CCSK Exam Dumps - Cloud Security Alliance Cloud Security Knowledge Questions and Answers

A general lack of interoperability standards means that extra focus must be placed on the security aspects of migration between Cloud providers.

The size of data sets hosted at a Cloud provider can present challenges if migration to another provider becomes necessary.

Customers of SaaS providers in particular need to mitigate the risks of application lock-in.

Clients need to do business continuity planning due diligence in case they suddenly need to switch providers.

Geographic redundancy ensures that Cloud Providers provide highly available services.

The metrics defining the service level required to achieve regulatory objectives.

The duration of time that a security violation can occur before the client begins assessing regulatory fines.

The cost per incident for security breaches of regulated information.

The regulations that are pertinent to the contract and how to circumvent them.

The type of security software which meets regulations and the number of licenses that will be needed.

More efficient and timely system updates

ISO 27001 certification

Provider can obfuscate system O/S and versions

Greater compatibility with customer IT infrastructure

Lock-In

Configuring secondary authentication

Establishing multiple accounts

Maintaining tight control of the primary account holder credentials

Implementing least privilege accounts

Configuring role-based authentication

Risk Impact

Domain

Control Specification

False

True

Application logic

Access controls

Encryption solutions

Physical destruction

Asset management and tracking

The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.

The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company’s overall security posture in an efficient manner.

The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

False

True

Data Security and Encryption

Information Governance

Incident Response, Notification and Remediation

Compliance and Audit Management

Infrastructure Security