CAS-005
Security Architecture
hard
Question 3 of 27

A financial services organization is adopting a hybrid cloud model. The security architect must ensure that data classified as Restricted never leaves the on-premises data center, while Confidential data may reside in a private cloud zone. Which architecture control BEST enforces these data residency requirements?

AApply DLP policies to email gateways only
BDefine data perimeters using classification-aware network security controls and cloud resource policies that enforce geographic and zone-based restrictions
CEncrypt all data before it is transferred to any cloud environment
DRequire developers to manually tag all data before uploading to the cloud

More Security Architecture Questions

27 questions

Full CompTIA SecurityX Practice Test

All topics covered

All CompTIA SecurityX Questions

Browse by topic

Related Questions

Which CASB deployment mode operates by intercepting cloud traffic inline between users and cloud ser...

easy

What is the primary security benefit of microsegmentation in a data center network?...

easy

Which zero trust concept defines the relationship between the entity requesting access and the resou...

easy

Which technology integrates SD-WAN with cloud-native security services to provide a converged networ...

easy

A cloud security architect is designing controls to detect employees uploading sensitive corporate d...

medium
View all Security Architecture questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account