Effective CISSP Questions

Your company is a well-known online music service provider. Consumers install the proprietary player to download and play songs offline. Each piece downloaded is embedded with the consumer’s artificial identifiers or pseudonym and expiration time. Which of the following is the best approach to protecting the copyrighted works while maintaining high sound quality?
A. Metadata
B. Steganography
C. Digital watermark
D. Pseudonymization

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Metadata.

  • Digital watermark typically uses steganography to embed messages “within” the audio or content, which may hurt audio quality.
  • Metadata, on the contrary, is added in the same file but not mixed with the audio.
  • Pseudonymization is used to generate pseudonyms that de-identify the data subject to external parties. Its purpose is not to protect intellectual properties.
  • Steganography can be used to embed messages, but it will alter the content of the original work.


Sometimes, metadata is included in purchased media which records information such as the purchaser’s name, account information, or email address. Also included may be the file’s publisher, author, creation date, download date, and various notes. This information is not embedded in the played content, like a watermark, but is kept separate, but within the file or stream.

As an example, metadata is used in media purchased from Apple’s iTunes Store for DRM-free as well as DRM-restricted versions of their music or videos. This information is included as MPEG standard metadata.

Source: Wikipedia

Steganography Exercise

The following is a steganographic image protected by a password, “wuson”. you can decode the image here.

Steganographic Image
Steganographic Image (Password: wuson)



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

貴公司是著名的在線音樂服務提供商。 消費者安裝專用的播放器下載和離線播放歌曲。 下載的每件作品均嵌入了消費者的人工或擬暱名化標識別代碼和有效期。 以下哪個方法最能保護版權作品,同時又能維持高音質?
A. 元數據 (Metadata)
B. 隱寫術 (Steganography)
C. 數位浮水印 (Digital watermark)
D. 擬暱名化 (Pseudonymization)

Leave a Reply