ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A financial services firm stores customer information in a cloud-hosted relational database. You are asked to implement automated discovery of personally identifiable information (PII) so that the data protection team can track where sensitive fields are located before applying controls. Which approach is most suitable for discovering PII that resides in this structured data set while keeping the rate of false positives low?
Analyze the database's system catalog and column metadata to identify fields whose names, data types, or built-in sensitivity tags indicate they may contain PII.
Encrypt the entire database with fully homomorphic encryption so discovery tools can scan the ciphertext without exposure.
Export all tables to flat files and run regular-expression searches for Social Security number and credit-card patterns across the dumps.
Deploy an agentless network DLP appliance to inspect outbound SQL traffic for PII signatures as users query the database.
Because the data reside in a relational (structured) database, the quickest and most accurate way to discover PII is to query the database's system catalog to obtain table and column definitions, data types, and any existing sensitivity or classification tags. Leveraging this metadata lets a discovery tool focus directly on columns likely to contain PII (for example, CHAR(9) columns named SSN or customer_ssn), reducing the need for pattern matching across every row and thus minimizing false positives.
Scanning exported flat files with regular expressions can locate patterns but typically produces many false positives and misses context such as column semantics. Network DLP only observes data in motion; it does not enumerate where data are stored inside the database. Applying homomorphic encryption is a protection technique, not a discovery method, and would actually make content inspection impossible unless decrypted first. Therefore, using the database catalog and schema metadata is the most appropriate discovery technique for structured data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a database system catalog?
Open an interactive chat with Bash
How do sensitivity tags help in PII discovery?
Open an interactive chat with Bash
Why is regular-expression searching prone to false positives?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .