ExpertHard1 markMultiple Choice
CPA · Question 41 · Area II: Security
A company wants to ensure that their cloud provider cannot access their sensitive data, even if the provider is subpoenaed. Which control achieves this?
A company wants to ensure that their cloud provider cannot access their sensitive data, even if the provider is subpoenaed. Which control achieves this?
Answer options:
A.
Server-side encryption with provider-managed keys
B.
Client-side encryption with customer-managed keys
C.
SSL/TLS encryption
D.
Database masking
How to approach this question
If you hold the key, they can't see the data. If they hold the key, they can.
Full Answer
B.Client-side encryption with customer-managed keys✓ Correct
With client-side encryption and customer-managed keys (CMK), the cloud provider receives only encrypted data and does not possess the key to decrypt it.
Common mistakes
Assuming server-side encryption protects against the provider itself.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard