nerdexam
EC-Council

312-50V10 · Question #514

Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?

The correct answer is C. Use encrypted communications protocols to transmit PII. Encrypting PII in transit using protocols like TLS/HTTPS directly addresses the exposure of that data when web applications transmit it, which is the primary attack vector exploited by web vulnerabilities such as man-in-the-middle attacks.

Hacking Web Applications

Question

Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?

Options

  • AUse cryptographic storage to store all PII
  • BUse full disk encryption on all hard drives to protect PII
  • CUse encrypted communications protocols to transmit PII
  • DUse a security token to log into all Web applications that use PII

How the community answered

(59 responses)
  • A
    12% (7)
  • B
    3% (2)
  • C
    78% (46)
  • D
    7% (4)

Why each option

Encrypting PII in transit using protocols like TLS/HTTPS directly addresses the exposure of that data when web applications transmit it, which is the primary attack vector exploited by web vulnerabilities such as man-in-the-middle attacks.

AUse cryptographic storage to store all PII

Cryptographic storage protects PII at rest on the server but does not prevent it from being exposed in transit through a vulnerable web application.

BUse full disk encryption on all hard drives to protect PII

Full disk encryption protects stored data if physical media is stolen but provides no protection against web application vulnerabilities that exfiltrate data over the network.

CUse encrypted communications protocols to transmit PIICorrect

Encrypted communications protocols (TLS/HTTPS) protect PII while it travels between the client and server, preventing interception or tampering by attackers who exploit weak or misconfigured web applications. Web application vulnerabilities frequently result in data being captured in transit, and transport-layer encryption is the direct countermeasure. This aligns with OWASP guidance on protecting sensitive data in transmission.

DUse a security token to log into all Web applications that use PII

A security token strengthens authentication but does not protect PII from being exposed through application-layer vulnerabilities after login.

Concept tested: Protecting PII in transit using encrypted protocols

Source: https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure

Topics

#PII protection#encrypted communications#web application security#data privacy

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice