Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

During a pre-audit review for a U.S. telehealth provider planning to move its electronic health record (EHR) application to a public IaaS cloud, the compliance team notes that encryption at rest, role-based access controls, and continuous monitoring are already in place. However, the team says one nontechnical requirement mandated by HIPAA/HITECH for cloud service arrangements is still missing. Which action must the organization complete before it can claim full compliance?

  • Obtain a PCI DSS Attestation of Compliance (AOC) from a Qualified Security Assessor.

  • Arrange for an annual ISAE 3402 Type II assurance report covering the cloud provider.

  • Segregate the cloud network into distinct electronic security perimeters as defined by NERC CIP.

  • Execute a Business Associate Agreement (BAA) with the cloud service provider.

ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot