CompTIA CySA+ (CS0-002) — Question 76

A company has contracted with a software development vendor to design a web portal for customers to access a medical records database. Which of the following should the security analyst recommend to BEST control the unauthorized disclosure of sensitive data when sharing the development database with the vendor?

Answer options

• A. Establish an NDA with the vendor.
• B. Enable data masking of sensitive data tables in the database.
• C. Set all database tables to read only.
• D. Use a de-identified data process for the development database.

Correct answer: B

Explanation

The correct answer is B because data masking allows sensitive information to be obscured while still enabling the vendor to develop the portal. Options A and C do not sufficiently protect sensitive data, as an NDA does not prevent data exposure and read-only settings may not prevent sensitive data from being accessed. Option D, while useful, may not provide the same level of protection as data masking in this scenario.