CAS-002 · Question #726
CAS-002 Question #726: Real Exam Question with Answer & Explanation
The correct answer is A: Secure storage and transmission of API keys. This question tests knowledge of multi-tenant cloud platform security controls to ensure customer data isolation. The three best controls address API credential protection, data-in-transit encryption, and logical tenant separation via access control.
Question
Options
- ASecure storage and transmission of API keys
- BSecure protocols for transmission of log files and search results
- CAt least two years retention of log files in case of e-discovery requests
- DMulti-tenancy with RBAC support
- ESanitizing filters to prevent upload of sensitive log file contents
- FEncrypted storage of all customer log files
Explanation
This question tests knowledge of multi-tenant cloud platform security controls to ensure customer data isolation. The three best controls address API credential protection, data-in-transit encryption, and logical tenant separation via access control.
Common mistakes.
- C. Log retention policies address compliance and e-discovery requirements, not the prevention of cross-tenant data disclosure.
- E. Sanitizing uploaded log content prevents sensitive data from entering the platform but does not control whether one authenticated tenant can access another tenant's already-stored data.
- F. Encrypted storage protects data at rest from infrastructure-level unauthorized access but does not enforce tenant isolation or prevent an authenticated user from reaching another customer's data if access controls are misconfigured.
Concept tested. Multi-tenant cloud data isolation and API credential security
Reference. https://cloudsecurityalliance.org/research/cloud-controls-matrix/
Community Discussion
No community discussion yet for this question.