDPR)
C. International Organization for Standardization (ISO)
D. National Institute of Standards and Technology (NIST)
C. International Organization for Standardization (ISO)
A SaaS provider has several products designed to attract a young audience, while revenue is generated by advertising and subscriptions within the US. What regulations will be the most important for the provider?
A. Capability Maturity Model Integration (CMMI)
B. National Institute of Standards and Technology (NIST)
C. Children’s Online Privacy Protection Act (COPPA)
D. Cloud Security Alliance (CSA) Trust Assurance and Risk (STAR)
C. Children’s Online Privacy Protection Act (COPPA)
A SaaS provider has several commercial products to assist with an automobile manufacturer. They must assure potential customers that the cloud provider is secure and trustworthy.. What accreditation can the SaaS provider attain to appeal to its customers?
A. Internation Organization for Standardization (ISO)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Cloud Security Alliance (CSA) Trust Assurance and Risk (STAR)
D. Cloud Security Alliance (CSA) Trust Assurance and Risk (STAR)
A software develpment company is trying to win a contract for a US Federal Government agency. They must assure the customer that they have a robust security framework for the delivery of software and services. What is the most relevant?
A. Internation Organization for Standardization (ISO)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Cloud Security Alliance (CSA) Trust Assurance and Risk (STAR)
B. Capability Maturity Model Integration (CMMI)
What compliance will be most important to a US based e-commerce retailer with respect to the storage of cardholder data and electronic transactions?
A. Payment Cared Industry Data Security Standard (PCI DSS)
B. International Organization for Standardization (ISO)
C. Interconnection Security Agreement (ISA)
D. Non Disclosure Agreement (NDA)
A. Payment Cared Industry Data Security Standard (PCI DSS)
A smartcard manufacturer needs to sell products to a global market. They need to show compliance using internationally agreed upon protocols. What would be a useful accreditation or assurance that their products have been evaluated and will meet the security requirements of their customers?
A. International Organization for Standardization (ISO)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Common Criteria (CC)
D. Common Criteria (CC)
What regulatory body is intended to protect the personal data of EU citizens?
A. General Data Protection Regulation (GDPR)
B. National Institute of Standards and Technology (NIST)
C. International Organization for Standardization (ISO)
D. Common Criteria (CC)
A. General Data Protection Regulation (GDPR)
A US smartcard manufacturer needs to sell its products in a global market. They need to ensure the technology is not sold to countries or governments hostile to the US. What guidance or regulations should they consult?
A. Due care
B. Export Controls
C. Legal Holds
D. E Discovery
B. Export Controls
A government department has privacy requirements, and they need to have employees and service providers sign this agreement. They should be made aware of the strict terms of this agreement and the penalties that may be forthcoming. What type of agreement will be important?
A. Service Level Agreement (SLA)
B. Master Service Agreement (MSA)
C. Non disclosure agreement (NDA)
D. Operational Level Agreement (OLA)
C. Non disclosure agreement (NDA)
A large multinational company intends to purchase multiple products on a rolling contract from a CSP. They need to document payment terms, dispute resolution, intellectual property ownership, and geographic operational locations within the scope of the contract. What type of contract would be most suitable?
A. Service Level Agreement (SLA)
B. Master Service Agreement (MSA)
C. Memorandum of Understanding (MOU)
D. Operational Level Agreement (OLA)
B. Master Service Agreement (MSA)
A company would like to build resiliency into its network connections. They are working with an ISP that proposes a highly available MPLS solution. TO ensure the vendor is able to deliver the service with 99.999% uptime, what documentation will be important?
A. Service Level Agreement (SLA)
B. Memorandum of Understanding (MOU)
C. Interconnection security agreement (ISA)
D. Operational Level Agreement (OLA)
A. Service Level Agreement (SLA)
