Domain 4 - Compliance and Audit Management Flashcards

1
Q

True/False: Organizations face new challenges as they migrate from traditional data centers to the cloud.
Delivering, measuring, and communicating compliance with a multitude of regulations across
multiple jurisdictions are among the largest of these challenges.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_______ validates awareness of and adherence to corporate obligations (e.g., corporate
social responsibility, ethics, applicable laws, regulations, contracts, strategies and policies).

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_______ are a key tool for proving (or disproving) compliance

A

Audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

________ is a tool of governance; it is how an organization assesses, remediates, and proves it is meeting these internal and external obligations

A

Compliance management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

True/False: Customer is always ultimately responsible for their own compliance. These responsibilities are defined through contracts, audits/assessments, and specifics
of the compliance requirements.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

With _________ the cloud provider’s infrastructure is out of scope for a customer’s compliance audit, but everything the customer configures and builds on top of the certified services is still within scope.

A

compliance inheritance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True/False: Not all features and services within a given cloud provider are necessarily compliant and certified/audited with respect to all regulations and standards. It is incumbent on the cloud provider to communicate
certifications and attestations clearly, and for customers to understand the scopes and limitations.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True/False:Audits and assessments are mechanisms to document compliance with internal or external
requirements (or identify deficiencies). Reporting needs to include a compliance determination, as
well as a list of identified issues, risks, and remediation recommendations.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An _______ is a legal statement from a third party, which can be used as their statement
of audit findings. it is a key tool when evaluating and working with cloud providers since
the cloud customer does not always get to perform their own assessments.

A

Attestation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

________ includes the management of all activities related to audits and assessments,
such as determining requirements, scope, scheduling, and responsibilities.

A

Audit management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True/False:Multiple on-premises audits from large numbers
of cloud customers present clear logistical and security challenges, especially when the provider relies on
shared assets to create the resource pools.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True/False: Customers working with these cloud providers will have to rely more on third-party attestations rather than audits they perform themselves

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Refers to Cloud Security Alliance central repository for providers to publicly release certifications and attestation documents.

A

CSA Star Registry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True/False: It’s important to remember that attestations and certifications are point-in-time activities. An
attestation is a statement of an “over a period of time” assessment and may not be valid at any
future point

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

______ are the logs, documentation, and
other materials needed for audits and
compliance; they are the evidence to support
compliance activities. Both providers and
customers have responsibilities for producing
and managing these.

A

Artifacts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly