6d • 🙋♂️ CISSP
Practice Question
Question:
A multinational corporation is migrating its most critical applications to a hybrid cloud environment. The CIO is concerned about the following risks:
- Data exfiltration by malicious insiders at the cloud provider
- Inconsistent enforcement of data classification policies across jurisdictions
- Difficulty proving compliance during external audits
The company already uses encryption, strict IAM controls, and third-party risk assessments.
Which of the following security approaches would BEST address the CIO’s concerns?
A. Implement tokenization of sensitive data before it enters the cloud environment
B. Require the cloud provider to sign a detailed SLA with strong penalties for non-compliance
C. Adopt a cloud access security broker (CASB) for centralized visibility and policy enforcement
D. Use homomorphic encryption to allow computations on encrypted data without exposing raw data
1
7 comments
Practice Question
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+17
3
+14
4
+14
5
+11
Powered by