Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your development team must provide the QA group with a copy of the customer database so they can run realistic regression tests. The tables contain customer names, mailing addresses, credit-card PANs, and loyalty-program IDs that must not be exposed outside production. To satisfy the CSSLP requirement for sanitization when re-using production data in test environments, which approach best meets the goal?

  • Apply a deterministic, keyed hashing or format-preserving masking algorithm to overwrite each sensitive value with an irreversible but syntactically valid surrogate, ensuring the same original value is always mapped to the same replacement across all tables.

  • Drop all columns that contain sensitive data before exporting the database and let testers work with the remaining fields, even if this breaks some foreign-key references.

  • Encrypt the entire database and provide the decryption key only to authorized testers under a nondisclosure agreement.

  • Generate a completely synthetic data set with random values and load it into the QA database without attempting to match it to production records.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot