exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 617 discussion

Actual exam question from CompTIA's CAS-004
Question #: 617
Topic #: 1
[All CAS-004 Questions]

A security analyst received the following finding from a cloud security assessment tool:

Virtual Machine Data Disk is encrypted with the default encryption key.

Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so it is unreadable to the CSP. Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Choose two.)

  • A. Disk encryption with customer-provided keys
  • B. Disk encryption with keys from a third party
  • C. Row-level encryption with a key escrow
  • D. File-level encryption with cloud vendor-provided keys
  • E. File-level encryption with customer-provided keys
  • F. Disk-level encryption with a cross-signed certificate
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
5 days, 21 hours ago
Selected Answer: AE
o Disk Encryption with Customer-Provided Keys: This ensures that the encryption keys are managed by the organization rather than the CSP. By using customer-provided keys, the organization maintains control over the encryption process, making the data unreadable to the CSP. o File-Level Encryption with Customer-Provided Keys: This adds an additional layer of security by encrypting individual files with keys managed by the organization. This approach ensures that even if the disk encryption is compromised, the files themselves remain secure and unreadable to the CSP. o These options together provide robust encryption that meets regulatory requirements and ensures that sensitive data remains secure and inaccessible to the CSP.
upvoted 1 times
Steel16
5 days, 21 hours ago
o Disk Encryption with Keys from a Third Party (Option B): While it provides external key management, it may not ensure the CSP cannot access the data. o Row-Level Encryption with a Key Escrow (Option C): This focuses on database rows and may not cover all types of sensitive data. o File-Level Encryption with Cloud Vendor-Provided Keys (Option D): This does not meet the requirement of making data unreadable to the CSP. o Disk-Level Encryption with a Cross-Signed Certificate (Option F): This approach is more about certificate management and may not address the specific encryption needs.
upvoted 1 times
...
...
Bright07
1 month, 2 weeks ago
Selected Answer: AB
A. Disk encryption with customer-provided keys: This ensures that the encryption keys are fully controlled by the customer and not accessible by the CSP, making the data unreadable to the CSP. B. Disk encryption with keys from a third party: Using encryption keys managed by a third party adds an additional layer of separation and ensures that the CSP does not have access to the keys or data.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago