CAS-004 • Practice Test 37
Free CAS-004 practice test — 15 questions with explanations. Set 37. No signup required.
A mid-sized healthcare organization processes protected health information (PHI) and must comply with HIPAA and the GDPR for its EU patients. The organization uses a hybrid cloud environment with on-premises servers and AWS. Recently, an employee's laptop was stolen containing unencrypted PHI. The incident response team was activated. The security architect must determine the best course of action to address compliance obligations. The organization has a data classification policy, but it is not consistently enforced. A business continuity plan exists but has not been tested in two years. The CEO is concerned about reputational damage and legal liability. Which of the following should the security architect recommend FIRST?