The question says: "the team utilizes data from an old production database in a secure testing environment." If you are going to use REAL data from a production database in a testing/staging environment, you should consider the confidentiality of those data. C. Biometric data must be protected from disclosure.

They were tasked to collect biometric data, but they ended reuse existing DB, hence it implies that biometric data cannot be changed, therefore old DB is good as it contains valid data.

A is correct Biomitric data can't be changed. Biomitric data can be stored for 10 years by government for relative use

The principle taken into consideration by the team from the point of view of a CISSP is: C. Biometric data must be protected from disclosure. By utilizing data from an old production database in a secure testing environment, the team is ensuring that the biometric data is kept confidential and not disclosed to unauthorized individuals or parties. This is an important aspect of biometric data security, as such data is highly sensitive and can be used for identity theft or other malicious purposes if it falls into the wrong hands.

Biometric datas are setup to be true all the time of your life... Therefore even if from an old production, the information remains correct/exact. Non disclosure preveals !

A and C are both correct: "You can change passwords, but you can’t change your biometric details. If your biometric data is stolen or lost, it could be permanently compromised." "if biometric data is exposed, the risk of identity theft and fraud rises." https://www.avast.com/c-what-is-biometric-data#:~:text=A%20biometric%20is%20only%20as,t%20change%20your%20biometric%20details. The question asks for the principle used when the team utilized a secure environment. Seems like they are guiding towards C.

They wrongly assumed that Biometric data cannot be change, hence ended up using prod DB.

I go with C Option A is not applicable in this scenario as it refers to the immutability of biometric data, which means that once biometric data is collected, it cannot be changed.

A seems correct. C doesn't make any sense in this context

May I know whom decide the correct answers of these questions? Is it based on the passing rate of CISSP exam?

"Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. ...The key is that organizations have a responsibility to protect PII. This includes PII related to employees and customers. Many laws require organizations to notify individuals if a data breach results in a compromise of PII." CISSP 9th ed. off. study guide

I think the answer a is correct

It does not ask what is the purpose of collecting biometric data, there for A is wrong. C is right because the question is about why the biometric data is tested in a secure old prod environment.

hate the question, i think its A though

reread the question, C doesn't even make sense in this aspect.

I think its C