CompTIA SecurityX (CAS-005) — Question 57

A security analyst received the following finding from a cloud security assessment tool:
Virtual Machine Data Disk is encrypted with the default encryption key.
Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so It is unreadable to the CSP. Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Choose two.)

Answer options

• A. Disk encryption with customer-provided keys
• B. Disk encryption with keys from a third party
• C. Row-level encryption with a key escrow
• D. File-level encryption with cloud vendor-provided keys
• E. File-level encryption with customer-provided keys
• F. Disk-level encryption with a cross-signed certificate

Correct answer: A, E

Explanation

The correct answers are A and E because both options involve using customer-provided keys, which ensures that the encryption keys are managed by the organization, making the data unreadable to the CSP. Options B, D, and F do not meet the regulatory requirement, as they either rely on third-party or vendor-provided keys, which could allow the CSP access to the data.