ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A multinational enterprise is moving several workloads to both a public IaaS platform and a SaaS customer-relationship system. The security team has completed an inventory of all data stores and documented how information flows between cloud services and on-premises systems. To ensure the forthcoming data classification scheme supports business objectives and complies with international privacy laws, which activity should the team perform next?
Adopt the public cloud provider's predefined storage class names as the organization's new classification levels.
Identify all legal, regulatory, and contractual requirements that dictate how different data elements must be handled.
Apply client-side encryption with customer-managed keys to every dataset, deferring classification until after migration.
Label every dataset with the organization's highest sensitivity level to avoid misclassification risks.
A sound data classification program must be driven by the organization's business and regulatory obligations. After assets and data flows are identified, the next step is to determine which statutes, industry standards, and contractual commitments apply and translate those requirements into classification levels (for example, Public, Internal, Confidential, Restricted). Without this analysis, any labels applied may be misaligned with mandatory protections, leading either to over-classification (increasing cost and complexity) or under-protection (creating compliance gaps).
Selecting a cloud provider's default storage classes or a one-size-fits-all highest sensitivity label skips the essential step of tailoring classifications to the organization's specific obligations. Immediately deploying encryption everywhere, while generally positive, is a control decision that should follow-and be guided by-the completed classification policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is identifying legal, regulatory, and contractual requirements essential for data classification?
Open an interactive chat with Bash
What is the difference between data classification and encryption?
Open an interactive chat with Bash
What role does a public cloud provider's predefined storage classes play in classification decisions?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .