You create Web-based client applications. You are creating an intranet application that reviews customer data. The internal Personally Identifiable Information (PII) policy specifies the following requirements for access to customer data:
Only employees in the customer management group can access the customer data. Access to customer data is limited to computers that are inside company facilities.
The legal team advises that you log information that verifies that you have met the PII requirements. The log might be useful if there is a legal challenge over customer privacy. You must create a design that uses minimum amount of storage. You must also ensure that the design meets all the requirements. You decide to store the Microsoft Windows user name for any user who uses the program to access the customer data. You also decide to store the date and time of the access. You need to decide if the design will meet all the requirements. What should you conclude?
A.
The design meets the requirements. The design stores sufficient information to provide the legal department with documentation that their rules have been followed without wasting space on extra data.
B.
The design does not meet the requirements. You need to store only user information about failed logon attempts. This design wastes space storing extra data.
C.
The design does not meet the requirements. You also need to store the IP address of all logon attempts to demonstrate that the access was made from inside the company.
D.
The design does not meet the requirements. You also need to store the IP address of all failed logon attempts to demonstrate that the access was made from inside the company.