Certificate of Cloud Auditing Knowledge (CCAK) — Question 140

An example of a preventive control that may be identified in an Infrastructure as a Service (IaaS) service provider is:

Answer options

Correct answer: C

Explanation

The correct answer is C, as encryption for data at rest is a preventive measure that protects sensitive data from unauthorized access. Options A and B, privileged access monitoring and threat hunting, are more reactive in nature, focusing on detecting and responding to threats rather than preventing them. Option D, incident response, is also reactive and deals with responding to security incidents after they occur.