An auditor is auditing the services provided by a cloud service provider. When evaluating the security of the cloud customer’s data in the cloud, which of the following should be of GREATEST concern to the auditor?
A.
Personally identifiable information (PII) is pseudonymized but not fully encrypted.
B.
The cloud customer has encrypted the confidential data in the cloud using its own encryption keys.
C.
The confidential data stored in the cloud is encrypted using encryption keys that are managed by the provider.
D.
According to the cloud customer’s data handling policy, all confidential data should be encrypted, but the confidential data stored in the cloud is well segmented but not encrypted.
D. According to the cloud customer’s data handling policy, all confidential data should be encrypted, but the confidential data stored in the cloud is well segmented but not encrypted.
The greatest concern for the auditor should be that the confidential data stored in the cloud is not encrypted despite the cloud customer’s data handling policy requiring encryption. This represents a direct violation of the organization's policy and potentially exposes the data to unauthorized access. Encryption is a critical control for protecting data confidentiality, especially for sensitive information. Failing to apply encryption as per the organization's policy poses a significant security risk and compliance issue.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Auditor2020
5 days ago