nerdexam
EC-Council

312-50V10 · Question #446

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

The correct answer is B. Use encrypted communications protocols to transmit PII. Encrypting data in transit using protocols like TLS/HTTPS is the primary defense for protecting PII against web application vulnerabilities such as eavesdropping and man-in-the-middle attacks.

Hacking Web Applications

Question

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Options

  • AUse cryptographic storage to store all PII
  • BUse encrypted communications protocols to transmit PII
  • CUse full disk encryption on all hard drives to protect PII
  • DUse a security token to log into all Web applications that use PII

How the community answered

(32 responses)
  • A
    6% (2)
  • B
    91% (29)
  • C
    3% (1)

Why each option

Encrypting data in transit using protocols like TLS/HTTPS is the primary defense for protecting PII against web application vulnerabilities such as eavesdropping and man-in-the-middle attacks.

AUse cryptographic storage to store all PII

Cryptographic storage protects PII at rest in a database, but does not address vulnerabilities that expose data during web application transmission.

BUse encrypted communications protocols to transmit PIICorrect

Using encrypted communications protocols such as TLS/HTTPS protects PII while it travels between the client and server, directly mitigating web application vulnerabilities like man-in-the-middle attacks and eavesdropping. This is the most relevant control because web applications primarily expose PII during transmission, and encryption ensures that intercepted data remains unreadable to attackers.

CUse full disk encryption on all hard drives to protect PII

Full disk encryption protects data on physical media from unauthorized physical access, but provides no protection against web application attacks that target data in transit or in use.

DUse a security token to log into all Web applications that use PII

A security token addresses authentication and identity verification, not the protection of PII data itself from web application vulnerabilities.

Concept tested: Protecting PII in transit using encrypted protocols

Source: https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html

Topics

#PII protection#encrypted communications#web application security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice