Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 216

In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:

• Only multitenant cloud hosting

• Minimal physical security

• Few access controls

• No access to the data center

The following information has been uncovered:

• The company is located in a known floodplain. which flooded last year.

• Government regulations require data to be stored within the country.

Which of the following should be addressed FIRST?

Update the disaster recovery plan to account for natural disasters.

Establish a new memorandum of understanding with the cloud provider.

Establish a new service-level agreement with the cloud provider.

Provision services according to the appropriate legal requirements.

Correct Answer: D

The most critical requirement to address first is compliance with government regulations. Since the company requires all data to be stored within the country due to legal obligations, ensuring that the current cloud provider complies with this rule is paramount. Failure to comply with legal requirements can lead to severe penalties and legal actions. Any potential issues such as natural disasters, while important, should be addressed after ensuring that the fundamental legal and regulatory requirements are met.

Discussion

OneSaintOption: D

Changing to D, legal requirement takes priority due to compliance, addressing floodpain issue can be next.

BroesweeliesOption: D

I think its D

FOURDUE

anyone have a thought on this answer? lost on this one.

last_resortOption: D

Legal first

g_Option: D

always follow the legal requirements

CockOption: D

D. Provision services according to the appropriate legal requirements should be addressed FIRST. As per the given information, the government regulations require data to be stored within the country. Therefore, it is necessary to ensure that the cloud provider is meeting this legal requirement. This should be the first priority as failing to comply with legal requirements can lead to severe consequences, such as legal actions or penalties.

smqzbqOption: D

D, all other do not take into account storing data in same country.

EAlonsoOption: D

D for sure

armidOption: C

create SLA to make sure data stays in the same country at all times

ThatGuyOverThereOption: C

I'm going with C. They need to ensure they have an agreement on where their data will be hosted. Sounds like you just tryin to provision the data the way that is legally required may not be possible in this situation. You need to ensure the company is held liable to keep your data upon the agreement of an SLA. https://www.linkedin.com/pulse/five-things-look-cloud-service-level-agreement-puffersoft

armid

ditto, the provider holds the data, not you. So provision in compliance sure would be nice if you could do it. Your options are either change provider (which is not an option in the answers) or create new SLA with existing provider to hold them accoutable for data residency. For example that they dont move your data to another country when they get flooded :-)

Serliop378Option: A

You have to take a risk assessment approach: is the flood happens again=> big downtime and even the and of the business with the databases lost. Overall risk level (extreme because of high probability and critical impact) If you do not respect the legal requirements you pay a fine (Major overall risk due to high probability and medium impact).

OneSaintOption: A

Think the Disaster Recovery Plan should be the primary concern. I'll go with A.