Which of the following is an appropriate source for test data?
A.
Production data that is secured and maintained only in the production environment.
B.
Test data that has no similarities to production data.
C.
Test data that is mirrored and kept up-to-date with production data.
D.
Production data that has been sanitized before loading into a test environment.
Why not C?
0
0
i thought it was “C” too. But this is a good example of CISSP “choose the best answer.” I guess sanitizing makes it the better answer.
0
0
Test data will be used on qualification systems where access control will be weaker than on production systems. If you mirror the whole data, including sensitive information, chances are that these sensitive information will therefore leak.
Your test data must therefore be similar to production one (for the test to be realistic-enough) but sanitized (to prevent any leak of sensitive information).
0
0
“If you mirror the whole data, including sensitive information, chances are that these sensitive information will therefore leak.”
I don’t agree that the chances are it will leak.
0
0