Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A U.S.-based multinational uses a SaaS human-resources platform that stores backups in data centers located in Ireland and mainland China. The company receives a domestic subpoena from a U.S. regulator demanding the complete employee database for an investigation. The security team is concerned that a direct hand-over could breach both the EU GDPR and China's data-localization rules. Which action best addresses the conflict of laws before any disclosure is made?

  • First migrate the backups to a U.S. cloud region and then provide the data from there.

  • Ask the regulator to pursue the information through the applicable Mutual Legal Assistance Treaty channels in each country before any release.

  • Comply immediately, because the U.S. subpoena has extraterritorial reach under the CLOUD Act.

  • Strip all identifying fields from the records and send the remaining dataset so privacy laws no longer apply.

ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot