ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A German retailer is preparing to migrate its customer relationship data, which includes personally identifiable information, to a U.S.-based SaaS provider whose primary data centers are located in Virginia. During the project's legal risk review, you are asked to identify the most significant legal concern created by this hosting decision. Which issue should you flag for immediate mitigation?
Absence of multi-factor authentication for the provider's administrative accounts.
Inability to obtain a current SOC 2 Type II report from the U.S. provider.
Possible conflict between EU GDPR data-transfer restrictions and U.S. government lawful-access legislation such as the CLOUD Act.
Increased network latency caused by trans-Atlantic data paths.
Because the SaaS environment will store EU residents' PII in the United States, the retailer becomes subject to the EU GDPR's cross-border transfer restrictions. At the same time, the data may be subject to compelled disclosure under U.S. laws such as the CLOUD Act or USA PATRIOT Act. These potentially conflicting legal obligations around government access and privacy (data sovereignty/jurisdictional conflict) represent the primary legal risk that must be addressed through mechanisms such as Standard Contractual Clauses, supplementary controls, or alternative hosting arrangements. While obtaining SOC 2 reports, enforcing multi-factor authentication, and assessing latency are all valid considerations, they relate to assurance, security, or performance-not to the core legal conflict created by storing EU personal data in a non-EU jurisdiction.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the EU GDPR and how does it impact data transfers to non-EU countries?
Open an interactive chat with Bash
What is the CLOUD Act and how does it conflict with GDPR?
Open an interactive chat with Bash
What are Standard Contractual Clauses and how do they mitigate legal risks in cross-border data transfers?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .