Free ISC2 CCSP Actual Exam Questions - Question 8 Discussion
development process. They are considering various cloud service models to determine which best suits
their needs for development, deployment, and scaling. Which cloud service category should the
company choose?
Maybe A, since SQL injections can directly expose sensitive data in cloud apps.
Option C stands out since misconfigured storage is a common cloud-specific mistake causing leaks.
It’s C for me too. Misconfigured cloud storage buckets are a classic cloud-specific vulnerability that leads directly to data exposure. Options like A and D are more generic or tied to on-prem setups, while B is about physical security, which is less likely to cause a data breach in cloud infrastructure. Since the question emphasizes cloud-specific issues, C really stands out as the most plausible cause here.
A/D? Poor app code causing SQL injections (A) is definitely a classic cause of data breaches, even in cloud setups. Outdated firewall rules (D) might let attackers in initially if there’s a hybrid cloud environment. Both could be relevant.
C imo, but also worth noting that outdated on-premises firewall rules (D) could let attackers pivot into the cloud environment if hybrid setups aren’t secured properly. Still, C fits best for direct cloud vulnerabilities.
C imo