Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

During an internal audit of your company's new SaaS-based CRM solution, you discover that the same DevOps engineers who deploy application code also generate and rotate the tenant data-encryption keys through the cloud provider's KMS. From an internal information security controls system perspective, which recommendation would most effectively reduce the risk of unauthorized key modification?

  • Require multi-factor authentication for administrators accessing the CRM application dashboard.

  • Enable automatic rotation of all encryption keys every 30 days using the provider's KMS.

  • Store the encryption keys in the same source-code repository but restrict push access to DevOps leads.

  • Transfer key-management duties to an independent security operations team to enforce segregation of duties.

ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot