Chapter 4 - Quiz
DLP can be combined with what other security tools to enhance data controls? A. IRM B. SIEM C. Kerberos D. Hypervisors
A. DLP can be combined with IRM tools to protect intellectual property; both are designed to deal with data that falls into special categories. SIEMs are used for monitoring event logs, not live data movement. Kerberos is an authentication mechanism. Hypervisors are used for virtualization.
DLP solutions can help deter loss because of which of the following? A. Malicious disclosure B. Performance issues C. Bad policy D. Power failure
A. DLP tools can identify outbound traffic that violates the organization's policies. DLP will not protect against losses due to performance issues or power failures. The DLP solution must be configured according to the organization's policies, so bad policies will attenuate the effectiveness of DLP tools, not the other way around.
Proper implementation of DLP solutions for successful function requires which of the following? A. Accurate data categorization B. Physical access limitations C. USB connectivity D. Physical presence
A. DLP tools need to be aware of which information to monitor and what information requires categorization (usually done upon data creation, by the data owners). DLPs can be implemented with or without physical access or presence. USB connectivity has nothing to do with DLP solutions.
What are the US State Department controls on technology exports known as? A. ITAR B. EAR C. EAL D. IRM
A. ITAR is a Department of State program. EAR is a Commerce Department program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Information rights management tools are used for protecting electronic processing of intellectual property.
Cryptographic keys should be secured. A. To a level at least as high as the data they can decrypt B. In vaults C. By armed guards D. With two-person integrity
A. The physical security of crypto keys is of some concern, but guards or vaults are not always necessary. Two-person integrity might be a good practice for protecting keys. The best answer to this question is option A, because it is always true, whereas the remaining options depend on circumstances.
What are third-party providers of IAM functions for the cloud environment? A. DLPs B. CASBs C. SIEMs D. AESs
B. Cloud access security brokers provide IAM functions. Data loss, leak prevention, and protection are a family of tools used to reduce the possibility of unauthorized disclosure of sensitive information. SIEMs are tools used to collate and manage log data. AES is an encryption standard.
Cryptographic keys for encrypted data stored in the cloud should be. A. At least 128 bits long B. Not stored with the cloud provider C. Split into groups D. Generated with dependencies
B. Cryptographic keys should not be stored along with the data they secure, regardless of key length. We don't group crypto keys (doing so would violate the principle of secrecy necessary for keys to serve their purpose). Keys should be based on randomized (or pseudorandomized) generation and not have any dependency.
The goals of DLP solution implementation include all of the following except. A. Policy enforcement B. Elasticity C. Data discovery D. Mitigating loss
B. DLP does not have anything to do with elasticity, which is the capability of the environment to scale up or down according to demand. All the rest are goals of DLP implementations.
DLP solutions can aid in deterring loss due to which of the following? A. Randomization B. Inadvertent disclosure C. Natural disaster D. Device failure
B. DLP solutions may protect against inadvertent disclosure. Randomization is a technique for obscuring data, not a risk to data. DLP tools will not protect against risks from natural disasters or against impacts due to device failure.
All of the following are terms used to describe the practice of obscuring original raw data so that only a portion is displayed for operational purposes except. A. Tokenization B. Data discovery C. Obfuscation D. Masking
B. Data discovery is a term used to describe the process of identifying information according to specific traits or categories. The rest are all methods for obscuring data
What are the US Commerce Department controls on technology exports known as? A. ITAR B. EAR C. EAL D. IRM
B. EAR is a Commerce Department program. ITAR is a State Department program. Evaluation assurance levels are part of the ISO's Common Criteria standard. Information rights management tools are used for protecting electronic processing of intellectual property
Tokenization requires two distinct. A. Authentication factors B. Databases C. Encryption keys D. Personnel
B. In order to implement tokenization, there will need to be two databases: the database containing the raw, original data and the token database containing tokens that map to original data. Having two-factor authentication is nice, but certainly not required. Encryption keys are not necessary for tokenization. Two-person integrity does not have anything to do with tokenization.
What is the correct order of the phases of the data lifecycle? A. Create, Store, Use, Archive, Share, Destroy B. Create, Store, Use, Share, Archive, Destroy C. Create, Use, Store, Share, Archive, Destroy D. Create, Archive, Store, Share, Use, Destroy
B. The other options are the names of the phases, but they are out of proper order.
What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first? A. AES B. Link encryption C. Homomorphic encryption D. One-time pads
C. AES is an encryption standard. Link encryption is a method for protecting communications traffic. Using one-time pads is an encryption method.
What is a cloud storage architecture that manages the data in an arrangement of fields according to characteristics of each data element? A. Object-based storage B. File-based storage C. Database D. CDN
C. Databases store data in fields, in a relational motif. Object-based storage stores data as objects in a volume, with labels and metadata. File-based is a cloud storage architecture that manages the data in a hierarchy of files. A CDN stores data in caches of copied content near locations of high demand.
What is a cloud storage architecture that manages the data in caches of copied content close to locations of high demand? A. Object-based storage B. File-based storage C. Database D. CDN
D. A CDN stores data in caches of copied content near locations of high demand. Objectbased storage stores data as objects in a volume, with labels and metadata. File-based is a cloud storage architecture that manages the data in a hierarchy of files. Databases store data in fields, in a relational motif.
When crafting plans and policies for data archiving, we should consider all of the following except. A. Archive location B. The backup process C. The format of the data D. Immediacy of the technology
D. All of these things should be considered when creating data archival policies except option D, which is a nonsense term.
Data masking can be used to provide all of the following functionality except. A. Secure remote access B. Enforcing least privilege C. Testing data in sandboxed environments D. Authentication of privileged users
D. Data masking does not support authentication in any way. All the others are excellent use cases for data masking.
The goals of SIEM solution implementation include all of the following except A. Centralization of log streams B. Trend analysis C. Dashboarding D. Performance enhancement
D. SIEM is not intended to provide any enhancement of performance; in fact, a SIEM solution may decrease performance because of additional overhead. All the rest are goals of SIEM implementations.
Best practices for key management include all of the following except. A. Have key recovery processes B. Maintain key security C. Pass keys out of band D. Ensure multifactor authentication
D. We should do all of these except for requiring multifactor authentication. Multifactor authentication might be an element of access control for keys, but it is not specifically an element of key management.