An organization's hosted database environment is encrypted by the vendor at rest and in transit. The database was accessed, and critical data was stolen. Which of the following is the MOST likely cause?
Even when a database environment isencrypted at rest and in transit, data theft can still occur due tomisconfigured access control lists (ACLs).
Why ACL Misconfiguration Is Likely:
Access Permissions:If ACLs are not correctly configured, unauthorized users might gain access despite encryption.
Insider Threats:Legitimate users with excessive permissions can misuse access.
Access via Compromised Accounts:If user accounts with broad ACL permissions are compromised, encryption alone will not protect data.
Encryption Is Not Enough:Encryption protects data in transit and at rest, but once decrypted for use, weak ACLs can expose the data.
Other options analysis:
A. Group rights for access:Not as directly related as misconfigured ACLs.
B. Improper backup procedures:Would affect data recovery, not direct access.
D. Insufficiently strong encryption:Data was accessed, indicating apermission issue, not weak encryption.
CCOA Official Review Manual, 1st Edition References:
Chapter 7: Access Control and Data Protection:Discusses the importance of proper ACL configurations.
Chapter 9: Database Security Practices:Highlights common access control pitfalls.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit