exam questions

Exam CCSK All Questions

View all questions & answers for the CCSK exam

Exam CCSK topic 1 question 183 discussion

Actual exam question from CSA's CCSK
Question #: 183
Topic #: 1
[All CCSK Questions]

ENISA: Because it is practically impossible to process data in encrypted form, customers should have the following expectation of cloud providers:

  • A. Provider should be PCI compliant
  • B. Provider should immediately notify customer whenever data is in plaintext form
  • C. Provider must be highly trustworthy and have compensating controls to protect customer data when it is in plaintext form
  • D. Provider should always manage customer encryption keys with hardware security module (HSM) storage
  • E. Homomorphic encryption should be implemented where necessary
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cloud_guru_1909
Highly Voted 8 months, 3 weeks ago
Selected Answer: C
V10. IMPOSSIBILITY OF PROCESSING DATA IN ENCRYPTED FORM Encrypting data at rest is not difficult, but despite recent advances in homomorphic encryption (27), there is little prospect of any commercial system being able to maintain this encryption during processing. In one article, Bruce Schneier estimates that performing a web search with encrypted keywords -- a perfectly reasonable simple application of this algorithm -- would increase the amount of computing time by about a trillion (28). This means that for a long time to come, cloud customers doing anything other than storing data in the cloud must trust the cloud provider.
upvoted 8 times
...
byfener
Most Recent 4 months, 2 weeks ago
Selected Answer: C
C. Provider must be highly trustworthy and have compensating controls to protect customer data when it is in plaintext form According to ENISA (European Union Agency for Cybersecurity), customers should expect cloud providers to be highly trustworthy and to have compensating controls in place to protect customer data when it is in plaintext form. This recognition of the cloud provider's trustworthiness and their ability to implement strong compensating controls is crucial when data processing requires temporary decryption, even though encryption is the primary security measure. This expectation helps ensure the security and privacy of the customer's data while it is being processed by the cloud provider.
upvoted 2 times
...
FATWENTYSIX
7 months, 2 weeks ago
D is the most logical answer. This is a two part question, and the plaintext wording is a distractor. There is no mention of Homomorphic encryption as an option in any of the study guides. CCSK Study Guide pg 126, 11.1.4.3 references HSM as a viable option.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago