CompTIA Cloud+ (CV0-002) — Question 88

A company is using storage-as-a-service from an IaaS provider for application services. The company has a mandate to protect personal information being stored on the cloud. The service provided includes encryption for in-transit data and requires a security solution for data-at-rest.
Which of the following should be deployed to secure the personal information?

Answer options

• A. Implement data tokenization.
• B. Implement hardware-based encryption.
• C. Implement centralized key management.
• D. Implement database-embedded encryption.

Correct answer: C

Explanation

Centralized key management is crucial for securely managing encryption keys, which are essential for protecting data at rest. While data tokenization, hardware-based encryption, and database-embedded encryption can enhance security, they do not provide the comprehensive management and control of keys necessary for long-term data protection in this scenario.