CompTIA CASP+ (CAS-003) — Question 201

A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers.
Which of the following is the BEST statement for the engineer to take into consideration?

Answer options

• A. Single-tenancy is often more expensive and has less efficient resource utilization. Multitenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.
• B. The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls.
• C. Due to the likelihood of large log volumes, the service provider should use a multitenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
• D. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

Correct answer: C

Explanation

Option C is correct because it addresses the anticipated large log volumes and suggests a multitenancy model that is cost-efficient while ensuring data security through encryption. Option A discusses the cost implications of single-tenancy versus multitenancy without providing a comprehensive solution. Option B suggests outsourcing security, which may not align with the customers' needs for sensitive log management. Option D, while secure, may not be practical or scalable compared to a cloud-based solution.