CompTIA CASP+ (CAS-004) — Question 77

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?

Answer options

• A. A DLP program to identify which files have customer data and delete them
• B. An ERP program to identify which processes need to be tracked
• C. A CMDB to report on systems that are not configured to security baselines
• D. A CRM application to consolidate the data and provision access based on the process and need

Correct answer: D

Explanation

The correct answer is D, as a CRM application can help consolidate customer data and ensure that access is granted based on the necessity of the process, thereby enhancing security. Options A, B, and C do not directly address the need to protect customer data and manage access effectively, which is crucial in this scenario.