ExpertEasy1 markMultiple Choice
CPA · Question 46 · Area II: Security
An auditor is reviewing a database schema. They notice that the 'SocialSecurityNumber' column is stored in cleartext. Which control is missing?
An auditor is reviewing a database schema. They notice that the 'SocialSecurityNumber' column is stored in cleartext. Which control is missing?
Answer options:
A.
Data in Transit Encryption
B.
Data at Rest Encryption
C.
Digital Signature
D.
Firewall
How to approach this question
Identify the state of data (Stored = At Rest).
Full Answer
B.Data at Rest Encryption✓ Correct
B
Data stored in a database is 'Data at Rest'. Storing sensitive PII like SSNs in cleartext is a failure to implement Data at Rest Encryption.
Common mistakes
Confusing Data at Rest with Data in Transit.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium