Certified Information Security Manager (CISM) — Question 732

Which risk is introduced when using only sanitized data for the testing of applications?

Answer options

• A. Unexpected outcomes may arise in production.
• B. Data disclosure may occur during the migration event.
• C. Breaches of compliance obligations will occur.
• D. Data loss may occur during the testing phase.

Correct answer: A

Explanation

Using only sanitized data can lead to unexpected behaviors in the production environment because the sanitized data may not accurately reflect real-world scenarios. This can cause issues that were not identified during testing. The other options relate to different risks that are not specifically tied to the use of sanitized data in testing.