CCSP Question #730: Real Exam Question with Answer & Explanation

Question

Which of the following would be considered an example of insufficient due diligence leading to security or operational problems when moving to a cloud?

Options

• AMonitoring
• BUse of a remote key management system
• CProgramming languages used
• DReliance on physical network controls

Explanation

Relying on physical network controls is a classic example of insufficient due diligence because cloud environments are virtualized - there are no physical routers, switches, or firewalls to segment traffic. Organizations that assume their on-premises physical security perimeter translates to the cloud will find those controls simply don't exist there, leaving critical gaps. This is a frequent "lift-and-shift" mistake where teams fail to adapt their security model to the cloud's software-defined networking reality.

Why the distractors are wrong:

• A (Monitoring): Monitoring is a legitimate cloud concern, but it's a tool you implement, not a physical-world assumption that fails to carry over - it doesn't represent the same category of due diligence failure.
• B (Remote key management): Using a remote KMS (e.g., AWS KMS, Azure Key Vault) is actually a best practice for cloud environments, not a problem.
• C (Programming languages): Cloud platforms are largely language-agnostic; your choice of Python vs. Java has no meaningful bearing on cloud migration risk.

Memory tip: Think "physical = problem in cloud." Anything tied to physical hardware (network gear, perimeter devices) becomes a due diligence failure because the cloud has no physical network layer to rely on - only virtual/logical controls.

No community discussion yet for this question.