Ch 06 Data Security

Question 1

Data at rest is commonly
A. Using a RESTful protocol for transmission
B. Stored in registers
C. Being transmitted across the network
D. Stored in external storage devices

Answer 1

D. Data at rest is characterized by residing in secondary storage devices such as disk drives, DVDs, or magnetic tapes. Registers are temporary storage within the CPU and are used for data storage only when the data is being used.

Question 2

Data in motion is commonly
A. Using a RESTful protocol for transmission
B. Stored in registers
C. Being transmitted across the network
D. Stored in external storage devices

Answer 2

C. Data in motion is characterized by network or off-host transmission. The RESTful protocol, while pertaining to a subset of data on a network, is not as good an answer as option C.

Question 3

Data in use is commonly
A. Using a RESTful protocol for transmission
B. Stored in registers
C. Being transmitted across the network
D. Stored in external storage devices

Answer 3

B. Registers are used only while data is being used by the CPU, so when data is resident in registers, it is, by definition, in use.

Question 4

Which of the following best describes an application of cryptography to protect data at rest?
A. VPN
B. Degaussing
C. Whole-disk encryption
D. Up-to-date antivirus software

Answer 4

C. Data at rest is best protected using whole-disk encryption on the user workstations or mobile computers. None of the other options apply to data at rest.

Question 5

Which of the following best describes an application of cryptography to protect data in motion?
A. Testing software against side-channel attacks
B. TLS
C. Whole-disk encryption
D. EDLP

Answer 5

B. Data in motion is best protected by network encryption solutions such as TLS, VPN, or IPSec. None of the other options apply to data in motion.

Question 6

Which of the following is not a digital asset management task?
A. Tracking the number and location of backup versions
B. Deciding the classification of data assets
C. Documenting the history of changes
D. Carrying out secure disposal activities

Answer 6

B. The classification of a data asset is determined by the asset owner before it starts being managed. Otherwise, how would the manager know how to handle it? All other answers are typically part of digital asset management.

Question 7

Which data protection method would best allow you to detect a malicious insider trying to access a data asset within your corporate infrastructure?
A. Digital Rights Management (DRM)
B. Steganography
C. Cloud access security broker (CASB)
D. Data loss prevention (DLP)

Answer 7

C. Cloud access security brokers (CASBs) provide visibility and control over user activities on cloud services. Provided the asset in question is in the cloud, this would be your best option. Data loss prevention (DLP) systems are primarily concerned with preventing unauthorized external parties from gaining access to sensitive data.

Question 8

What term best describes the flow of data assets to an unauthorized external party?
A. Data leakage
B. Data in motion
C. Data flow
D. Steganography

Answer 8

A. Data leakage is the flow of sensitive information to unauthorized external parties.