May 26, 2021

Test question in regard to CASP exam

I am about to take my CASP exam and would like input on the answer to this question please:

The legal department has required that all traffic to and from a company’s cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO)

has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following

presents a long-term risk to user privacy in this scenario?

A. Confidential or sensitive documents are inspected by the firewall before being logged.

B. Latency when viewing videos and other online content may increase.

C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic.

D. Stored logs may contain non-encrypted usernames and passwords for personal websites.

​

Would this be A or D?

Comments

Ghawblin

Key word here is user privacy.

Sensitive/confidential documents are not defined here. Are they documents that may be of *business* privacy concern?

Credentials for personal websites would be a direct user privacy concern, and a potential liability for the company that the legal department would care about.

I would choose D.

***

Alternatively, if it just said “long term risk”, I would say A, because confidential or sensitive documents may be confidential/senstive for decades, maybe even forever, but user credentials should rotate on a somewhat frequent basis.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.