CSA CCSK Exam - Topic 3 Question 23 Discussion

Actual exam question for CSA's CCSK exam

Question #: 23
Topic #: 3

[All CCSK Questions]

CCM: A hypothetical company called: ''Health4Sure'' is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.

Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?

AThe CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.

BThe CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.

CThe CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

Show Suggested Answer

Suggested Answer: C

by Daniel at May 05, 2022, 09:16 AM

Limited Time Offer

25%

Off

Get Premium CCSK Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jerry

5 months ago

B makes sense, efficiency and thoroughness in one go!

upvoted 0 times

...

Sherita

5 months ago

Wait, are the CCM domains really not mapped to HIPAA? That sounds off.

upvoted 0 times

...

Dyan

5 months ago

C seems excessive, why not leverage existing compliance?

upvoted 0 times

...

Jovita

5 months ago

I think B is better, thorough assessments matter.

upvoted 0 times

...

Eden

5 months ago

A is a smart choice, saves time for sure!

upvoted 0 times

...

Billye

5 months ago

I feel like we discussed how mapping could save time, but I wonder if skipping controls could lead to missing important security issues.

upvoted 0 times

...

Lashawn

5 months ago

I’m a bit confused about whether we should assess every control in the CCM. I thought mapping meant we could focus on the gaps instead.

upvoted 0 times

...

Lindsay

5 months ago

I remember that the CCM controls are indeed mapped to HIPAA/HITECH, but I'm not sure if that means we can skip some controls entirely.

upvoted 0 times

...

Mariko

6 months ago

I think option B sounds familiar from our practice questions. It emphasizes a thorough assessment while still being efficient, which seems like a good balance.

upvoted 0 times

...

Peter

6 months ago

Hmm, I'm a bit unsure about this one. I know we need some kind of Facebook integration, but I can't remember if it's the pixel or the SDK. I'll have to think this through carefully.

upvoted 0 times

...

Josue

6 months ago

Okay, let's think this through. The question is specifically asking about the impact of NAT on the use of AH, so I'm guessing the answer has to do with how NAT affects the packet headers and the ICV calculation.

upvoted 0 times

...

Alethea

6 months ago

I think the Alibaba Cloud Architecture Design Training could really help with the migration process, but I'm not entirely sure if it's the best choice.

upvoted 0 times

...