CompTIA CySA+ (CS0-001) — Question 180

The board of directors made the decision to adopt a cloud-first strategy. The current security infrastructure was designed for on-premises implementation. A critical application that is subject to the Federal Information Security Management Act (FISMA) of 2002 compliance has been identified as a candidate for a hybrid cloud deployment model. Which of the following should be conducted FIRST?

Answer options

• A. Develop a request for proposal.
• B. Perform a risk assessment.
• C. Review current security controls.
• D. Review the SLA for FISMA compliance.

Correct answer: C

Explanation

The first priority should be to review current security controls to ensure they are adequate for a cloud environment, especially given the compliance requirements of FISMA. Although a risk assessment and reviewing the SLA are important, they come after understanding the existing security framework. Developing a request for proposal is also premature without a clear understanding of current controls.