ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a quarterly penetration test, your security team discovers that a managed file-sharing service hosted by a third-party cloud provider allows unauthenticated directory listing, potentially exposing regulated customer data. According to recommended practices for communicating with cloud vendors, what is the most appropriate first action you should take?
Notify the cloud provider through the security incident channel specified in the contract or SLA.
Report the issue directly to your industry regulator before contacting the cloud provider.
Post the vulnerability to a public security mailing list to accelerate the provider's response.
Immediately block all outbound traffic to the provider's IP ranges until they confirm a fix.
Established cloud-vendor agreements (SLA, MSA, or security addendum) normally define how and when each party must report security incidents. Using the documented security contact or ticketing channel ensures the provider receives timely, confidential notice and can begin remediation while preserving contractual and regulatory obligations. Going public or alerting regulators before engaging the provider can violate non-disclosure clauses and hinder coordinated response, while unilaterally blocking connectivity may disrupt business operations without fixing the root cause. Therefore, following the notification path written into the contract is the correct initial step.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an SLA and how does it relate to cloud security?
Open an interactive chat with Bash
Why is using the security incident channel specified in the SLA the first step?
Open an interactive chat with Bash
What are the risks of bypassing the cloud provider and going public with the vulnerability?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .