CompTIA CASP+ (CAS-004) — Question 451

An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated. Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?

Answer options

• A. Utilize an on-premises HSM to locally manage keys.
• B. Adjust the configuration for cloud provider keys on data that is classified as public.
• C. Being using cloud-managed keys on all new resources deployed in the cloud.
• D. Extend the key rotation period to one year so that the cloud provider can use cached keys.

Correct answer: C

Explanation

The correct answer is C because using cloud-managed keys can significantly lower costs while still providing a secure encryption method. Option A may incur additional on-premises costs, option B does not address the use of self-managed keys, and option D could compromise security by extending the period before key rotation.