ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your organization is refactoring a legacy three-tier web application into containers running on a managed Kubernetes service in a public cloud. During the architecture review, the security team insists that the design must satisfy the Security pillar of the provider's Well-Architected Framework. Which of the following design choices best demonstrates compliance with that pillar?
Autoscale worker nodes across multiple availability zones to withstand instance failures.
Place read-heavy database replicas in regions closer to users to reduce latency.
Schedule a weekly rightsizing exercise to shut down idle development clusters to reduce waste.
Encrypt all data in transit and at rest using customer-managed keys stored in a dedicated key management service.
The Security pillar of the Well-Architected Framework focuses on confidentiality, integrity, and availability of data and workloads. Encrypting data both in transit and at rest-and managing the encryption keys within a dedicated key management service-directly addresses these requirements by protecting data wherever it resides or moves.
Autoscaling across multiple availability zones improves fault tolerance and belongs to the Reliability pillar. Placing read replicas closer to users lowers latency, aligning with the Performance Efficiency pillar. Regular rightsizing to shut down idle resources reduces cost, which is an objective of the Cost Optimization pillar. Therefore, only encrypting data with customer-managed keys clearly maps to the Security pillar.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Kubernetes and its role in the described architecture?
Open an interactive chat with Bash
What is meant by 'encrypting data in transit and at rest'?
Open an interactive chat with Bash
How does customer-managed key management work in cloud security?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .