Free ISC2 CCSP Actual Exam Questions - Question 14 Discussion
What is a serious complication an organization faces from the compliance perspective with international operations?
B. Encrypting data is the only option that directly protects the data itself when it’s stored in the cloud. The others either focus on detecting threats, controlling access, or scanning for vulnerabilities but don’t actually secure the data at rest. You can have all the MFA or IDS you want, but if the stored data isn’t encrypted and someone gets hold of it, it’s exposed. So encryption is the fundamental control here.
Makes sense to rule out A, C, and D because they don’t actually secure stored data itself. B focuses exactly on protecting data at rest via encryption, so that’s my pick too. B
Maybe D isn’t the best fit here since IDS mainly helps detect suspicious activity rather than actually protecting stored data. A and C are more about access and vulnerability management, which don’t directly secure data at rest either. B really stands out because encryption is designed to make stored data unreadable without the proper keys, which is exactly what you want for data at rest protection.
Option B makes the most sense since it directly secures the data stored in the cloud. The others focus more on access control or monitoring, not the actual data protection when stored.
Maybe B is the best option since encrypting data directly protects it at rest, unlike the others which focus more on access or detection. But does the question specify any compliance or encryption standards?