Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?
Correct Answer: C
Question 52
What item below allows disparate directory services and independent security domains to be interconnected?
Correct Answer: A
Question 53
An auditor examining a cloud service provider's service level agreement (SLA) should be MOST concerned about whether:
Correct Answer: D
An auditor examining a cloud service provider's SLA should be most concerned about whether the agreement excludes any operational matters that are material to the service operations, as this could indicate a lack of transparency, accountability, and quality assurance from the provider. Operational matters are the aspects of the cloud service that affect its functionality, performance, availability, reliability, security, and compliance. Examples of operational matters include service scope, roles and responsibilities, service levels and metrics, monitoring and reporting mechanisms, incident and problem management, change management, backup and recovery, data protection and privacy, and termination and exit clauses12. These matters are material to the service operations if they have a significant impact on the achievement of the service objectives and expectations of the cloud customer. The auditor should verify that the SLA covers all the relevant and material operational matters in a clear and comprehensive manner, and that the provider adheres to the SLA terms and conditions. The other options are not the most concerning for the auditor. Option A is a desirable feature of an SLA, but not a concern if it is missing. Option B is an unrealistic expectation of an SLA, as sourcing and financial matters are usually essential in meeting the SLA. Option C is a specific example of an operational matter that is material to the service operations, but not the only one that should be included in the SLA. Reference: Cloud Services Due Diligence Checklist Cloud Computing: Agencies Need to Incorporate Key Practices to Ensure Effective Performance
Question 54
Your SLA with your cloudprovider ensures continuity for all services.
Correct Answer: A
Question 55
When reviewing a third-party agreement with a cloud service provider, which of the following should be the GREATEST concern regarding customer data privacy?
Correct Answer: A
Explanation When reviewing a third-party agreement with a cloud service provider, the greatest concern regarding customer data privacy is the return or destruction of information. This is because customer data may contain sensitive or personal information that needs to be protected from unauthorized access, use, or disclosure. The cloud service provider should have clear and transparent policies and procedures for returning or destroying customer data upon termination of the agreement or upon customer request. The cloud service provider should also provide evidence of the return or destruction of customer data, such as certificates of destruction, audit logs, or reports. The return or destruction of information should comply with applicable laws and regulations, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or the Health Insurance Portability and Accountability Act (HIPAA). The cloud service provider should also ensure that any subcontractors or affiliates that have access to customer data follow the same policies and procedures12. References: Cloud Services Agreements - Protecting Your Hosted Environment CSP agreements, price lists, and offers - Partner Center
