CompTIA
CAS-002 · Question #655
CAS-002 Question #655: Real Exam Question with Answer & Explanation
The correct answer is C: Data provisioning, processing, in transit, at rest, and de-provisioning. When migrating corporate email to the cloud, the compliance officer must account for the complete data lifecycle covering every state data passes through, from initial creation to final destruction.
Question
In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end-to-end?
Options
- ACreation and secure destruction of mail accounts, emails, and calendar items
- BInformation classification, vendor selection, and the RFP process
- CData provisioning, processing, in transit, at rest, and de-provisioning
- DSecuring virtual environments, appliances, and equipment that handle email
Explanation
When migrating corporate email to the cloud, the compliance officer must account for the complete data lifecycle covering every state data passes through, from initial creation to final destruction.
Common mistakes.
- A. Creation and secure destruction address only the first and last stages of the lifecycle, omitting critical intermediate states such as data in transit and data at rest.
- B. Information classification, vendor selection, and the RFP process describe procurement and vendor management activities, not the stages of the data lifecycle itself.
- D. Securing virtual environments and appliances describes infrastructure security controls rather than the data lifecycle phases a compliance officer must track end-to-end.
Concept tested. Cloud data lifecycle management for compliance
Reference. https://cloudsecurityalliance.org/research/guidance
Community Discussion
No community discussion yet for this question.