ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A cloud customer stores financial transaction logs in an object-storage bucket. Regulations mandate that each log must remain tamper-proof for seven years and be automatically deleted when that period ends, unless a regulator issues a legal hold that temporarily blocks deletion. Which control best meets both requirements without manual intervention?
Encrypt the logs with customer-managed keys rotated annually
Enable versioning on the bucket and schedule monthly deletion of non-current versions
Configure write-once-read-many (WORM) object storage with a retention rule and legal-hold capability
Replicate the bucket to a secondary region and attach a read-only IAM policy
Write-once-read-many (WORM) object storage enforces immutability by preventing anyone-including administrators-from altering or deleting objects for the configured retention period. The same services typically offer a separate legal-hold flag. While the legal hold is active, deletion is blocked even if the retention period has already expired; once the hold is lifted, objects whose seven-year timer has elapsed become eligible for automatic deletion. Replication, encryption, and versioning can add protection, but none of them guarantee both time-based deletion and regulator-triggered suspension of deletion.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does WORM object storage guarantee immutability?
Open an interactive chat with Bash
What is the role of a legal-hold flag in storage systems?
Open an interactive chat with Bash
Why don't replication, encryption, or versioning meet the requirements for tamper-proof storage?
Open an interactive chat with Bash
What is WORM storage and how does it ensure tamper-proof data?
Open an interactive chat with Bash
How does a legal-hold flag work in cloud object storage?
Open an interactive chat with Bash
Why don't replication, encryption, or versioning meet both requirements?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .