CCSK Question #165: Real Exam Question with Answer & Explanation

Question

Options

• ASuch knowledge is a prerequisite to implementing the required measures to ensure compliance
• BEnable the data controller to register with the local Data Protection Officer(s), where appropriate.
• CTo facilitate comprehensive disaster planning.
• DTo enable data location transparency for the consumer.
• ETo allow compliance with local laws regarding data privacy and safeguarding.

Explanation

Knowing the physical location of hosted data is the foundational prerequisite that determines which compliance frameworks, data protection laws, and security controls must be applied. Without this knowledge, no compliance program can be properly designed or implemented.

Common mistakes.

• B. Registering with a local Data Protection Officer is a specific compliance action that only becomes relevant after the hosting location is already known, making it a consequence of A rather than the primary reason.
• C. Disaster recovery planning benefits from knowing data location, but this is an operational concern secondary to the legal and regulatory compliance imperative.
• D. Data location transparency for the consumer is a customer-facing benefit and a compliance output, not the most important underlying reason for needing to know the location.
• E. Complying with local laws is a valid reason but is narrower in scope than A - option A encompasses this and all other compliance measures, making it the more complete and important answer.

Concept tested. Cloud data residency and compliance prerequisites

Reference. https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment

No community discussion yet for this question.