CCSP Exam QuestionsBrowse all questions from this exam

CCSP Exam - Question 438


Cryptographic keys for encrypted data stored in the cloud should be ________________ .

Show Answer
Correct Answer: A

Cryptographic keys for encrypted data stored in the cloud should not be stored with the cloud provider. This principle is in place to enhance security by ensuring that the keys are kept separate from the encrypted data, reducing the risk of unauthorized access. Splitting keys or generating redundant keys compromises their security and is generally not recommended.

Discussion

3 comments
Sign in to comment
stack120566
Aug 11, 2024

i agree that keys should not be stored with the data wthat they protect. But saying that they should not be stored wth the cloud provider is not true. Azure and other cloud providers offer key vaults. The vaults are seperate and distinct from the data that is protected They off integrations where the keys can be accessed from applications. In azure's case the appliications can be configured with permiison to read the key, certiificate. This offers means of enhancing security by creating a secure way of accessing keys, certificates, passwords or other secret without directly without exposing keys in code. This is a very usual feature in PaaS

akg001Option: A
Nov 22, 2022

A. Not stored with the cloud provider.

MaciekMTOption: A
Feb 25, 2025

For strong cloud security, cryptographic keys should not be stored with the cloud provider that holds the encrypted data. This practice, known as separation of duties, prevents a single entity from having both the keys and the encrypted data, reducing the risk of unauthorized access. Instead, organizations should use client-side key management or external Key Management Systems (KMS). Why Not the Others? B. Generated with redundancy → While key backups are important, redundancy alone does not ensure security if the key is compromised. C. At least 128 bits long → While 128-bit encryption is a minimum, modern security standards recommend 256-bit encryption for higher security. D. Split into groups → Key splitting (Shamir’s Secret Sharing) can be a useful security method but is not a strict requirement for cloud encryption.