ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a security design review, a team must store employees Social Security numbers in a relational database but still allow the application to retrieve the original value when needed. Regulators require the data to remain confidential even from database administrators. Which control best satisfies this requirement?
Salt and hash each SSN with SHA-256 before writing it to the database.
Apply dynamic data masking to the SSN column so administrators see only partial values.
Encrypt the SSN column using a strong algorithm and store the encryption keys in a dedicated hardware security module.
Use Transport Layer Security (TLS) to encrypt all traffic between the application server and the database.
Encrypting the sensitive column and protecting the encryption keys in an external hardware security module keeps the Social Security numbers unreadable in the database files and any backups. Only the application, which can securely access the keys, can decrypt the data when necessary. Transport Layer Security protects data only while it is moving over the network, not when it is stored. Hashing with SHA-256 is irreversible, so the application could never recover the original SSN values that it must display or transmit. Dynamic data masking merely obscures what certain users see; the underlying data remains in clear text on disk and can still be viewed by privileged administrators. Therefore, column-level encryption with keys kept outside the database is the correct choice for enforcing confidentiality of data at rest against insider access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hardware security module (HSM)?
Open an interactive chat with Bash
Why is column-level encryption better for protecting sensitive data?
Open an interactive chat with Bash
What are the limitations of TLS compared to column-level encryption?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .