ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 760 discussion

Actual exam question from Isaca's CISA
Question #: 760
Topic #: 1
[All CISA Questions]

An organization's software developers need access to personally identifiable information (PII) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

  • A. Data masking
  • B. Data encryption
  • C. Data tokenization
  • D. Data abstraction
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Community vote distribution
A (50%)
B (50%)
by Binagr8 at June 3, 2024, 8:03 p.m.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pLulu
3 months, 3 weeks ago
A. Data encryption is a strong method for protecting sensitive information, including PII, by converting it into a coded format that can only be accessed by those with the decryption key. However, in development and test environments, encryption might not be the most practical solution because developers often need to work with data in a readable format to test and debug effectively. Data masking (Option A) is generally preferred in these scenarios because it allows developers to work with data that looks and behaves like real data without exposing the actual sensitive information. This approach balances the need for data protection with the practical requirements of development and testing.
upvoted 1 times
...
choboanon
4 months, 2 weeks ago
Selected Answer: A
Answer is A
upvoted 1 times
...
Swallows
8 months, 3 weeks ago
Selected Answer: B
Data Encryption involves transforming sensitive data (like PII) into an unreadable format using cryptographic algorithms. Access to the original data is only possible with a decryption key, ensuring that even if the data is intercepted or accessed improperly, it remains protected.
upvoted 1 times
choboanon
4 months, 2 weeks ago
Incorrect. The data is encrypted. Great. The developers still can't do anything with the encrypted data. They need to use the data but we don't want them to access PII. The answer is data masking. We can give them data and anonymize it for them to use. Encryption matters even less as an answer when you consider the data is now anonymous and less risk as an exposure if anonymous data is lost, it's no longer PII
upvoted 1 times
...
...
Binagr8
9 months, 2 weeks ago
It is C. Data tokenization: Data tokenization involves replacing sensitive data with a token or placeholder value while storing the original data securely elsewhere. This allows developers to work with realistic data without exposing the actual sensitive information. Tokenization maintains data integrity and security while allowing authorized users to use the data in development and test environments. It's a widely adopted method for protecting sensitive information while preserving usability.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
CS0-003
Chennai, 1 minute ago