CompTIA CASP+ (CAS-003) — Question 334

During the migration of a company's human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor's staff may be able to access data within the migrating application. The application stack includes a multitier architecture and uses commercially available, vendor-supported software packages. Which of the following BEST addresses the CPO's concerns?

Answer options

• A. Execute non-disclosure agreements and background checks on vendor staff.
• B. Ensure the platform vendor implements data-at-rest encryption on its storage.
• C. Enable MFA to the vendor's tier of the architecture.
• D. Implement a CASB that tokenizes company data in transit to the migrated applications.

Correct answer: D

Explanation

Implementing a CASB that tokenizes company data in transit effectively protects sensitive information from unauthorized access during the migration process. While non-disclosure agreements, background checks, and data-at-rest encryption are important, they do not specifically prevent vendor staff from accessing data during transit. Enabling MFA is beneficial for authentication but does not directly address the CPO's primary concern regarding data access.