Question 36
Domain 2: Privacy Risk ManagementA website uses session replay to record every keystroke on a form, including text users type and then delete before submitting. Which fact most increases the privacy concern?
Correct answer: B
Explanation
Session replay captures user input as it is entered, so deleted keystrokes can still be recorded. That raises privacy risk because unsubmitted text may expose sensitive information users never intended to send, even though it never appeared in the final form submission.
Why each option is right or wrong
A. The data is stored in the cloud
B. Unsubmitted text may reveal sensitive information users never intended to send
Session replay tools can capture data at the point of entry, not just what is ultimately submitted, so the deleted keystrokes may still be stored and transmitted to the vendor. The privacy concern is heightened because that means information such as passwords, medical details, or other sensitive data can be recorded even if the user erased it before submission, creating a disclosure risk under common privacy principles like data minimization and purpose limitation.
C. The replay tool is expensive
D. The form also contains optional fields