CompTIA SecurityX (CAS-005) — Question 138

A security engineer must implement controls to limit access between developer endpoints and a cloud provider bucket for data storage. Developers routinely save sensitive files to the bucket as part of their projects. The security engineer must reduce the risk of unintended data exposure. Which of the following is the most appropriate control to implement?

Answer options

• A. Require server-side encryption using a KMS in the cloud provider.
• B. Implement context-aware reauthentication to the local system.
• C. Deploy an ACL on the virtual private cloud to avoid public access.
• D. Restrict HTTP POST and PUT traffic to specific URLs at the proxy.

Correct answer: C

Explanation

Implementing an ACL on the virtual private cloud is the best control as it directly restricts access to the cloud bucket, preventing unauthorized access and potential data exposure. The other options, while they may enhance security, do not specifically limit access between developer endpoints and the cloud bucket, which is the primary concern in this scenario.