Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A U.S.-based healthcare organization uses a cloud-hosted electronic health-record (EHR) service that stores patient data in the provider's primary data center located in Germany. The provider has not (yet) self-certified under the EU-U.S. Data Privacy Framework. To improve performance for American clinicians, the organization asks the provider to keep a near-real-time replica of the EHR database in the provider's U.S. region. Which single action best satisfies the GDPR's legal requirement for lawfully transferring this sensitive personal data from the EU to the United States?

  • Encrypt the database during replication using TLS 1.2 and invoke the GDPR's security exception for international transfers.

  • Rely on the cloud provider's lapsed EU-U.S. Safe Harbor certification as evidence of adequate protection.

  • Execute the European Commission's Standard Contractual Clauses (SCCs) between the German data exporter and the U.S. data importer before any replication occurs.

  • Seek a one-time blanket consent from all patients authorizing future transfers of their data outside the European Economic Area.

ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot