ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your company uses a SaaS platform that automatically replicates customer PII and the associated access logs to data centers in the United States, Germany, and Singapore. During a compliance audit you plan to pull all security-event logs into a U.S.-hosted SIEM for centralized analysis. From an audit standpoint, which issue created by this distributed IT model is most likely to require immediate remediation before log collection can proceed?

The cloud provider's preference for its proprietary audit framework instead of the company's chosen standard
Additional storage fees for maintaining duplicate log archives in every geographic region
Conflicting data-sovereignty and privacy regulations that restrict exporting log data across national borders
Potential detection delays caused by higher network latency when shipping logs from overseas regions

Report Issue

Answer Description

Because the data set contains PII, moving any portion of it-logs included-out of the jurisdiction in which it was generated can trigger data-protection and privacy laws such as the EU GDPR or Singapore's PDPA. These regulations may prohibit or strictly condition cross-border transfers unless appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) are in place. While latency, cost, and framework mapping are genuine concerns, none of them can legally block the audit process. Jurisdictional restrictions on data movement are therefore the most critical obstacle auditors must resolve first in a multi-region cloud deployment.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.