Data Protection

Question 1

Information is subject to the laws & governance structures within their nation where it is collected. Refers to the concept that digital information is subject to the laws of the country in which it is located.

Answer 1

Data Sovereignty

Question 2

Strategy for ensuring sensitive or critical information does not leave an organization. Set up to monitor the data of a system while it’s in use, in transit, or at rest in order to detect any attempts to steal the data.

Answer 2

Data Loss Prevention (DLP)

Question 3

Category based on the organization’s value & the sensitivity of the information if it were to be disclosed.

Answer 3

Data Classification

Question 4

Any information that can result in a loss of security or a loss of advantage to a company if accessed by an unauthorized person.

Answer 4

Sensitive Data

Question 5

Has no impact on the company if released & is often posted in an open -source environment.

Answer 5

Public Data

Question 6

Has minimal impact if released (organization’s financial data).

Answer 6

Sensitive Data

Question 7

Contains data that should only be used within the organization.

Answer 7

Private Data

Question 8

Contains items such as trade secrets, intellectual property data, & source code that affect the business if disclosed.

Answer 8

Confidential Data

Question 9

Contains valuable information.

Answer 9

Critical

Question 10

Data that can be released to the public or under the Freedom of Information Act.

Answer 10

Unclassified

Question 11

Data that would not hurt national security if released but could impact those whose data was being used.

Answer 11

Sensitive but Unclassified.

Question 12

Data that could seriously affect the government if unauthorized disclosures happen.

Answer 12

Confidential (Government)

Question 13

Data that could seriously damage national security if it is disclosed.

Answer 13

Secret

Question 14

Data that would damage national security if it is disclosed.

Answer 14

Top Secret

Question 15

Process of identifying the person responsible for the confidentiality, integrity, availability, & privacy of the information assets.

Answer 15

Data Ownership

Question 16

Senior executive role that has the responsibility for maintaining the confidentiality, integrity, and availability of the information assets.

Answer 16

Data Owner

Question 17

Entity that holds responsibility for deciding the purposes & methods of data storage, collection, and usage, and for guaranteeing the legality of processes.

Answer 17

Data Controller

Question 18

Group or individual hired by the data Controller to help with tasks like collecting, storing, or analyzing data.

Answer 18

Data Processor

Question 19

Focused on the quality of the data & the associated metadata.

Answer 19

Data Steward

Question 20

Responsible for handling the management of the system on which the data assets are stored.

Answer 20

Data Custodian (System Administrator)

Question 21

Role that is responsible for the oversight of any kind of privacy-related data, like PII, SPI, or PHI.

Answer 21

Privacy Officer

Question 22

Should be a business entity responsible for creating this information; know more about the data based on the content of the company, with each owner being assigned to their own department.

Answer 22

Who should be the data owner?

Question 23

These people should never be the data owner.

Answer 23

I.T. People

Question 24

Refers to any data stored in databases, file systems, or other storage systems.

Answer 24

Data at Rest

Question 25

Encrypts the entire hard drive.

Answer 25

Full Disk Encryption

Question 26

Encrypts specific partitions of a hard drive, leaving other partitions unencrypted.

Answer 26

Partition Encryption

Question 27

Encrypts individual files.

Answer 27

File Encryption

Question 28

Encrypts a selected set of files or Directories.

Answer 28

Volume Encryption

Question 29

Encrypts data stored in a database.

Answer 29

Database Encryption

Question 30

Encrypts specific fields within a database record.

Answer 30

Record Encryption

Question 31

Refers to data actively moving from one location to another, such as across the Internet or through a private network.

Answer 31

Data in Transit/Data in Motion

Question 32

Cryptographic Protocols designed to provide secure communication over a computer network.

Answer 32

Secure Sockets Layer (SSL) Transport Layer Security (TLS)

Question 33

Technology that creates a secure connection over a less secure network (Internet).

Answer 33

Virtual Private Network (VPN)

Question 34

Protocol suite used to secure IP Communications by authenticating & encrypting each IP packet in a data stream.

Answer 34

Internet Protocol Security (IPSec)

Question 35

Refers to data in the process of being created, retrieved, updated, or deleted.

Answer 35

Data in Use

Question 36

Information controlled by laws, regulations, or industry standards.

Answer 36

Regulated Data

Question 37

Any information that can be used to identify an individual.

Answer 37

Personal Identification Information (PII)

Question 38

Any information about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual.

Answer 38

Protected Health Information (PHI)

Question 39

Type of confidential business information that provides a company with a competitive edge.

Answer 39

Trade Secrets

Question 40

Creations of the mind, such as inventions, literary & artistic works, designs, & symbols.

Answer 40

Intellectual Property (IP)

Question 41

Includes any data related to legal proceedings, contracts, or regulatory compliance.

Answer 41

Legal Information

Question 42

Includes data related to an organization's financial transactions, such as sales records, invoices, tax documents, and bank statements.

Answer 42

Financial Information

Question 43

Information that can be understood by humans without the need for a machine or software.

Answer 43

Human-readable Data

Question 44

Information that requires a machine or software to interpret.

Answer 44

Non-human Readable Data

Question 45

Has stringent rules for data protection & grants individuals strong rights over their personal data (European Union).

Answer 45

General Data Protection Regulation (GDPR)

Question 46

Involves setting up virtual b boundaries to restrict data access based on geographic location.

Answer 46

Geographic Restrictions (Geo-fencing)

Question 47

Fundamental data security method that transforms readable data (plaintext) into unreadable data (ciphertext) using an algorithm and an encryption key.

Answer 47

Encryption

Question 48

Technique that converts data into a fixed size of numerical or alphanumeric characters, known as a hash value.

Answer 48

Hashing

Question 49

Involves replacing some or all of the data in a field with a placeholder, such as "x", to conceal the original content.

Answer 49

Masking

Question 50

Replaces sensitive data with non-sensitive substitutes, known as tokens.

Answer 50

Tokenization

Question 51

Involves making data unclear or unintelligible, making it difficult for unauthorized users to understand.

Answer 51

Obfuscation

Question 52

Involves dividing a network into separate segments, each with its own security controls.

Answer 52

Segmentation

Question 53

Involves defining who has access to specific data & what they can do with it.

Answer 53

Permission Restrictions

Question 54

A piece of software that's installed on a workstation or a laptop, & it's going to monitor the data that's in use on that computer.

Answer 54

Endpoint DLP System

Question 55

A piece of software or hardware that's a solution placed at the perimeter of the network to detect data in transit.

Answer 55

Network DLP System

Question 56

A software that is installed on a server in the data center & inspects the data while it's at rest on the server.

Answer 56

Storage DLP

Question 57

Usually offered as software-as-a service, and it's part of the cloud service & storage needs.

Answer 57

Cloud-based DLP System