ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Area I: Information SystemsCloud ComputingRiskArea I

CPA · Question 02 · Area I: Information Systems

An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provider. The client handles highly sensitive healthcare data. The auditor notes that the cloud provider stores data in a multi-tenant environment. Which specific risk is MOST heightened in this deployment model compared to a private cloud?

Answer options:

A.

Inability to scale resources rapidly

B.

Data commingling and isolation failure

C.

Increased capital expenditure (CapEx)

D.

Lack of physical security at the data center

How to approach this question

Focus on the definition of 'public cloud' and 'multi-tenant'. The key risk in sharing resources is that one tenant might access another's data.

Full Answer

B.Data commingling and isolation failure✓ Correct
Data commingling and isolation failure
Multi-tenancy implies that data from different customers resides on the same physical hardware. If the hypervisor or isolation logic fails, there is a risk of data commingling.

Common mistakes

Assuming public clouds are less physically secure (they are usually more secure physically) or have scalability issues.
01All questions03

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...HardQ06An auditor is reviewing the backup strategy for a financial transaction system with a Recovery Po...Hard
View all 82 questions →