Certified in Risk and Information Systems Control (CRISC) — Question 516

Which of the following would MOST effectively mitigate the risk of data loss when production data is being used in a testing environment?

Answer options

• A. Data obfuscation
• B. Database encryption
• C. Access management
• D. Data cleansing and normalization

Correct answer: A

Explanation

Data obfuscation is the most effective method for protecting sensitive information in a testing environment, as it modifies the data while preserving its usability for testing. Database encryption secures data at rest and in transit but does not prevent exposure in a testing scenario. Access management controls who can view or use data but does not inherently protect the data itself. Data cleansing and normalization focus on data quality rather than security and do not address the risk of data exposure.