Certificate of Cloud Auditing Knowledge (CCAK) — Question 127

Which of the following is an example of compliance business impact?

Answer options

• A. A hacker using a stolen administrator identity brings down the Software as a Service (SaaS) sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
• B. A distributed denial of service (DDoS) attack renders the customer’s cloud inaccessible for 24 hours, resulting in millions in lost sales.
• C. While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
• D. The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euros.

Correct answer: D

Explanation

Option D is correct because it directly relates to compliance with GDPR regulations and the financial penalties that arise from failing to report a data breach. Options A and B focus on operational impacts from cyberattacks, while option C discusses reputational damage due to internal conflicts rather than compliance failures.