ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company, operating in a highly regulated industry with a very low risk appetite, is evaluating a public IaaS provider. During due-diligence meetings, management asks for documentation that will best reveal how the provider defines acceptable levels of risk, assigns risk ownership, and escalates residual risks that exceed set thresholds. Which document would give you the clearest view of the provider's risk tolerance and overall risk management approach?
A sample set of closed security incident tickets from the previous year
The most recent SOC 3 assurance report summarizing control effectiveness
Marketing documentation describing the provider's multi-region high availability architecture
The provider's enterprise risk management policy that includes its board-approved risk appetite statement and escalation criteria
A formally approved enterprise risk management (ERM) or risk management policy typically contains the provider's risk appetite statement, roles and responsibilities, governance structure, and methods for identifying, analyzing, treating, and monitoring risk. Reviewing this policy lets a customer compare the provider's declared tolerance levels and escalation paths with its own requirements.
A SOC 3 report summarizes control effectiveness but offers little detail on how the provider decides what risks to accept.
Individual incident tickets show operational issues, not the overarching program that sets risk thresholds.
Marketing material about high availability focuses on service features and does not disclose governance or decision-making around risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an enterprise risk management (ERM) policy?
Open an interactive chat with Bash
What is a SOC 3 report, and why may it not reveal risk tolerance?
Open an interactive chat with Bash
What is the difference between residual risk and risk appetite?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .