Question

An architect is designing a solution. Appropriate data classification is being implemented by classifying the data sensitivity levels. The solution needs to consider the encryption of data and tokenization. Which of the design principles for security in the cloud is the architect applying?

A. Protect data in transit and at rest.

B. Apply security at all layers.

C. Implement a strong identity foundation.

D. Prepare for security events.

Answer 1

Answer: A.

Option A is correct.

“Protecting data in transit and at rest” includes implementation of techniques to ensure data protection.

In this scenario, the architect is implementing data classification techniques, applying sensitivity level, encryption etc.

That helps in data protection while at rest and in transit.

Option B is incorrect, because, “applying security at all layers” principle refers to implementing the security controls at various levels of solutions' architecture like application, code, VPC, etc.

Option C is incorrect.

“Implement a strong identity foundation” principle enforces the philosophy of implementing the principle of least privilege and other IAM principles like authorizing and delegating privileges strictly based on the duties to be performed.

Option D is incorrect.

“Prepare for security events” ensures preparedness for security events aligned to organizational requirements by performing risk assessment, creation of necessary checkpoints, and implementing proper incident management process and tools.