A company wants to ensure that their cloud provider cannot access their sensitive data, even if the provider is subpoenaed. Which control achieves this?

Answer options:

Server-side encryption with provider-managed keys

Client-side encryption with customer-managed keys

SSL/TLS encryption

Database masking

How to approach this question

If you hold the key, they can't see the data. If they hold the key, they can.

Full Answer

B.Client-side encryption with customer-managed keys✓ Correct

Client-side encryption with customer-managed keys

With client-side encryption and customer-managed keys (CMK), the cloud provider receives only encrypted data and does not possess the key to decrypt it.

Common mistakes

Assuming server-side encryption protects against the provider itself.

Question 40 All questions Question 42

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →