CAS-002 · Question #209
CAS-002 Question #209: Real Exam Question with Answer & Explanation
The correct answer is C: Company XYZ could be liable for disclosure of sensitive data from one hosted customer. Hosting customers from multiple regulated industries on shared virtualized infrastructure creates cross-tenant data disclosure risk and exposes the hosting provider to significant regulatory liability.
Question
Options
- AMost of company XYZ's customers are willing to accept the risks of unauthorized disclosure
- BThe availability requirements in SLAs with each hosted customer would have to be re-written
- CCompany XYZ could be liable for disclosure of sensitive data from one hosted customer
- DNot all of company XYZ's customers require the same level of security and the administrative
Explanation
Hosting customers from multiple regulated industries on shared virtualized infrastructure creates cross-tenant data disclosure risk and exposes the hosting provider to significant regulatory liability.
Common mistakes.
- A. Regulated customers such as healthcare organizations cannot simply accept unauthorized disclosure risks; legal frameworks like HIPAA impose mandatory protections regardless of a customer's stated risk tolerance.
- B. SLA availability requirements may need updating, but this is a secondary operational concern compared to the immediate confidentiality and regulatory liability risk posed by cross-tenant data exposure.
- D. Differing security requirements and administrative complexity are real operational challenges but are secondary to the core concern of legal liability from cross-customer data disclosure in a regulated multi-tenant environment.
Concept tested. Multi-tenant virtualization data separation and regulatory liability
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125A.pdf
Community Discussion
No community discussion yet for this question.