Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

During off-hours, your team's SIEM detects that a compromised service token is being used to query tenant data through a partner-facing REST API. Several customer records may already have been exfiltrated. According to best practice for partner communications in a cloud incident, what should you do first in this situation?

  • Rotate the compromised token and silently monitor partner traffic for further anomalies without any outreach.

  • Wait until the contracted forensics firm completes its full report, then inform partners with comprehensive technical findings.

  • Immediately disable all external API endpoints and issue a public press release describing the breach in detail.

  • Activate the incident response plan's partner notification procedure, validating facts with legal before issuing an initial coordinated statement.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot