CISA Exam QuestionsBrowse all questions from this exam

CISA Exam - Question 141


What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the downstream system for payment processing?

Show Answer
Correct Answer: B

The best method for securing credit card numbers stored temporarily on a file server prior to transmission is encryption with strong cryptography. This ensures that even if the data is accessed by unauthorized individuals, it will be unreadable and secure. Masking and truncation are not suitable because they do not fully protect the entire credit card number, and a one-way hash is not reversible, making it unusable for further processing by the payment system.

Discussion

11 comments
Sign in to comment
BabaPOption: B
Apr 30, 2023

Answer is B. how do you mask a file server?

MunaMOption: B
Sep 5, 2022

Answer should be B as encryption is the best protection

Victor83516Option: A
Oct 9, 2022

Because it is only temporarily stored, if encryption is used, it will cause redundant operations, and it is better to use masking.

MichaelHoangOption: B
Jan 13, 2023

i vote for B. If masking is being used here, how the data is processed by payment system. Once the data is masked, you cannot retrieve the original data hence the payment system cannot use this data. Therefore, i vote for encryption here.

MohamedAbdelaalOption: A
Apr 27, 2023

A for sure

mibg83Option: B
Jun 6, 2023

Encryption

blues_leeOption: B
Jan 18, 2024

Encryption with strong cryptography

JulianleehkOption: A
Sep 30, 2022

It should be A

2022cisa
Oct 8, 2022

Pls explain why masking is better than encryption

2022cisaOption: D
Oct 8, 2022

Why not D, 1 way hash ; as B only says encryption , so it can be symmetric also

ChaBum
Feb 27, 2024

hash is not reversible, so you can only check the hash again another hash coming from the same "data", sending the hash over would be useless if the information of the credit card is not already with the other party.

2022cisaOption: A
Oct 8, 2022

Agree, answer should be A , as Q says prior to transmission, and encryption ensures integrity during transmission via cryptographic key pairs

46080f2Option: B
Jun 11, 2024

Vote for B. – based on the case study in the ISACA Manual 27th ed: § 3.8.1 – “… forwards all sales data over a frame relay network to database servers located at the retailer’s corporate headquarters, with strong encryption applied to the data, which are then sent over a virtual private network (VPN) to the credit card processor for approval of the sale….”