ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A financial-services firm stores customer information in several cloud-hosted PostgreSQL and MySQL databases. To meet new privacy-regulation deadlines, the security team has to pinpoint every column that contains national ID or U.S. Social Security numbers so that masking controls can be applied. Which discovery technique will most effectively locate these sensitive columns in the structured data stores while minimizing false positives?
Use a specialized database discovery scan that first applies regular-expression filters to column names and sampled values and then runs checksum validation on matching data.
Deploy an object-storage content scanner to search all cloud buckets for strings that resemble Social Security numbers.
Analyze outbound DNS queries to identify hosts likely to contain national ID information.
Create cryptographic hashes of each database file and compare them against reference hashes of known PII datasets.
Relational databases use fixed table schemas, so regulated identifiers are stored in specific columns. A purpose-built database discovery tool can enumerate tables, inspect column metadata, sample the data, filter candidates with regular-expression patterns for national-ID formats, and then run checksum or control-digit validation where applicable (for example, on many non-U.S. national IDs). The two-stage process removes values that merely resemble an ID but fail the mathematical integrity check, sharply reducing false positives. Scanning object-storage buckets targets unstructured files, not live database tables; file-level hashing yields only a single digest and reveals nothing about individual fields; and DNS traffic analysis cannot expose column-level contents. Therefore, combining pattern matching with checksum validation during a structured-database discovery scan is the most accurate approach.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are regular expressions in database discovery scans?
Open an interactive chat with Bash
How does checksum validation work for sensitive data discovery?
Open an interactive chat with Bash
Why is scanning relational databases different from scanning object storage?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .