A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information?
B. Responsibility matrix
"Identifies that responsibility for the implementation of security as applications, data, and workloads are transitioned into a cloud platform are shared between the customer and the cloud service provider (CSP)." CertMaster Learn CompTIA Card 262
The customer (company) and the CSP (Cloud Service Provider, e.g., Amazon, Google, etc.) have a contract. Both parties want to identify their responsibilities regarding security controls and implementation. Which contract document includes this responsibilities information?
Clearly, it is written in the Responsibility Matrix.
B. Responsibility matrix
Explanation:
A responsibility matrix outlines which party (the customer or the cloud service provider) is responsible for implementing specific controls in a cloud environment, such as in an IaaS (Infrastructure as a Service) enclave. It is a key component in determining the division of responsibilities for security, compliance, and operational tasks.
Why not the other options?
A. Statement of work:
A statement of work (SOW) defines the scope of a project, deliverables, and timelines but does not specifically address control implementation responsibilities.
C. Service-level agreement:
A service-level agreement (SLA) focuses on performance metrics (e.g., uptime, availability) but does not detail security control responsibilities.
Responsibility Matrix
Responsibility Matrix, defines the specific roles and responsibilities of each party- CSP and Customer (Of IaaS model) . Details such as which controls are the responsibility of CSP (Physical security, hardware maintenance) and which are of the Customer(Data security, application configuration )
A Service-Level Agreement (SLA) is the most likely document to contain information about the controls that should be implemented in an IaaS (Infrastructure as a Service) enclave.
SLAs outline the specific services provided by the CSP and the agreed-upon performance and security standards.
They typically include details on:
Security controls: Such as access control mechanisms, encryption, and data protection measures.
Service availability: Guarantees regarding uptime and performance.
Support services: Levels of support provided by the CSP.
Security incident response procedures: How security incidents will be handled and resolved.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Konversation
1 week agoitsgonnabemay
1 month ago9149f41
1 month, 4 weeks agoAnyio
2 months agoumavaja
2 months, 1 week agoProudFather
3 months ago