CISSP • Practice Test 38
Free CISSP practice test — 15 questions with explanations. Set 38. No signup required.
A healthcare organization uses a custom application to manage patient records. The application uses a database with encrypted columns for sensitive data. The security team discovers that an insider has been copying encrypted data to an external drive. While the data is encrypted, the encryption key is stored in a configuration file accessible to the application. Which additional control would best mitigate this risk?