20 Apr Practice Test Question-Cryptographic Key Security
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Eddie is concerned about the security of cryptographic keys that his organization uses with a cloud service provider. What mechanism can he use to best safeguard those keys from access by unauthorized individuals?
A. CASB
B. DLP
C. HSM
D. IPS
Correct Answer: C
Cloud access security brokers (CASB) are used to consistently apply security policies across cloud services and don’t protect encryption keys, making it an incorrect answer. Hardware security modules (HSMs) are specifically designed to safeguard encryption keys, avoiding the need for a human being to directly interact with the key, making it our correct answer here. Some cloud providers offer cloud-based HSM services to their customers as an advanced security offering. Data loss prevention (DLP) systems block the exfiltration of sensitive information and, again, don’t protect encryption keys. Neither do intrusion prevention systems (IPSs), which detect and block security threats.
No Comments