ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your organization is migrating an analytics workload that processes highly sensitive patient data to a public cloud Kubernetes cluster. Security policy requires that the information remain protected even while it is being processed in memory, so that neither cloud provider administrators nor a malicious hypervisor can view it. Which emerging technology, now offered by several major cloud providers, best satisfies this requirement with minimal application refactoring?
Re-architecting the application to run as blockchain smart contracts for tamper-evident processing
Deploying the workload to edge computing nodes located closer to end users
Applying quantum-resistant encryption algorithms to protect data stored on cloud disks
Confidential computing that leverages CPU-based trusted execution environments to keep data encrypted during processing
Confidential computing uses hardware-based trusted execution environments (TEEs) built into modern CPUs (for example, Intel SGX and AMD SEV). When a workload is started in a TEE, the processor encrypts the code and data in memory and isolates them from the host OS, hypervisor, and cloud administrators. Because this protection is provided at the hardware and firmware layer, most existing applications can run with little or no change once re-compiled for the target enclave or launched on a compatible virtual machine type.
Edge computing (processing closer to end users) improves latency but does not inherently protect data in use within the cloud provider's infrastructure. Blockchain smart contracts focus on integrity and decentralization, not on shielding in-memory data from the platform operator. Quantum-resistant storage encryption secures data at rest or in transit, but it does not address exposure while the data are actively processed in memory. Therefore, confidential computing is the only option that directly meets the requirement to protect data in use with minimal code changes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is confidential computing?
Open an interactive chat with Bash
How do trusted execution environments (TEEs) work?
Open an interactive chat with Bash
Why is confidential computing better than quantum-resistant encryption for protecting data in use?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .