CISSP · Question #1148
CISSP Question #1148: Real Exam Question with Answer & Explanation
The correct answer is C: Cloud consumer. In a cloud ecosystem, the cloud consumer is the entity that owns the data and business requirements, making them responsible for identifying and approving data security requirements.
Question
As a design principle, which one of the following actors is responsible for identifying and approving data security requirements in a cloud ecosystem?
Options
- ACloud broker
- BCloud provider
- CCloud consumer
- DCloud auditor
Explanation
In a cloud ecosystem, the cloud consumer is the entity that owns the data and business requirements, making them responsible for identifying and approving data security requirements.
Common mistakes.
- A. The cloud broker acts as an intermediary that manages relationships between consumers and providers, but does not own the data and therefore does not have authority to identify or approve the consumer's data security requirements.
- B. The cloud provider is responsible for implementing and maintaining security controls within their infrastructure and services, but it is not their role to define or approve the data security requirements that belong to the consumer's business context.
- D. The cloud auditor independently assesses and verifies security controls and compliance against established requirements, but their role is evaluative rather than prescriptive - they do not identify or approve the requirements themselves.
Concept tested. Cloud ecosystem roles and data security responsibility
Reference. https://www.nist.gov/system/files/documents/itl/cloud/NIST_SP-500-292.pdf
Topics
Community Discussion
No community discussion yet for this question.