Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A German retailer is negotiating a long-term contract with a U.S.-based SaaS provider that will store customer purchase histories (which include names, addresses, and loyalty card numbers) in data centers located in Virginia and replicate encrypted backups to a facility in Singapore. Before approving the design, the company's legal team asks the cloud security professional to identify the primary legal risk that must be evaluated for this architecture. Which risk should be highlighted first?

  • Cross-border transfer of EU personal data to a non-adequate jurisdiction, creating potential non-compliance with GDPR requirements.

  • Violation of U.S. export control regulations governing strong cryptographic functionality embedded in the SaaS application.

  • Failure of the cloud provider's overseas facilities to maintain ISO/IEC 27001 certification for information security management.

  • Non-compliance with international data-center energy efficiency directives applicable outside the European Union.

ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot