cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Masahiro
Newcomer III

When using RUM, what do you need to take into account?

The question c05.087 of CCSP Official Practice Tests asks which you need to take into account when using real-user monitoring (RUM). And it says like the followings.

 

  1. You need to take privacy concerns into account.
  2. Though false positives are typical for RUM systems, they are incorrect as the answer.

I think you need to take privacy concerns into account not only when using RUM but also when implementing application logging. So I think privacy concerns are important concerns without RUM.

 

While false positives are typical for RUM but are not relevant to application logging.

 

So I cannot understand clearly why option C, "privacy concerns", is correct and option A, "false positive" is incorrect.

 

What do you think?

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
2 Replies
Early_Adopter
Community Champion

Re: When using RUM, what do you need to take into account?

IMHO this is correct.

 

I think this is a case of foundational, best or most correct answer versus the simply correct.

 

Rationale…

 

RUM is pretty spooky and to do it in most jurisdictions you’ll need to have consent(specific) for the processing of this personal data. You’ll need to capture everything you do with it to ensure accountability, considering why and how you process the data and why. Moreover, in regards to harm you’d only start to really consider what the false negative/positive metrics meant to the individual in terms of harm, their interests etc. Often a detection will just alert a person that they should take a look.

 

So while I think you totally consider false positives, I think that they are downstream of the privacy considerations and their impact will depend on many factors.

 

Unless of course the system doing the RUM ‘releases the hounds’ or similar on a false positive with no human in the loop to countermand this.

Masahiro
Newcomer III

Re: When using RUM, what do you need to take into account?

Thank you, @Early_Adopter .

Your reply has made me clear.

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile