ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A healthcare software provider is developing a public-facing patient portal on a cloud PaaS. Because the site will store and process protected health information (PHI) and provide critical clinical functions, the lead security architect decides to adopt the OWASP Application Security Verification Standard (ASVS) to guide secure coding and testing. To obtain an assurance level appropriate for handling highly sensitive data and mission-critical operations, which ASVS verification level should the development team target?
ASVS Level 2 (Standard) for typical applications handling sensitive data
No specific ASVS verification level is required because the PaaS provider secures the platform
ASVS Level 3 (Advanced/Critical) for applications with highly sensitive data and critical functions
ASVS Level 1 (Opportunistic) for low-risk applications
The OWASP ASVS defines three incrementally stronger verification levels. Level 1 is intended for low-risk applications and offers only basic security controls. Level 2 is the default for most business applications that handle sensitive data such as personally identifiable information, but it is not the highest level of assurance. Level 3 is required when an application processes highly sensitive personal data (for example, healthcare or financial records) or supports critical business functions whose compromise could have serious consequences. Because the patient portal will store PHI and is critical to healthcare operations, the project should adopt ASVS Level 3 to ensure the most rigorous verification of secure design, coding, and testing practices. Choosing Level 1 or Level 2 would leave potential gaps, and omitting ASVS entirely would not meet compliance or risk-based requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the OWASP ASVS?
Open an interactive chat with Bash
What types of applications require ASVS Level 3?
Open an interactive chat with Bash
Why is PaaS security not enough for protecting PHI in this context?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .