CompTIA CySA+ (CS0-003) — Question 52

A security administrator needs to import PII data records from the production environment to the test environment for testing purposes. Which of the following would best protect data confidentiality?

Answer options

• A. Data masking
• B. Hashing
• C. Watermarking
• D. Encoding

Correct answer: A

Explanation

Data masking is the most effective way to protect sensitive data confidentiality while allowing for testing. Hashing is not suitable for PII data as it creates a permanent transformation that cannot be reversed, making it unusable for testing. Watermarking is used for copyright protection and does not enhance data confidentiality, while encoding simply transforms data into a different format without securing its content.