nerdexam
EC-Council

312-50V11 · Question #446

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

The correct answer is B. Use encrypted communications protocols to transmit PII. Encrypting PII in transit with protocols such as TLS/HTTPS is the best defense against web application vulnerabilities that expose data during transmission between client and server.

Hacking Web Applications

Question

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Options

  • AUse cryptographic storage to store all PII
  • BUse encrypted communications protocols to transmit PII
  • CUse full disk encryption on all hard drives to protect PII
  • DUse a security token to log into all Web applications that use PII

How the community answered

(19 responses)
  • A
    5% (1)
  • B
    89% (17)
  • D
    5% (1)

Why each option

Encrypting PII in transit with protocols such as TLS/HTTPS is the best defense against web application vulnerabilities that expose data during transmission between client and server.

AUse cryptographic storage to store all PII

Cryptographic storage protects data at rest but does not prevent web application vulnerabilities such as SQL injection or insecure API calls from exposing PII as it is read from storage and transmitted.

BUse encrypted communications protocols to transmit PIICorrect

Web application vulnerabilities such as man-in-the-middle interception and insecure transmission directly target PII moving across the network. Using encrypted communications protocols like TLS ensures that even if traffic is intercepted, the data cannot be read in plaintext, directly addressing the primary exposure vector for PII in web applications.

CUse full disk encryption on all hard drives to protect PII

Full disk encryption protects data on stolen or physically accessed media but provides no protection against web application vulnerabilities that retrieve data through normal authenticated application interfaces.

DUse a security token to log into all Web applications that use PII

Security tokens strengthen authentication and session management but do not protect the PII payload itself from vulnerabilities such as XSS, SQL injection, or insecure direct object references once a session is active.

Concept tested: Protecting PII with encrypted web transmission protocols

Source: https://owasp.org/www-project-top-ten/

Topics

#PII protection#encrypted transmission#web application security#data privacy

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice