CompTIA PenTest+ (PT0-001) — Question 106

A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).

Answer options

• A. Cleartext exposure of SNMP trap data
• B. Software bugs resident in the IT ticketing system
• C. S/MIME certificate templates defined by the CA
• D. Health information communicated over HTTP
• E. DAR encryption on records servers

Correct answer: D, E

Explanation

The correct answers, D and E, are crucial because health information communicated over HTTP is not secure and could be intercepted, while DAR encryption on record servers is vital for protecting sensitive information at rest. Options A, B, and C do not directly relate to the protection of personal health information in the context of compliance with local regulations.