CompTIA CySA+ (CS0-002) — Question 391

Which of the following data security controls would work BEST to prevent real PII from being used in an organization's test cloud environment?

Answer options

• A. Encryption
• B. Data loss prevention
• C. Data masking
• D. Digital rights management
• E. Access control

Correct answer: C

Explanation

Data masking is the most suitable choice as it allows for the obfuscation of real PII, ensuring that sensitive information is not exposed in test environments. Encryption, while it protects data, does not prevent the use of real PII; instead, it secures it. The other options, such as data loss prevention and digital rights management, focus more on monitoring and controlling access rather than specifically masking data.