A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?
Correct Answer: B
Explanation Data masking is the process of hiding original data with modified content to protect sensitive data from unauthorized access or disclosure. Data masking is often used for testing purposes in non-production environments, where personal data is not needed or allowed. However, data masking can pose several challenges, especially for a global financial institution that has multiple interconnected systems and applications. One of the greatest challenges is to preserve the complex relationships within and across systems while masking the data. This means that the masked data must maintain the same format, referential integrity, semantic integrity, and uniqueness as the original data, so that the testing results are valid and reliable. For example, if a customer's name is masked in one system, it must be masked consistently in all other systems that reference it. If a transaction amount is masked in one system, it must not violate any business rules or constraints in another system. If a credit card number is masked in one system, it must still be a valid credit card number in another system. Preserving these complex relationships can be challenging because it requires a thorough understanding of the data model, the business logic, and the dependencies among systems. It also requires a robust and flexible data masking tool that can handle different types of data and platforms.
Question 2
Which of the following is MOST important when designing application programming interfaces (APIs) that enable mobile device applications to access personal data?
Correct Answer: C
Question 3
A multi-national organization has decided that regional human resources (HR) team members must be limited in their access to employee data only within their regional office. Which of the following is the BEST approach?
Correct Answer: B
Explanation Attribute-based access control (ABAC) is the best approach for limiting the access of regional HR team members to employee data only within their regional office, because it allows for fine-grained and dynamic access control based on attributes of the subject, object, environment, and action. Attributes are characteristics or properties that can be used to describe or identify entities, such as users, resources, locations, roles, or permissions. ABAC uses policies and rules that evaluate the attributes and grant or deny access accordingly. For example, an ABAC policy could state that a user can access an employee record if and only if the user's role is HR and the user's region matches the employee's region. This way, the access control can be tailored to the specific needs and context of the organization, without relying on predefined or fixed access levels. References: * Attribute-Based Access Control (ABAC), NIST * What is Attribute-Based Access Control (ABAC)?, Axiomatics * Access Control Models - Westoahu Cybersecurity, Westoahu Cybersecurity
Question 4
What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?
Correct Answer: C
Explanation The primary means by which an organization communicates customer rights as it relates to the use of their personal information is publishing a privacy notice. A privacy notice is a document that informs the customers about how their personal information is collected, used, shared, stored, and protected by the organization, as well as what rights they have regarding their personal information, such as access, rectification, erasure, portability, objection, etc. A privacy notice should be clear, concise, transparent, and easily accessible to the customers, and should comply with the applicable privacy regulations and standards. A privacy notice helps to establish trust and transparency between the organization and the customers, and enables the customers to exercise their rights and choices over their personal information. References: : CDPSE Review Manual (Digital Version), page 39
Question 5
An organization has an initiative to implement database encryption to strengthen privacy controls. Which of the following is the MOST useful information for prioritizing database selection?
Correct Answer: D
Explanation The most useful information for prioritizing database selection for encryption is the asset classification scheme. An asset classification scheme is a system of organizing and categorizing assets based on their value, sensitivity, criticality, or risk level. An asset classification scheme helps to determine the appropriate level of protection or handling for each asset. For example, an asset classification scheme may assign labels such as public, internal, confidential, or secret to different types of data based on their impact if compromised. Databases that contain higher-classified data should be prioritized for encryption to prevent unauthorized access, disclosure, or modification. Database administration audit logs, historical security incidents, or penetration test results are also useful information for database security, but they are not the most useful for prioritizing database selection for encryption. Database administration audit logs are records of activities performed by database administrators or other privileged users on the database system. Database administration audit logs help to monitor and verify the actions and changes made by authorized users and detect any anomalies or violations. Historical security incidents are records of events that have compromised or threatened the security of the database system in the past. Historical security incidents help to identify and analyze the root causes, impacts, and lessons learned from previous breaches or attacks. Penetration test results are reports of simulated attacks performed by ethical hackers or security experts on the database system to evaluate its vulnerabilities and defenses. Penetration test results help to discover and exploit any weaknesses or gaps in the database security posture and recommend remediation actions. References: Data Classification Policy - SANS Institute, Database Security Best Practices - Oracle, [Database Security: An Essential Guide | IBM]
