ISC2 Certified Cloud Security Professional (CCSP) Practice Question
While planning an internal audit of a PaaS provider, you must verify that the supplier's written policies clearly define who is responsible for generating, rotating, and revoking customers' database-encryption keys. Which layer of the provider's security documentation is most likely to contain the level of operational detail and role assignment you need to review first?
Corporate governance charter
Organizational (program-level) security policy
Issue-specific (functional) security policy on cryptographic controls
System hardening guideline for the database platform
Issue-specific (functional) security policies focus on a single subject area-such as cryptographic key management, remote access, or acceptable use-and spell out the specific controls, procedures, and roles required to address that topic. They therefore include the operational details and individual responsibilities an auditor needs to confirm.
An organizational (program-level) policy is a high-level statement of management intent and overall security posture; it rarely lists detailed duties. A corporate governance charter describes the board's broad oversight responsibilities, not day-to-day security roles. System hardening guidelines are technical standards for configuring a particular platform and usually do not assign business responsibilities for key life-cycle management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an issue-specific security policy?
Open an interactive chat with Bash
How does an issue-specific policy differ from an organizational (program-level) security policy?
Open an interactive chat with Bash
Why wouldn’t a corporate governance charter or system hardening guideline be suitable for this audit task?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .