Exactprep 312-40 Questions

• GDPR: The General Data Protection Regulation (GDPR) is the primary law regulating how companies protect EU citizens’ personal data1.
• Applicability: GDPR applies to all organizations operating within the EU, as well as organizations outside of the EU that offer goods or services to customers or businesses in the EU1.
• Data Breaches: In the event of a data breach, organizations are required to notify the appropriate data protection authority within 72 hours, if feasible, after becoming aware of the breach2.
• Penalties: Organizations that do not comply with GDPR can face hefty fines. For serious infringements, GDPR states that companies can be fined up to 4% of their annual global turnover or €20 million (whichever is greater)1.
• Responsibility: Both the data controller and the processor will be held responsible for not adhering to the GDPR rules, which includes security breaches resulting in the loss of user data1.

References:

• GDPR Info on fines and penalties1.
• EDPB Guidelines on personal data breach notification under GDPR2.

AWS Config is the service that enables Kenneth to assess, audit, and evaluate the configurations of AWS resources.

• AWS Config: This service provides a detailed view of the configuration of AWS resources within the account. It includes a history of configuration changes and relationships between AWS resources, making it possible to review changes and determine overall compliance against internal guidelines1.
• Capabilities of AWS Config:
• Why Not the Others?:

References:

• AWS Config: Assess, audit, and evaluate configurations of your resources1.

Azure Information Protection (AIP) is a cloud-based solution that helps organizations classify and protect documents and emails by applying labels. AIP can be used to protect both data at rest and in transit, making it suitable for securely sharing classified information.

Here’s how AIP secures document sharing:

• Classification and Labeling: AIP allows administrators to classify data based on sensitivity and apply labels that carry protection settings.
• Protection: It uses encryption, identity, and authorization policies to protect documents and emails.
• Access Control: Only authorized users with the right permissions can access protected documents, even if the document is shared outside the organization.
• Tracking and Revocation: Administrators can track activities on shared documents and revoke access if necessary.
• Integration: AIP integrates with other Microsoft services and applications, ensuring a seamless protection experience across the organization’s data ecosystem.

References:

• Microsoft’s overview of Azure Information Protection, which details how it helps secure document sharing1.
• A guide on how to configure and use Azure Information Protection for protecting sensitive information2.

The Cloud Security Alliance’s Cloud Controls Matrix (CSA CCM) is a cybersecurity control framework that is specifically designed for cloud computing environments. It provides a detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.

Here’s how the CSA CCM is used:

• Assessment Tool: The CSA CCM serves as a tool for organizations to systematically assess their cloud implementations.
• Guidance on Security Controls: It provides guidance on which security controls should be implemented by specific actors within the cloud supply chain.
• STAR Registry: The CSA CCM is used as the standard for organizations to report their security posture on the CSA’s Security, Trust, Assurance, and Risk (STAR) registry.
• Comprehensive Framework: The CCM encompasses a wide range of security topics and is considered one of the most comprehensive frameworks for cloud security.
• Industry Standard: It is widely recognized and used as an industry standard for cloud security assurance and compliance.

References:

• The CSA CCM is referenced in numerous industry publications and is recommended by cloud security professionals for organizations looking to enhance their cloud security posture.
• The CSA’s STAR registry lists organizations that have adopted the CCM framework, providing transparency and assurance in cloud security.