Certified in Risk and Information Systems Control (CRISC) — Question 547

Which of the following is the BEST approach for an organization in a heavily regulated industry to comprehensively test application functionality?

Answer options

• A. Use production data in a non-production environment.
• B. Use anonymized data in a non-production environment.
• C. Use test data in a production environment.
• D. Use masked data in a non-production environment.

Correct answer: D

Explanation

The correct answer is D because using masked data in a non-production environment allows for comprehensive testing without exposing sensitive information, which is crucial in regulated industries. Option A is inappropriate as it risks exposure of sensitive data, option B, while safer, may not fully simulate real-world scenarios, and option C is not advisable as it involves testing with live data, which can lead to compliance violations.