Exam CCSP topic 1 question 91 discussion

While security controls are implemented in the create phase in the form of SSL/TLS, this only protects data in transit and not data at rest. The store phase is the first phase in which security controls are implemented to protect data at rest.

Create. as per CBK, Data classification is foundational security control. page 44, cbk 3rd edition.

When your create data, you're just typing or modifying however, when you submit it, you'll trigger the store phase, hence the secuirt starts at the store phase

B is the correct choice - the CCSP official study indicates this is the first stage where security controls can be implemented to protect data at rest.

This is a tricky question to try and trip you up. It says "the first stage" making it sound like the first phase in the data life cycle world, which would be "Create." However, "Store" is the right answer, because in the "Create" phase the data owner is defined, then data is categorized, classified, labeled, tagged and marked. And if created remotely, data should be encrypted, and connections secured (VPN) and secure key management practices should be practiced. Now, in the "Store" phase which occurs almost concurrently with the "Create" phase is where it's immediately important to employ: The use of backup methods on top of security controls to prevent data loss. Additional encryption for data at rest. DLP and IRM technologies are used to ensure that data security is enforced during the Use and Share phases of the cloud data lifecycle.

While security controls are implemented in the create phase in the form of SSL/TLS, this only protects data in transit and not data at rest. The store phase is the first phase in which security controls are implemented to protect data at rest.

security controls can be initially implemented at the create phase as well, specifically in the form of technologies such as SSL/TLS with data that is inputted or imported.

Store no hay duda

Create - as has been said throughout the comments, data classification and labeling is most certainly a "security control" as defined in NIST SP 800-53, ISO 27001, HITRUST, etc. (look up "information handling" in the control sets).

Create

In Create is the 1st phase where labels can be assign; In Store is the 1st phase where controls can be implemented.

Store The Store phase often happens in tandem with (or immediately after) the Create phase. During this phase, the created or modified data is saved to some sort of digital repository within the application or system. Storage can be in the form of saved files on a filesystem, rows and columns saved to a database, or objects saved in a cloud storage system. During the Store phase, the classification level assigned during creation is used to assign and implement appropriate security controls. Controls like encryption (at rest), Access Control Lists (ACLs), logging, and monitoring are important during this phase. In addition, this phase is when you should consider how to appropriately back up your data to maintain redundancy and availability

In Create, you can only define the controls like classification, you cannot apply until you store them. store is correct answer.

Should be "D". Data classification is done during the create phase.

Yes I do agree here

I disagree with this option. It should be option D, the "create" phase.