CCSP Exam - Question 289

data in transit is the correct answer

Answer B. Data in use controls, IRM/DRM, access control. while data is being used its decrypted. TLS, VPN, SSH are controls in Data in transit phase. part of TLS is to also Authenticate parties using digital cert before secure channel can establish. refer CBK 3rd edition page 45.

Digital Signatures are used as the foundational technologies for certificates which are the core technology underpinning TLS.

Digital signatures are most likely to be used as a security protection mechanism for data that is in a "transmitted" state. This is because digital signatures provide a way to ensure the integrity and authenticity of data during transmission, which is particularly important when data is being sent over an insecure network such as the internet. Digital signatures work by using cryptography to create a unique "signature" of the data that can be verified by the recipient to ensure that the data has not been tampered with or altered during transmission. This helps to prevent unauthorized access, interception, or modification of the data while it is in transit. In contrast, digital signatures may not be as necessary for data that is in a "stored" state, such as data that is saved on a secure server or database. In this case, other security mechanisms such as access controls, encryption, and backups may be more important for protecting the data.

B: Data in transit

B. Data in transit

However, pg 178 of the CBK "Data in use: This requires access control with granularity that is relevant for the data at risk. APIs should be protected through the use of digital signatures and encryption where necessary, and access rights should be restricted to the roles of the consumer."

A. Data in use

TLS also used digital certificates. TLS is used to protect data in use

Thew question asks Which data state would be most likely to use digital signatures as a security protection mechanism? The term 'use as security protection" Digital signatures are deployed against transmitted data, These signatures provide for an integrity check value when the signature is verified which is when the data is used or accessed. The digital signature does not really protect anything but rather alert the recipient to tampering. Signatures can are applied with or without encryption. The checking of the signature is not performed during transit. The signature is checked by the recipient when the data is checked. The digital signature is used when data is used.

Data in transit

Data at rest (D). Digital signatures are commonly used as a security protection mechanism for data at rest to verify the integrity and authenticity of the stored data.

Data in transit.

Digital signatures are primarily used to ensure data integrity, authenticity, and non-repudiation when data is in transit between systems. They verify that the data has not been altered and that it originates from a trusted source. Why Not the Others? A. Data in use: Digital signatures are typically applied before data is used rather than during active processing. C. Archived: While archived data may be digitally signed for long-term integrity checks, this is less common compared to transit scenarios. D. Data at rest: Encryption is the primary security mechanism for protecting data at rest, whereas digital signatures are more about ensuring integrity during transfer.

Data in use is about confidential computing. Data in transit can use digital signatures