CompTIA CASP+ (CAS-004) — Question 475

A security analyst received the following finding from a cloud security assessment tool:

Virtual Machine Data Disk is encrypted with the default encryption key.

Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so it is unreadable to the CSP. Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Choose two.)

Answer options

• A. Disk encryption with customer-provided keys
• B. Disk encryption with keys from a third party
• C. Row-level encryption with a key escrow
• D. File-level encryption with cloud vendor-provided keys
• E. File-level encryption with customer-provided keys
• F. Disk-level encryption with a cross-signed certificate

Correct answer: A, E

Explanation

The correct answers, A and E, provide encryption methods that utilize customer-provided keys, ensuring that data remains unreadable to the CSP, thus meeting regulatory requirements. Options B and D do not utilize customer keys, which does not satisfy the need for enhanced security. Option C is focused on row-level encryption rather than disk or file encryption, and option F does not utilize customer keys either.