nerdexam
CompTIA

DS0-001 · Question #102

During a routine audit, a database administrator discovers that the department manager's birthday is next week. The database administrator decides to plan a birthday party for the manager. Which of th

The correct answer is A. PII. PII (Personally Identifiable Information) is violated here because a birthday is personal data that was accessed through a privileged database role and then used for a purpose outside the original scope of data collection - the administrator used it for personal social planning,

Data and Database Security

Question

During a routine audit, a database administrator discovers that the department manager's birthday is next week. The database administrator decides to plan a birthday party for the manager. Which of the following guidelines would the administrator violate by planning the party?

Options

  • APII
  • BPCI DSS
  • CSOX
  • DANSI

How the community answered

(52 responses)
  • A
    77% (40)
  • B
    6% (3)
  • C
    13% (7)
  • D
    4% (2)

Explanation

PII (Personally Identifiable Information) is violated here because a birthday is personal data that was accessed through a privileged database role and then used for a purpose outside the original scope of data collection - the administrator used it for personal social planning, not business operations. This misuse of access to personal details breaches PII handling guidelines, which require that personal data be used only for its intended, authorized purpose.

Why the distractors are wrong:

  • B (PCI DSS) governs payment card data (credit card numbers, cardholder info) - a birthday has nothing to do with financial transactions.
  • C (SOX) - the Sarbanes-Oxley Act applies to financial reporting and corporate accounting controls, not personal data privacy.
  • D (ANSI) - ANSI is a standards organization; it doesn't define data privacy or handling regulations.

Memory tip: Think "PII = Personal Info Is private." Any time someone uses personal data (name, birthday, address, SSN) outside its intended purpose - especially via privileged access - PII is the guideline in play. If the question involves how someone uses personal data rather than financial records or accounting, PII is almost always the answer.

Topics

#PII#Privacy Compliance#Data Protection#Data Governance

Community Discussion

No community discussion yet for this question.

Full DS0-001 Practice