Certificate of Cloud Security Knowledge (CCSK) — Question 173

CCM: A hypothetical company called "Security4Sure" provides a cloud based service to share confidential documents. The confidential documents are stored in their servers and are encrypted. How will Security4Sure ensure the protection of client data within their data center?

Answer options

• A. Audit plans should not be adopted and supported by the most senior governing elements of the organization (e.g. the board and the management)
• B. Encrypt the data at rest and put in place appropriate measures for management of encryption keys
• C. Implement redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and various security devices
• D. Use a secure transfer channel (i.e. TLS)

Correct answer: C

Explanation

The correct answer is C because establishing redundant systems and environmental controls is crucial for maintaining data integrity and availability in a data center. Options A and D do not directly address the physical and operational security necessary for protecting data within the data center, while B focuses solely on encryption without considering the overall infrastructure needed for comprehensive protection.