CISSP Question #1209: Real Exam Question with Answer & Explanation

Question

A firm within the defense industry has been directed to comply with contractual requirements for encryption of a government client's Controlled Unclassified Information (CUI). What encryption strategy represents how to protect data at rest in the MOST efficient and cost-effective manner?

Options

• APerform physical separation of program information and encrypt only information deemed critical
• BPerform logical separation of program information, using virtualized storage solutions with built-in
• CPerform logical separation of program information, using virtualized storage solutions with
• DImplement data at rest encryption across the entire storage area network (SAN)

Explanation

For protecting CUI data at rest efficiently and cost-effectively, logical separation combined with virtualized storage solutions that include built-in encryption provides targeted protection without over-engineering the solution.

Common mistakes.

• A. Physical separation is costly and operationally inefficient, requiring dedicated hardware for CUI storage, and encrypting only 'critical' information may leave CUI inadequately protected and non-compliant with contractual requirements.
• C. While similar to B, this option implies virtualized storage solutions without the built-in encryption component, meaning additional third-party encryption tools would be needed, increasing cost and complexity.
• D. Encrypting the entire SAN is overly broad and cost-prohibitive, applying encryption resources uniformly across all data regardless of sensitivity, which is neither efficient nor targeted to the specific CUI protection requirement.

Concept tested. CUI data at rest encryption strategy for CMMC/NIST 800-171 compliance

Reference. https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final

No community discussion yet for this question.