14d • 🙋♂️ CISSP
CISSP Practice Question – Domain 2: Asset Security (Data Lifecycle, Cloud, and Zero Trust)
A multinational enterprise migrates sensitive analytics workloads to a cloud provider. The environment uses a zero-trust architecture, and encryption is enabled for data in transit and at rest. During a review, the CISO learns that several teams are using cloud-native analytics tools that temporarily decrypt and process customer PII inside managed service environments where the organization has no visibility into memory, caching, or key-handling operations.
Which control is MOST critical to implement to maintain data-lifecycle protection under these conditions?
A. Enforce customer-managed encryption keys (CMEK) and prohibit provider-managed key usage.
B. Implement strict data-minimization and tokenization before data enters the cloud analytics pipeline.
C. Require all analytics tools to run only in containers where memory and cache can be fully inspected.
D. Mandate continuous CASB monitoring to detect shadow analytics workflows and unauthorized data feeds.
3
12 comments
CISSP Practice Question – Domain 2: Asset Security (Data Lifecycle, Cloud, and Zero Trust)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+30
3
+30
4
+26
5
+15
Powered by