EC-Council
312-50V9 · Question #238
312-50V9 Question #238: Real Exam Question with Answer & Explanation
The correct answer is B: Use encrypted communications protocols to transmit PII. Encrypting PII in transit using secure communication protocols such as TLS/HTTPS is the primary and most direct control against web application vulnerabilities that expose data during transmission.
Question
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
Options
- AUse cryptographic storage to store all PII
- BUse encrypted communications protocols to transmit PII
- CUse full disk encryption on all hard drives to protect PII
- DUse a security token to log into all Web applications that use PII
Explanation
Encrypting PII in transit using secure communication protocols such as TLS/HTTPS is the primary and most direct control against web application vulnerabilities that expose data during transmission.
Common mistakes.
- A. Cryptographic storage protects PII at rest inside databases or file systems, but does not address the exposure of that data while it is actively transmitted over the network through a web application.
- C. Full disk encryption protects data stored on physical media from unauthorized physical access, but provides no protection against PII exposed during network transmission or web application processing.
- D. Security tokens strengthen authentication and reduce unauthorized login risk, but they do not prevent PII from being exposed through transmission-layer vulnerabilities once a session is established.
Concept tested. Protecting PII via encrypted web communications TLS/HTTPS
Reference. https://owasp.org/www-project-top-ten/
Community Discussion
No community discussion yet for this question.