Exam CCSK topic 1 question 96 discussion

Object encryption is an out-of-the-box feature - e.g. in S3. The in-transit encryption would be via HTTPS.

11.1.4.2, pg 124. Client-side encryption: When object storage is used as the back-end for an application (including mobile applications), encrypt the data using an encryption engine embedded in the application or client.

Correct Answer is E. The application or client should encrypt the data before storing in the object. If it was implemented by the server or cloud provider then they would have to hold the key which is not recommended, so best your own application has access to the key and encrypts the object before storing. This is consistent with 11.1.4.2

When object storage is used as the back-end for an application, the appropriate encryption method would typically involve object encryption. Object encryption involves encrypting each individual object (or file) stored within the object storage system. This ensures that data remains secure even when stored in a potentially shared or publicly accessible environment. Client/application encryption (E) might refer to encryption applied by the client or application before sending data to the storage, which could be an additional layer of security but might not be the encryption method applied within the storage system itself. So, among the options provided, the most appropriate encryption method when using object storage as the back-end for an application is D. Object encryption.

The explications of Brainiac are clear and exactly but the answer of Moota are from the docs. What s the real response for the question : the definition or the words used on the references

D. Object encryption Object encryption involves encrypting individual objects or files stored in the object storage system. It ensures that each object is encrypted before being stored and can only be decrypted by authorized users or applications with the appropriate encryption keys. Object encryption provides granular control over the encryption of data at rest, making it suitable for securing data stored in object storage. It helps protect the confidentiality and integrity of the stored objects, even if the underlying storage infrastructure is compromised. The other encryption methods mentioned are not specifically tailored for object storage scenarios: A. Database encryption typically refers to encrypting data within a database management system, which is different from object storage. B. Media encryption involves encrypting storage media such as hard drives or tapes, rather than individual objects within an object storage system. E. Client/application encryption refers to encrypting data at the client or application level before it is sent to the storage system, which is independent of the specific storage backend being used.

11.1.4.2 Client-side encryption: When object storage is used as the back-end for an application (including mobile applications), encrypt the data using an encryption engine embedded in the application or client.