nerdexam
Isaca

CDPSE · Question #197

When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?

The correct answer is A. The key must be kept separate and distinct from the data it protects.. Option A is correct because anonymization techniques like pseudonymization rely on a cryptographic key to map real identifiers to anonymized ones. If that key is stored alongside the protected data, any attacker who breaches the data store automatically has everything needed to r

Privacy Architecture

Question

When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?

Options

  • AThe key must be kept separate and distinct from the data it protects.
  • BThe data must be protected by multi-factor authentication.
  • CThe key must be a combination of alpha and numeric characters.
  • DThe data must be stored in locations protected by data loss prevention (DLP) technology.

How the community answered

(46 responses)
  • A
    74% (34)
  • B
    4% (2)
  • C
    15% (7)
  • D
    7% (3)

Explanation

Option A is correct because anonymization techniques like pseudonymization rely on a cryptographic key to map real identifiers to anonymized ones. If that key is stored alongside the protected data, any attacker who breaches the data store automatically has everything needed to re-identify individuals - making the anonymization worthless. Keeping the key separate and distinct is the foundational requirement that makes the technique meaningful.

B is wrong because multi-factor authentication is an access control mechanism, not a property of the anonymization itself - it doesn't affect whether the data can be re-identified if the key is compromised.

C is wrong because key character composition (alphanumeric vs. other formats) is a secondary strength consideration; a complex key stored next to the data it protects still provides no real anonymization guarantee.

D is wrong because DLP technology prevents unauthorized data exfiltration but does nothing to ensure the anonymization scheme is structurally sound - the data could still be re-identified if the key is co-located with it.

Memory tip: Think of the key as a "decoder ring" - locking the decoder ring inside the same safe as the coded message defeats the entire purpose. Separate the secret from what it protects.

Topics

#Anonymization#Key Management#Key Separation#Data Protection

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice