DOMAIN 4 -COMPLIANCE IMPACT ON CLOUD CONTRACTS, COMPLIANCE SCOPE Flashcards

1
Q

_______ validates awareness of and adherence to corporate obligations (e.g., corporate social responsibility, ethics, applicable laws, regulations, contracts, strategies and policies).

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_______ are a key tool for proving (or disproving) compliance

A

Audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

________ is a tool of governance; it is how an organization assesses, remediates, and proves it is meeting these internal and external obligations.

A

Compliance management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_________, in particular, typically have strong implications for information technology and its
governance, especially in terms of monitoring, management, protection, and disclosure

A

Regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

________ are thus an important tool to assure compliance, and evaluation and testing of these controls is a core activity for security professionals

A

Security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

As with security, compliance in the cloud is a ______ model.

A

shared responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

the customer is always ultimately responsible for their own ________.

A

compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cloud customers, particularly in ________, must rely more on third-party attestations of the provider to understand their compliance alignment and gaps.

A

public cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Many cloud providers are certified for various regulations and industry requirements, such as PCI
DSS, SOC1, SOC2, HIPAA, best practices/frameworks like CSA CCM, and global/regional regulations like the EU GDPR. These are sometimes referred to as _______audits.

A

pass-through

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A pass-through audit is a form of ______

A

compliance inheritance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

compliance inheritance. In this model all or some of the cloud provider’s ________ undergo an audit to a compliance standard. The provider takes responsibility for the costs and maintenance of these certifications.

A

infrastructure and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

It is still the responsibility of the customer to build _____ applications and services on the cloud

A

compliant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This means the provider’s infrastructure/services are not within scope of a customer’s ________. But everything the customer builds themselves is still within scope.

A

audit/ assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Not all features and services within a given cloud provider are necessarily compliant and ______ with respect to all regulations and standards.

A

certified/audited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly