🔥 3-day streak
CompTIA SecurityX (CAS-005)36 / 120
Question 36 of 120
A financial analytics firm must process highly sensitive customer datasets on a public cloud provider. Regulatory reviewers accept the firm's existing controls for data at rest (envelope encryption with a CMK) and in transit (mTLS), but they raise a concern: during active computation, plaintext data and the derived models reside in host memory where a compromised hypervisor or malicious cloud administrator could theoretically extract them. The architecture team must select a control that protects data while it is being processed, without moving the workload off the provider. Which approach BEST addresses this specific requirement?
Reviewed for accuracy · Report an issueNext question