Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your U.S.-based SaaS company plans to replicate log files that include EU residents' personal data to new analytics clusters located in both Singapore and California. No adequacy decision covers either destination, and the cloud providers are not certified under the EU-U.S. Data Privacy Framework. Under GDPR cross-border transfer requirements, what must you ensure is in place and documented before either transfer can lawfully begin?

  • Register the SaaS company as a data broker under the California Consumer Privacy Act.

  • Establish a maximum seven-year retention schedule for replicated logs in each region.

  • Conclude the GDPR Standard Contractual Clauses (or another Article 46 safeguard) with both the Singapore and U.S. cloud providers.

  • Encrypt all log replication traffic with TLS 1.3 before transmission.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Requirements
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot