CAS-004 Exam QuestionsBrowse all questions from this exam
Go to Exam

CAS-004 Exam - Question 216

In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:

• Only multitenant cloud hosting

• Minimal physical security

• Few access controls

• No access to the data center

The following information has been uncovered:

• The company is located in a known floodplain. which flooded last year.

• Government regulations require data to be stored within the country.

Which of the following should be addressed FIRST?

Show Answer
Correct Answer: AD

The most critical requirement to address first is compliance with government regulations. Since the company requires all data to be stored within the country due to legal obligations, ensuring that the current cloud provider complies with this rule is paramount. Failure to comply with legal requirements can lead to severe penalties and legal actions. Any potential issues such as natural disasters, while important, should be addressed after ensuring that the fundamental legal and regulatory requirements are met.

Discussion

12 comments
Sign in to comment
OneSaintOption: D
Feb 21, 2023

Changing to D, legal requirement takes priority due to compliance, addressing floodpain issue can be next.

FOURDUE
Feb 9, 2023

anyone have a thought on this answer? lost on this one.

BroesweeliesOption: D
Mar 6, 2023

I think its D

smqzbqOption: D
Mar 11, 2023

D, all other do not take into account storing data in same country.

CockOption: D
Mar 15, 2023

D. Provision services according to the appropriate legal requirements should be addressed FIRST. As per the given information, the government regulations require data to be stored within the country. Therefore, it is necessary to ensure that the cloud provider is meeting this legal requirement. This should be the first priority as failing to comply with legal requirements can lead to severe consequences, such as legal actions or penalties.

g_Option: D
Mar 28, 2023

always follow the legal requirements

last_resortOption: D
Apr 7, 2023

Legal first

OneSaintOption: A
Feb 17, 2023

Think the Disaster Recovery Plan should be the primary concern. I'll go with A.

Serliop378Option: A
Mar 9, 2023

You have to take a risk assessment approach: is the flood happens again=> big downtime and even the and of the business with the databases lost. Overall risk level (extreme because of high probability and critical impact) If you do not respect the legal requirements you pay a fine (Major overall risk due to high probability and medium impact).

ThatGuyOverThereOption: C
Oct 27, 2023

I'm going with C. They need to ensure they have an agreement on where their data will be hosted. Sounds like you just tryin to provision the data the way that is legally required may not be possible in this situation. You need to ensure the company is held liable to keep your data upon the agreement of an SLA. https://www.linkedin.com/pulse/five-things-look-cloud-service-level-agreement-puffersoft

armid
Jul 4, 2024

ditto, the provider holds the data, not you. So provision in compliance sure would be nice if you could do it. Your options are either change provider (which is not an option in the answers) or create new SLA with existing provider to hold them accoutable for data residency. For example that they dont move your data to another country when they get flooded :-)

armidOption: C
Jul 4, 2024

create SLA to make sure data stays in the same country at all times

EAlonsoOption: D
Jul 13, 2024

D for sure