ExpertHard1 markMultiple Choice
CPA · Question 09 · Area II: Security
A healthcare provider stores patient records in a cloud database. To comply with HIPAA, they must ensure that even if the database storage media is stolen, the data remains unreadable. Which control is MOST appropriate to address this specific risk?
A healthcare provider stores patient records in a cloud database. To comply with HIPAA, they must ensure that even if the database storage media is stolen, the data remains unreadable. Which control is MOST appropriate to address this specific risk?
Answer options:
A.
Encryption in transit
B.
Encryption at rest
C.
Tokenization
D.
Multi-Factor Authentication (MFA)
How to approach this question
Identify the state of the data. 'Storage media' implies the data is sitting on a disk (At Rest).
Full Answer
B.Encryption at rest✓ Correct
Encryption at rest
Encryption at rest ensures that the underlying data files are encrypted. If the physical media is removed or accessed at the file system level without the decryption key, the data is useless.
Common mistakes
Confusing 'at rest' (storage) with 'in transit' (network).
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard