It was discovered that a service provider's administrator was accessing sensitive information without the approval of the customer in an Infrastructure as a Service (IaaS) model. Which of the following would BEST protect against a future recurrence?
In an Infrastructure as a Service (IaaS) model, the customer retains responsibility for securing their data, while the service provider manages the infrastructure. If a service provider's administrator accessed sensitive customer data without approval, the best protection against recurrence is to ensure the data is encrypted, particularly at rest and in transit.
Encryption:
Prevents unauthorized access, even by privileged insiders like administrators.
Ensures that data remains confidential, even if storage or systems are accessed.
Can be paired with customer-managed keys, so the provider cannot decrypt the data without permission.
B. Contractual requirements: Establishing clear contractual terms with the service provider is crucial. Contracts should specify access controls, audit rights, and compliance with data protection requirements. This ensures that administrators have only the access they need and that any unauthorized access is prohibited by the agreement.
To best protect against a recurrence of a service provider's administrator accessing sensitive information without approval in an Infrastructure as a Service (IaaS) model, the most effective measure would be:
C. Data encryption.
Encrypting data is a direct way to protect sensitive information from unauthorized access. Even if a service provider's administrator gains access to the data, encryption ensures that the content remains unreadable and secure without the appropriate decryption keys. This measure protects the data at rest as well as in transit, providing a robust defense against unauthorized access, regardless of the internal controls or policies of the service provider.
C. Data encryption: Data encryption is a crucial measure for protecting sensitive information, especially in transit and at rest. Encrypting the data ensures that even if unauthorized access occurs, the data remains unintelligible without the appropriate decryption keys. While encryption doesn't prevent unauthorized access per se, it significantly mitigates the impact of such access.
Among the options provided, D. Two-factor authentication (2FA) would be the best choice for protecting against a future recurrence of unauthorized access by an administrator in an IaaS model. By requiring additional authentication factors beyond just a username and password, 2FA can significantly reduce the risk of unauthorized access to sensitive information.
upvoted 1 times
...
...
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
d9iceguy
1 month, 3 weeks agoSara98
8 months, 2 weeks agoAbbey2
1 year, 4 months agoJoloms
1 year, 3 months agoJoloms
1 year, 3 months ago