CGEIT Question #294: Real Exam Question with Answer & Explanation

Question

Which of the following is the BEST indication that information security requirements are taken into consideration when developing IT processes?

Options

• AThe database is deployed in a distributed processing platform
• BThe information architecture incorporates data classification
• CCustomer profiles are stored with a domestic service provider
• DThe integrity of sensitive information is periodically reviewed

Explanation

Integrating data classification into the information architecture demonstrates a fundamental consideration of information security requirements early in the design process.

Common mistakes.

• A. Deploying a database in a distributed processing platform is an architectural choice for performance or scalability, not directly indicative of specific information security requirements being considered.
• C. Storing customer profiles with a domestic service provider might address data residency or compliance concerns, but it doesn't indicate a comprehensive approach to integrating security requirements into IT processes.
• D. Periodically reviewing the integrity of sensitive information is an operational security control or audit activity, which occurs after processes are developed, rather than indicating that security was considered during their development.

Concept tested. Security by design, information architecture

Reference. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/govern/security/security-governance#data-classification-standard

No community discussion yet for this question.