ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A SaaS provider plans to shut down a tenant's encrypted file-sharing environment that ran on multitenant storage managed by a public cloud provider. The provider needs to render the customer's data permanently unrecoverable while allowing the underlying physical disks to be reassigned to other customers within minutes. Which data sanitization technique BEST satisfies these operational and security requirements in a cloud setting?
Physically degauss the storage drives before they are returned to the shared pool.
Conduct a DoD 5220.22-M three-pass overwrite of the virtual disk file.
Perform a cryptographic erase by deleting the encryption keys that protect the tenant's data.
Write a single pass of zeros across the logical volume before detaching it.
Cryptographic erase is performed by permanently deleting or overwriting the encryption keys that protect data at rest. Because the data on the disks remains encrypted with keys that no longer exist, it becomes computationally infeasible to recover, even though the physical blocks are not overwritten. This method is therefore extremely fast-often completing in seconds-allowing the cloud service provider to return the storage media to the shared pool almost immediately. Traditional logical or physical overwriting methods (single-pass zero fill or multi-pass DoD wipes) require writing to every block, which can take hours and delay media reuse. Degaussing is impractical for provider-owned drives because it destroys the drive's servo information, making the hardware unusable. Only cryptographic erase meets both the security need for irretrievability and the cloud provider's operational need for rapid turnover.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is cryptographic erase?
Open an interactive chat with Bash
Why is cryptographic erase better than traditional overwriting methods?
Open an interactive chat with Bash
Why is degaussing not suitable for cloud providers?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .