ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization's policy mandates that all payroll data be encrypted at rest. Unfortunately, the legacy UNIX server that hosts the payroll database cannot support any modern filesystem or database-level encryption, and a platform upgrade is at least six months away. As the security practitioner, which action represents the most appropriate compensating control to meet the encryption-at-rest requirement while the legacy system remains in service?
Integrate an approved cryptographic library into the payroll application to encrypt sensitive records before they are written to disk.
Schedule nightly full backups of the payroll server to encrypted tapes that are stored in an off-site vault.
Place the legacy payroll server in an isolated VLAN protected by an additional firewall that only allows traffic from HR workstations.
Increase password complexity requirements and enforce a 90-day rotation policy for all payroll system user accounts.
A compensating control must deliver security that is equivalent to, or stronger than, the original requirement when the prescribed control cannot be implemented. Because the legacy operating system cannot perform native filesystem or transparent database encryption, the most effective alternative is to modify the application so it encrypts sensitive payroll fields before they are written to disk. This ensures the data is actually stored in ciphertext, satisfying the policy's encryption-at-rest mandate. Simply restricting network access, enforcing stronger passwords, or backing up to encrypted media may reduce other risks, but none of those options guarantee that the data residing on the legacy server itself is encrypted, so they do not fully meet the stated requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a cryptographic library?
Open an interactive chat with Bash
Why is encryption at rest critical for sensitive data?
Open an interactive chat with Bash
What does a compensating control mean in security?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .