Answer-first summary for fast verification
Answer: Apply a uniform encryption standard (e.g., AES) at the source and manage encryption keys through a centralized key management system, allowing only authorized services to access decryption keys based on their roles.
Option C is the most suitable strategy for implementing end-to-end encryption in data pipelines to ensure data confidentiality. Here‘s why: 1. **Uniform Encryption Standard**: Applying a uniform encryption standard like AES at the source ensures all data is encrypted with the same strong algorithm, maintaining security throughout the pipeline. 2. **Centralized Key Management**: A centralized key management system ensures only authorized services can access decryption keys, enhancing control and reducing unauthorized access risks. 3. **Role-Based Access Control**: Restricting decryption key access based on roles ensures only designated end systems can decrypt data, enforcing strict access control. 4. **Data Confidentiality**: Encrypting data at the source and securely managing decryption keys maintains data confidentiality, keeping data encrypted at rest and in transit until decrypted by authorized systems. This approach comprehensively addresses the need for end-to-end encryption in data pipelines, ensuring data security and controlled access.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
For a data pipeline that spans multiple systems and requires end-to-end encryption to ensure data confidentiality, which strategy ensures that data remains encrypted throughout the process, only being decrypted by authorized end systems?
A
Utilize transport layer security (TLS) across all components of the pipeline, relying on network encryption to secure data in transit.
B
Implement format-preserving encryption to maintain data usability across the pipeline while ensuring that data is encrypted at rest and in transit, with decryption keys accessible only within secure execution environments.
C
Apply a uniform encryption standard (e.g., AES) at the source and manage encryption keys through a centralized key management system, allowing only authorized services to access decryption keys based on their roles.
D
Encrypt data at the source using public key infrastructure (PKI), ensuring that only the destination system has the corresponding private key for decryption.