Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your company hosts a multi-tenant IaaS environment. Security policy states that security event logs must remain admissible as evidence in court. Today, the log collector writes files to shared network storage and records a SHA-256 hash of every file in a protected database once the file is closed. During a recent audit, the assessor concluded that the current setup still fails to maintain a complete chain of custody and does not provide strong non-repudiation during long-term retention. Which additional control would best close this gap?

  • Store each file's hash in the same directory as the log so integrity can be checked locally when needed.

  • Replicate log files to write-once/read-many object storage and enable immutable retention policies to prevent any alteration or deletion.

  • Move closed log files to a low-cost cold storage tier after 30 days to reduce accidental modification risk.

  • Encrypt every log file with a rotating AES-256 symmetric key before storage to prevent disclosure of contents.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot