ISC CCSP Practice Test - Questions Answers, Page 12

During any audit, regulations are the most important factor and guidelines for what must be tested. Although the requirements from management, stakeholders, and shareholders are also important, regulations are not negotiable and pose the biggest risk to any organization for compliance failure.

The recovery point objective (RPO) is defined as the amount of data a company would need to maintain and recover in order to function at a level acceptable to management. This may or may not be a restoration to full operating capacity, depending on what management deems as crucial and essential.

Simple Object Access Protocol (SOAP) uses Extensible Markup Language (XML) for passing data, and it must rely on the encryption of those data packages for security.

Puppet is a commonly used tool for maintaining system configurations based on policies, and done so from a centralized authority.

DRM applies to the protection of consumer media, such as music, publications, video, movies, and soon.

Penetration testing involves using the same strategies and toolsets that hackers would use against a system to discovery potential vulnerabilities.

When a security professional is considering cloud solutions for BCDR, a top concern is the jurisdiction where the cloud systems are hosted. If the jurisdiction is different from where the production systems are hosted, they may be subjected to different regulations and controls, which would make a seamless BCDR solution far more difficult.

In order to obtain and comply with certifications, independent external audits must be performed and satisfied. Although some testing of certification controls can be part of an internal audit, they will not satisfy requirements.

Regardless of which cloud-hosting model is used, the cloud customer always has sole responsibility for the data and its security.