CompTIA CASP+ (CAS-003) — Question 199

While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)

Answer options

• A. Data remnants
• B. Sovereignty
• C. Compatible services
• D. Storage encryption
• E. Data migration
• F. Chain of custody

Correct answer: A, D

Explanation

The CISO should be primarily concerned about Data remnants (A) as leftover data can pose security risks if not properly handled during the transition to in-house services. Additionally, Storage encryption (D) is crucial to ensure that data remains secure both during and after the migration process. The other options, while important, do not pose as immediate a concern in this specific context.