Data Protection Control Practices Quiz

Questions and Answers

What is a recommended practice to protect sensitive data in applications?

• Allowing unlimited input options
• Using encryption to transmit sensitive data (correct)
• Displaying detailed error messages
• Logging limited activity

Which practice helps restrict user access in applications?

• Keeping logs of all activity
• Providing verbose error messages
• Balancing transactions properly
• Menus to restrict actions (correct)

What should error messages in applications ideally provide?

• Unrestricted access to the system
• Verbose details of the error
• Minimum necessary information (correct)
• Additional options for the user

Why is two-factor authentication usually desirable for critical systems?

To enhance security by requiring multiple credentials for access (A)

What can developers do to address application security issues?

Consider potential risks for each business function (B)

What is the benefit of incorporating security in all phases of the SDLC?

Economic and efficiency benefits (C)

What approach should an IT auditor take when assessing web application vulnerabilities?

Apply a risk-based approach (A)

What is an activity associated with the audit of application controls?

Application risk monitoring (B)

How can identified risks be placed in the context of web development?

Support of best practice material on web development (C)

What should controls reflect in application development activity?

The way development activity takes place in the area under review (B)