CompTIA CySA+ (CS0-002) — Question 174

A general contractor has a list of contract documents containing critical business data that are stored at a public cloud provider. The organization’s security analyst recently reviewed some of the storage containers and discovered most of the containers are not encrypted. Which of the following configurations will provide the MOST security to resolve the vulnerability?

Answer options

• A. Upgrading TLS 1.2 connections to TLS 1.3
• B. Implementing AES-256 encryption on the containers
• C. Enabling SHA-256 hashing on the containers
• D. Implementing the Triple Data Encryption Algorithm at the file level

Correct answer: B

Explanation

Implementing AES-256 encryption on the containers provides the most robust security for sensitive data, as it ensures the data is encrypted at rest. The other options, while improving security in their own ways, do not directly address the lack of encryption for the stored data. For instance, upgrading TLS improves data in transit security, but does not protect data stored in the cloud.