An organization has deployed a cloud-based storage system for shared data that is in phase two of the data life cycle. Which of the following controls should the security team ensure are addressed? (Choose two.)
I believe this is D and F.
Data Life Cycle:
1. Create
2. Storage
3. Usage
4. Sharing
5. Archive
6 Destruction
Data Classification -- Create (1)
Data Destruct -- Destruction (6)
Data Loss Prevention -- Usage (3), Share (4)
Encryption -- Storage (2), Usage (3)
Backups -- Archive (5)
Access Controls -- Storage (2)
I believe this to be D and E, anything in the cloud should be encrypted as standard, I would normally also backup any data and create access controls however there are use cases where I wouldn't have access controls (publicly available information), there aren't any use cases where I wouldn't backup. So D, E.
2. Storage
Once data has been created within the organisation, it needs to be stored and protected, with the appropriate level of security applied. A robust backup and recovery process should also be implemented to ensure retention of data during the lifecycle. I oscilate between C,D,E
Phase 2 is storing data. Encryption (D) is how you store the data and Backups (E) are an additional location where you store the data. The link provided below clearly specifies encryption and backups as part of phase 2. To me, access controls seems more like phase 3, which is sharing. Access controls have nothing to do with storing, but with who has access to the data.
https://www.ibm.com/topics/data-lifecycle-management
A. Data classification > creation
B. Data destruction > destroy
C. Data loss prevention > share
D. Encryption > store, share
E. Backups > archive
F. Access controls > store, use
D and E. 6 stages of cloud secure data lifecycle: Create, Storage, Usage, Sharing, Archive, Destruction
The question states they are in phase 2, so we can eliminate option A as classification happens in stage 1. We can also eliminate B since destruction doesn't happen until the last step. That leaves us C, D, E, and F.
From CBTNuggets concerning stage 2: Once data is created, it needs to be stored somewhere. This is the second step - storage. Data can't live by itself. It needs to be held on a drive somewhere. Data is typically kept in a storage pool or a database in the cloud.
The data storage step is where you need to be careful. Depending on what laws and regulations you are subject to, data may need to be stored in specific parts of the world. For instance, data from Germany or regards German citizens must be held in the EU. Data also needs to be encrypted at rest, too. That means you will need a way to ENCRYPT and SECURE data stored in the cloud.
This tells us that option D is once answer choice. So answer D) Encryption is correct since encryption happens in stage 2.
Now, from Alukos' CCSP guide:
As soon as data enters the store phase, it's important to immediately employ:
The use of backup methods on top of security controls to prevent data loss.
Additional encryption for data at rest.
DLP and IRM technologies are used to ensure that data security is enforced during the Use and Share phases of the cloud data lifecycle. They may be implemented during the Store phase, but do not enforce data security because data is not accessed during this phase.
E) Backups make the most sense, since having encrypted data is useless if you lose it and don't have a backup. So I am going with answer choices D and F. At stage 2 you make an encrypted backup of your data.
In the context of the data life cycle, phase two typically involves the storage and maintenance of the data. Given that the data is stored in a cloud-based storage system, the security team should focus on controls that protect the data while it's at rest and ensure that only authorized individuals can access it.
D. Encryption: Encrypting the data ensures that even if unauthorized access occurs, the data is protected and cannot be easily read. Encryption is particularly important for data stored in cloud environments.
F. Access Controls: Implementing strong access controls ensures that only authorized users can access the data. This can include user authentication, role-based access control, and other permissions settings.
In phase two of the data life cycle, which is the "active" phase where data is regularly accessed and modified, the following controls should be addressed by the security team:
A. Data classification: Data should be classified based on its sensitivity and importance. This classification helps in determining appropriate access controls, encryption methods, and other security measures.
F. Access controls: Access controls ensure that only authorized individuals or systems have access to the data. This control is crucial during the active phase of the data life cycle to prevent unauthorized access or modifications.
Other controls such as data loss prevention (C) and encryption (D) are important as well, but data classification and access controls are specifically relevant during the active phase of data usage and modification.
Answer CD
This question is about management of data security and compliance in the cloud with regard to data life cycle.
DLP - Azure, GCP, and AWS have many resources and tools available to identify confidential data in use, in storage, and in transit and then understand how that data is used to protect it in a shared data environment.
Encryption - is used to protect the data at rest on storage devices, in transit, and even in use. It protects connectivity to the cloud, data stored in the could, etc...
Both DLP and Encryption is a part of the data life cycle management.
This is more related to data ingestion, storage, retrieval and sharing. So DLP and access control
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
indyrckstar
Highly Voted 1 year, 3 months agochafe
Most Recent 7 months, 1 week agoLilik
8 months, 3 weeks ago3be4f49
1 year, 1 month agobettyboo
1 year, 1 month agodeeden
1 year, 5 months agodeeden
1 year, 5 months ago[Removed]
1 year, 5 months ago[Removed]
1 year, 5 months ago[Removed]
1 year, 5 months agochaddman
1 year, 6 months agochaddman
1 year, 6 months agoJong1
1 year, 6 months agodcdc1000
1 year, 7 months agoms123451
1 year, 8 months ago