Certified Ethical Hacker (CEH v12) — Question 242

You are a cybersecurity specialist at CloudTech Inc., a company providing cloud-based services. You are managing a project for a client who wants to migrate their sensitive data to a public cloud service. To comply with regulatory requirements, the client insists on maintaining full control over the encryption keys even when the data is at rest on the cloud. Which of the following practices should you implement to meet this requirement?

Answer options

• A. Encrypt data client-side before uploading to the cloud and retain control of the encryption keys.
• B. Use the cloud service provider's encryption services but store keys on-premises.
• C. Rely on Secure Sockets Layer (SSL) encryption for data at rest.
• D. Use the cloud service provider's default encryption and key management services.

Correct answer: A

Explanation

The correct answer is A because encrypting the data client-side allows the client to control the encryption keys, ensuring compliance with their requirement. Option B does not provide full control over the keys since it relies on the cloud provider's encryption. Option C is incorrect as SSL encryption mainly secures data in transit, not data at rest. Option D uses the provider's default services, which does not meet the client's need for key control.