Fill This Form To Receive Instant Help
Homework answers / question archive / The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure
The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws.
1. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data?
A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers
B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location
C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations
D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.
2. Which of the following can be used to control specific commands that can be executed on a network infrastructure device?
A. LDAP
B. Kerberos
C. SAML
D. TACACS+
3. When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two.)
A. Use of performance analytics
B. Adherence to regulatory compliance
C. Data retention policies
D. Size of the corporation
E. Breadth of applications support
First Question:
Option (C) is the correct answer.
The banking corporation should store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations in order to provide the most complete protection of data.
Option (A) is incorrect as it will also provide data security, but it is not the best choice for the given scenario.
Option (B) is incorrect as it will also provide data security, but it is not the best choice for the given scenario.
Option (D) is incorrect as it will also provide data security, but it is not the best choice for the given scenario.
Second Question:
Option (D) is the correct answer.
TACACS+ can be used to control specific commands that can be executed on a network infrastructure device.
Option (A) is incorrect as it can't be used to control specific commands that can be executed on a network infrastructure device.
Option (B) is incorrect as it can't be used to control specific commands that can be executed on a network infrastructure device.
Option (C) is incorrect as it can't be used to control specific commands that can be executed on a network infrastructure device.
Third Question:
Option (B) and (C) are the correct answers.
The following two standards should be included in the security assessment process when considering a third-party cloud service provider:
(i) Adherence to regulatory compliance and
(ii) Data retention policies.
Option (A) is incorrect as use of performance analytics should not be included in the security assessment process when considering a third-party cloud service provider.
Option (D) is incorrect as size of the corporation should not be included in the security assessment process when considering a third-party cloud service provider.
Option (E) is incorrect as breadth of application's support should not be included in the security assessment process when considering a third-party cloud service provider.