nerdexam
(ISC)2

CISSP · Question #1214

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

The correct answer is A. Store sensitive data only when necessary.. Avoiding exposure of sensitive data begins with minimizing its storage footprint. Data that is never stored cannot be breached, leaked, or exfiltrated.

Submitted by fernanda_arg· Mar 5, 2026Asset Security

Question

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

Options

  • AStore sensitive data only when necessary.
  • BEducate end-users on methods of attacks on sensitive data.
  • CEstablish report parameters for sensitive data.
  • DMonitor mail servers for sensitive data being exfilltrated.

How the community answered

(34 responses)
  • A
    79% (27)
  • B
    12% (4)
  • C
    3% (1)
  • D
    6% (2)

Why each option

Avoiding exposure of sensitive data begins with minimizing its storage footprint. Data that is never stored cannot be breached, leaked, or exfiltrated.

AStore sensitive data only when necessary.Correct

The principle of data minimization - storing sensitive data only when absolutely necessary - is a foundational security and privacy guideline endorsed by frameworks like GDPR, NIST, and PCI DSS. By limiting the amount of sensitive data retained, organizations drastically reduce the attack surface and the potential impact of a breach. This is a proactive control that prevents exposure before it can occur, rather than reacting to threats after data already exists.

BEducate end-users on methods of attacks on sensitive data.

While user education is a valuable security layer, it is a compensating control that reduces the likelihood of human error rather than directly preventing sensitive data from being exposed at the storage or system level.

CEstablish report parameters for sensitive data.

Establishing report parameters for sensitive data is a detective or administrative control focused on visibility and compliance reporting, not on preventing the initial exposure or unnecessary retention of sensitive data.

DMonitor mail servers for sensitive data being exfilltrated.

Monitoring mail servers for data exfiltration is a reactive detective control that identifies a breach after sensitive data is already at risk of leaving the organization, rather than proactively limiting exposure through data minimization.

Concept tested: Data minimization principle to reduce sensitive data exposure

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-188.pdf

Topics

#Data minimization#Sensitive data protection#Data handling#Privacy by design

Community Discussion

No community discussion yet for this question.

Full CISSP Practice