Certified Ethical Hacker (CEH v13) — Question 269

You are a cybersecurity specialist at CloudTech Inc., a company providing cloud-based services. You are managing a project for a client who wants to migrate their sensitive data to a public cloud service. To comply with regulatory requirements, the client insists on maintaining full control over the encryption keys even when the data is at rest on the cloud. Which of the following practices should you implement to meet this requirement?

Answer options

• A. Encrypt data client-side before uploading to the cloud and retain control of the encryption keys.
• B. Use the cloud service provider's encryption services but store keys on-premises.
• C. Rely on Secure Sockets Layer (SSL) encryption for data at rest.
• D. Use the cloud service provider's default encryption and key management services.

Correct answer: A

Explanation

The correct answer is A because encrypting the data client-side allows the client to maintain control of the encryption keys, ensuring compliance with regulatory requirements. Option B does not provide full control over the keys since it relies on the cloud provider's encryption services. Option C is insufficient as SSL is primarily for data in transit, not at rest, and option D negates the client's requirement for key control by using the provider's key management services.