Exam CISSP topic 1 question 238 discussion

Read the book CISSP All-in-One Study Guide and can refer to this URL https://www.soterosoft.com/blog/data-in-use-encryption-data-in-motion-encryption/ data-in-use - Encryption doesn’t protect data in use. Data-in-use meaning the data already view example displaying your bank account information at your screen. The data is encrypted at the source (Data-at-rest encryption), the data is encrypted via TLS or HTTPS when in motion. But when it reaches your computer or mobile devices, the data storing in your RAM, CPU registeres and display on your screen. All these are not encrypted, else how you read the data or information?? Data must decrypt before it is used. So for data-in-use, best approach is access control but that doesnt stop people from screen-shot and print it etc etc. So the obvious answer is B.

Correct Answer is B. You dont use secure protocols to ' view ' ... but you do need proper AuthZ to view files. read words carefully.

correct answer is C .. A and D align more with data at rest., the protocols mentioned in C aligns with data in transit

B is the only data in use, others are data at rest and data in transit

Why the answer is B? If someone take the mobile phone to take the photo, it can also be printed. It does not make sense.

"data in use" is one of three states of data. In this question "data in use" should have been printed without dashes (not "data-in-use").

Answer is B. Secure protocols don't protect against local access while access controls do. .

The correct answer according to CISSP is: B. When the data is being viewed, it can only be printed by authorized users. Data-in-use controls are a type of security control that is designed to protect data when it is being accessed or used. These controls typically involve limiting the actions that can be performed on the data and enforcing access controls to ensure that only authorized users are able to view, modify, or print the data. This way, it ensures that only authorized users can print the data and not to anyone who has access to the data.

C. A protocol is a procedure, not necessarily referencing a method of encryption. Could be referencing a protocol for clean desk policy, or privacy screens.

when I read option C "it can be accessed using secure protocols.", I thought about access remotely over TLS which will be a correct answer. But the question does not mention remote access to the data. So B should be the correct answer.

I go with B.

Answer is B. The question about the controls process. So, the answer should be very defined like example "it can only be printed by authorized users." Notice the word "only"?

Anyone can find a workaround to printing data they're not allowed to. HOW that data is accessed is the most important control.

it is C. Data-in-use must work always of course with secure protocols when the information is charged in the system. After that, the information can be decrypted or not (homomorphic encryption). As well, the information should be accessed from trusted system or "enclave"

I would say it's C > "Encryption plays a major role in protecting data in use or in motion. Data should always be encrypted when it's traversing any external or internal networks. This includes encrypting all data prior to transport or using protected tunnels, such as HTTPS or SSL/TLS." https://www.techtarget.com/searchsecurity/feature/Best-practices-to-secure-data-at-rest-in-use-and-in-motion It's not A, when you lose data in use you can decrypt them. Imagin that you are connected over TLS to your bank and you close the browser, can you reopen that, no you have to login again with secure protocol (TLS).

Encryption. Its A