CompTIA SecurityX (CAS-005) — Question 158

An organization has several systems deployed in a public cloud and wants to confirm that when data retention periods are reached, the data is properly disposed of. Which of the following best meets the organization's needs?

Answer options

• A. Double encrypting the data using both asymmetric and symmetric keys managed by the cloud service provider
• B. Utilizing a data-wiping software to overwrite the existing data
• C. Encrypting the data with customer-managed keys and then deleting both the encryption key and the volume
• D. Asking the cloud provider for copies of certificates of destruction

Correct answer: C

Explanation

Option C is correct because encrypting the data with customer-managed keys and deleting the keys ensures that the data cannot be accessed after retention periods. Option A does not guarantee data destruction, as the data remains unless the keys are deleted. Option B does not address key management, and simply overwriting data may not be sufficient for compliance. Option D relies on the cloud provider's assurance rather than ensuring direct control over data destruction.