Q: 12
[Incident Handling and Response Process]
Your company holds a large amount of customer PH. and you want to protect those data from theft
or unauthorized modification. Among other actions, you classify and encrypt the dat
a. In this process, which of the following OWASP security risks are you guarding against?
Options
Discussion
Classifying and encrypting definitely matters but if the configs around encryption were weak, B could actually come into play.
Pretty sure B, since misconfiguration could leave encrypted data exposed even with controls. D is probably the trap everyone picks.
D imo, official guide and OWASP summaries mention encryption best practices for sensitive data exposure.
C vs D
Not convinced it's only D since strong authentication also helps protect sensitive info. Could see broken authentication (C) as a trap here.
Not convinced it's only D since strong authentication also helps protect sensitive info. Could see broken authentication (C) as a trap here.
D
Its D, encryption and data classification mainly protect against sensitive data exposure.
Be respectful. No spam.
