ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company is moving a sensitive research workload out of a cloud provider's IaaS environment. The virtual machines are already powered down, and the only remaining task is to ensure the provider's shared block-storage system no longer holds recoverable remnants of the data. Because the disks are part of a large, multi-tenant SAN, you cannot demand physical destruction or direct sector overwriting. Which data sanitization method best meets this situation while minimizing impact on the provider's other tenants?
Instruct the provider to degauss the physical drives that currently host the virtual machine data.
Invoke a cryptographic erase to delete or render the encryption keys useless, leaving encrypted data unreadable on the shared disks.
Request the provider run three-pass random overwrites on the logical volumes backing your virtual disks.
Arrange for physical shredding of the storage array after your data has been migrated away.
In a multi-tenant cloud, physical media is owned by the provider and shared among many customers, so the subscriber must rely on a logical sanitization technique. Cryptographic erase-also called crypto-shredding-renders data unrecoverable by destroying or rendering the encryption keys permanently inaccessible. Because the encrypted data remaining on disk is now unintelligible, the storage space can be safely reallocated without affecting other tenants. Conventional overwriting requires exclusive, low-level access to each physical sector, which cloud customers typically do not receive. Degaussing and physical shredding both demand direct control of the hardware, which the provider will not grant and which would disrupt other customers' data. Therefore, cryptographic erase is the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is cryptographic erase (crypto-shredding) and how does it work?
Open an interactive chat with Bash
Why can’t physical destruction methods, like degaussing or shredding, be used in multi-tenant environments?
Open an interactive chat with Bash
How does cryptographic erase compare to overwriting data in terms of effectiveness in cloud environments?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .