Practice Question · CISSP Study Group

Practice Question

You’re consulting for a healthcare organization that stores patient records in a hybrid cloud environment. The data is classified as "Highly Confidential." A developer in the team has requested access to production data to troubleshoot issues. The organization lacks a robust data classification enforcement policy. What is the BEST course of action?

A. Allow the developer read-only access under supervision.

B. Mask or anonymize the data before granting limited access.

C. Grant access after requiring the developer to sign a confidentiality agreement.

D. Deny access and escalate the request to the compliance team.

16 comments