SY0-701 · Question #557
SY0-701 Question #557: Real Exam Question with Answer & Explanation
The correct answer is D: Masking. Masking directly addresses the problem by replacing or partially obscuring sensitive values in logs - for example, rendering 4111 1111 1111 1111 as *---1111 - so even if logs are accessed inappropriately, full account numbers are never exposed. Segmentation (A) controls which sys
Question
An audit reveals that cardholder database logs are exposing account numbers inappropriately. Which of the following mechanisms would help limit the impact of this error?
Options
- ASegmentation
- BHashing
- CJournaling
- DMasking
Explanation
Masking directly addresses the problem by replacing or partially obscuring sensitive values in logs - for example, rendering 4111 1111 1111 1111 as ****-****-****-1111 - so even if logs are accessed inappropriately, full account numbers are never exposed.
Segmentation (A) controls which systems or networks can communicate with each other, but it does nothing to redact the content of the logs themselves - the account numbers would still be fully visible to anyone with access to the segmented zone.
Hashing (B) is a one-way transformation used to protect values like passwords, but it's not suited for account numbers in logs because hashed values can't be reversed to retrieve the original number for legitimate use, and hash outputs don't look like masked card data.
Journaling (C) is a database/filesystem technique that records transactional changes to support recovery and integrity - it actually increases the amount of data recorded, making exposure worse, not better.
Memory tip: Think of a masquerade ball - attendees are present, but their identities are hidden behind masks. Masking data lets logs function normally while keeping the sensitive "identity" (the account number) concealed.
Topics
Community Discussion
No community discussion yet for this question.