Free ISC2 CCSP Actual Exam Questions - Question 4 Discussion
The company needs to ensure that the stored data is protected from unauthorized access and potential
data breaches, while maintaining high availability and performance. Which threat is most significant to
the company’s use of ephemeral storage for handling customer payment information, and what
mitigation strategy should be employed?
D imo, ephemeral storage is definitely not meant for anything long-term since it’s wiped when instances stop. So using it for recent logs that need quick access doesn’t add up. Long-term storage for the seven-year retention fits since it’s built for compliance and durability. This way, you get proper archival and ensure quick retrieval from something more durable than ephemeral options. A seems tempting but “raw storage” isn’t usually optimized for long-term archival, so D feels more aligned with the requirements here.
Option A seems solid here since raw storage is usually durable and good for ongoing access, which fits recent logs. Then for the seven-year retention, a separate long-term storage solution ensures compliance without sacrificing retrieval speed for recent data. Ephemeral storage is definitely out for anything long-term, so that rules out B, C, and D when it comes to securely holding seven years of logs. Splitting storage by use case like A does makes the most sense operationally and compliance-wise.
D imo, since ephemeral storage isn’t great for long-term retention. You want a durable, secure option for the seven years plus quick access for recent data.