CompTIA Security+ (SY0-501) — Question 553

A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization.
The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach. Which of the following would allow the team to determine the scope of future incidents?

Answer options

• A. Intrusion detection system
• B. Database access monitoring
• C. Application fuzzing
• D. Monthly vulnerability scans

Correct answer: B

Explanation

The correct answer, Database access monitoring, enables the IT department to track who accesses sensitive data and how, helping to identify potential breaches. Intrusion detection systems focus on detecting unauthorized access rather than monitoring database access specifically. Application fuzzing is a testing technique used to find vulnerabilities in applications, not for monitoring data access. Monthly vulnerability scans are aimed at identifying security weaknesses but do not provide real-time monitoring of data access.