CompTIA CASP+ (CAS-004) — Question 114

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.
Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

Answer options

• A. Migrating operations assumes the acceptance of all risk.
• B. Cloud providers are unable to avoid risk.
• C. Specific risks cannot be transferred to the cloud provider.
• D. Risks to data in the cloud cannot be mitigated.

Correct answer: C

Explanation

The correct answer is C because certain risks associated with specific applications or data types may remain with the organization and cannot be fully transferred to the cloud provider. Options A, B, and D suggest misunderstandings about risk management in the cloud; migrating does not mean accepting all risks, providers do have means to manage risk, and while risks may not be completely eliminated, they can often be mitigated.