CV0-004

Full exam simulation

1:30:00
1

Security

hard

A multinational corporation runs a critical application on a private cloud hosted in their data center. The application uses virtual machines (VMs) that are attached to a storage area network (SAN) for block storage. The company is migrating the application to a public cloud IaaS model to reduce on-premises costs. The security team mandates that all data at rest in the cloud must be encrypted using customer-managed keys, and the cloud provider must not have access to the keys. The application requires low-latency block storage for a database. The storage must be replicated within the same region for availability. The cloud architect needs to choose a storage solution that meets these security and performance requirements. The cloud provider offers: (A) Object storage with server-side encryption using provider-managed keys. (B) Ephemeral instance storage with encryption at rest using provider-managed keys. (C) Persistent block storage volumes with encryption using customer-managed keys stored in the provider's key management service (KMS) integrated with hardware security modules (HSM). (D) Network file system (NFS) shares encrypted with customer-managed keys managed on-premises. Which option should the architect choose?

0 of 90 answered