Question: Domain 1 (Security and Risk Management)

A multinational organization is migrating its data to a third-party cloud provider. The Chief Information Security Officer (CISO) is concerned about maintaining compliance with various international privacy regulations. What is the BEST way to ensure the cloud provider meets the organization’s security requirements?

A. Conduct a point-in-time vulnerability scan of the provider’s infrastructure.
B. Include "right-to-audit" clauses and Require Service Level Agreements (SLAs).
C. Review the provider’s SOC 2 Type II report and audit results.
D. Implement a Cloud Access Security Broker (CASB) to monitor traffic.

3 comments