CISM · Question #855
CISM Question #855: Real Exam Question with Answer & Explanation
The correct answer is C: Insufficient data separation. Public cloud environments are multi-tenant by nature, meaning multiple organizations share the same underlying physical infrastructure. Insufficient data separation (logical isolation) is the greatest concern because it creates the risk that one tenant's sensitive data could be a
Question
Which of the following is the GREATEST concern when an organization migrates sensitive systems to a public cloud service?
Options
- ALack of logging capabilities
- BWeak authentication
- CInsufficient data separation
- DInsufficient user knowledge
Explanation
Public cloud environments are multi-tenant by nature, meaning multiple organizations share the same underlying physical infrastructure. Insufficient data separation (logical isolation) is the greatest concern because it creates the risk that one tenant's sensitive data could be accessed by or leak to another tenant. This risk is unique and inherent to the shared-resource model of public cloud. While weak authentication and lack of logging are valid concerns, they are not specific to cloud migration and can be addressed with standard controls. Insufficient user knowledge is an operational concern but not a structural risk of the cloud model itself.
Topics
Community Discussion
No community discussion yet for this question.