ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A financial-services firm is migrating its card-payment gateway to a public IaaS provider. Management wants independent evidence that the chosen provider both (1) follows industry-recognized, cloud-specific security controls and (2) is formally assessed for protecting cardholder data. Which combination of third-party attestations would BEST satisfy these two requirements with minimal overlap?
ISO/IEC 27001 certification and a SOC 2 Type II attestation
FedRAMP Moderate Authorization to Operate (ATO) and ISO 9001 certification
ISO/IEC 27701 certification and CSA STAR Self-Assessment (Level 1)
ISO/IEC 27017 certification and a PCI DSS Report on Compliance (ROC)
ISO/IEC 27017 provides guidance on implementing and auditing security controls that are tailored to cloud service providers and customers, extending the more general ISO/IEC 27002. A validated PCI DSS Report on Compliance (ROC) confirms that an assessor has examined the provider's environment and found it meets all technical and procedural requirements for handling cardholder data. Together they cover cloud-specific security and payment-card protections.
ISO/IEC 27001 plus SOC 2 does not specifically address payment-card controls. ISO/IEC 27701 with CSA STAR Level 1 adds privacy and a self-attested security questionnaire but lacks the independent assessment of PCI DSS. FedRAMP Moderate and ISO 9001 focus on U.S. federal requirements and quality management, not PCI compliance or cloud-specific security guidance. Therefore, the pairing of ISO/IEC 27017 and a PCI DSS ROC is the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ISO/IEC 27017 certification?
Open an interactive chat with Bash
What is a PCI DSS Report on Compliance (ROC)?
Open an interactive chat with Bash
How do ISO/IEC 27017 and PCI DSS ROC work together?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .