Certified Cloud Security Professional (CCSP) — Question 451

Which of the following best describes the purpose and scope of ISO/IEC 27034-1?

Answer options

• A. Describes international privacy standards for cloud computing
• B. Serves as a newer replacement for NIST 800-52 r4
• C. Provides on overview of network and infrastructure security designed to secure cloud applications.
• D. Provides an overview of application security that introduces definitive concepts, principles, and processes involved in application security.

Correct answer: D

Explanation

The correct answer, D, accurately captures the essence of ISO/IEC 27034-1, which focuses on application security principles and processes. Options A and C misrepresent the standard's scope by focusing on privacy and infrastructure security, while option B incorrectly suggests that it replaces a specific NIST publication.