I have questions regarding options of questions described in the CCSP Official practice test 2nd ed. c05.045. My understanding is that ...
A. "Customer access provision" means an IAM, which activates or de-activates user-accounts in each tenant. B. "Management system control interface" means a isolated "Control plane" from Data plane. C. "Storage controller access" is needed to be isolated because customer data including sensitive are stored.
So, A,B,C is mandatory to be isolated.
But I'm really confused about option D describing "Customer production activities". I think "Customer production activities" is customer's business activities such as login, transaction and etc... Probably, it could also be isolated because of tenant for safety purpose. What are "Customer production activities"? Why is "Customer production activities" not be isolated?
As you said, tenants shall be isolated each other.
On the other hand, some cloud provider can access your cloud environment after you allow the provider to access it. For instance, AWS Support requires to call other AWS services on your behalf. If your production activities on AWS are on completely isolated network, AWS Support cannot access it and support you.
The customer production activities might refer to the processing of any customer information or access to systems that might contain Personal identifiable information in the tenancy. The most relevant example I can think of is accessing the production environment of the customer by the cloud service provider for any troubleshooting or collecting logs.