Data Protection Control Practices Quiz

Questions and Answers

What is a recommended practice to protect sensitive data in applications?

Allowing unlimited input options

Using encryption to transmit sensitive data (correct)

Displaying detailed error messages

Logging limited activity

Which practice helps restrict user access in applications?

Keeping logs of all activity

Providing verbose error messages

Balancing transactions properly

Menus to restrict actions (correct)

What should error messages in applications ideally provide?

Unrestricted access to the system

Verbose details of the error

Minimum necessary information (correct)

Additional options for the user

Why is two-factor authentication usually desirable for critical systems?

To enhance security by requiring multiple credentials for access

What can developers do to address application security issues?

Consider potential risks for each business function

What is the benefit of incorporating security in all phases of the SDLC?

Economic and efficiency benefits

What approach should an IT auditor take when assessing web application vulnerabilities?

Apply a risk-based approach

What is an activity associated with the audit of application controls?

Application risk monitoring

How can identified risks be placed in the context of web development?

Support of best practice material on web development

What should controls reflect in application development activity?

The way development activity takes place in the area under review