ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your organization stores sensitive design documents in a cloud collaboration suite that allows users to synchronize files to their laptops and mobile devices. Security policy states that:
Only employees in the Engineering group may open the documents.
If an employee leaves the company, their access must be revoked even for copies already downloaded.
Security administrators need an audit trail that shows who opened, printed, or attempted to copy the content.
Which control should you implement to satisfy all three requirements with the least operational overhead?
Deploy an enterprise Data Loss Prevention (DLP) solution to monitor and block unauthorized file transfers.
Digitally sign the documents so that only signed files are considered official copies.
Enable cloud-based Information Rights Management (IRM) to apply persistent usage policies and revoke access centrally.
Rely on server-side encryption at rest for the collaboration platform's storage buckets.
Information Rights Management (IRM)-sometimes delivered as a cloud-based Rights Management Service-cryptographically binds usage rights (such as view, edit, print, or copy) directly to a file. Because the usage policy and keys travel with the document, access is enforced even after the file is downloaded to unmanaged devices. When an employee departs, the issuer can revoke the user's rights, rendering any local copies unreadable. IRM platforms also record each use (open, print, copy) in protected headers or central logs, providing a detailed audit trail.
In contrast, encryption at rest protects only the storage repository; once the file is copied elsewhere it is no longer controlled. Traditional Data Loss Prevention (DLP) focuses on detecting and blocking the movement of sensitive data but cannot retroactively revoke access or enforce usage controls on already-distributed files. Digital signatures provide authenticity and integrity, not ongoing access control. Therefore, IRM is the only option that meets all stated requirements with minimal additional operational effort.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Information Rights Management (IRM) ensure access control even after files are downloaded?
Open an interactive chat with Bash
Can IRM also generate audit trails for file usage?
Open an interactive chat with Bash
How is IRM different from server-side encryption at rest?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .