Data Security

Question 1

What does data security involve?

Answer 1

Data security involves the application of various data security controls to prevent any intentional or unintentional act of data misuse, data destruction, and data modification.

Question 2

What are the states of data security?

Answer 2

• Data at rest (offline, non-volatile medium)
• Data in use (online, volatile medium)
• Data in transit

Question 3

Examples of security controls applicable for data at rest

Answer 3

• Data encryption
• Password protection
• Tokenization
• Data federation

Question 4

Examples of security controls applicable for data in use

Answer 4

• Authentication techniques
• Tight control on this data’s accessibility
• Full/Partial memory encryption
• Strong identity management

Question 5

Examples of security controls applicable for data in transit

Answer 5

• SSL and TLS
• Email encryption tools such as PGP or S/MIME
• Firewall controls

Question 6

What are the steps for information management lifecycle?

Answer 6

• Creation
• Organization
• Utilization
• Remediation
• Storage
• Erasure

Question 7

Data Owners

Answer 7

Individuals or steering committees having complete control over the data in an organization; they are solely responsible for the data assets of the organization.

Question 8

Data Controller

Answer 8

Person who collects and controls the processing of data provided to the data processor.

Question 9

Data Processor

Answer 9

Person who collects and controls the processing of data provided to the data processor

Question 10

Data Steward/Custodian

Answer 10

The data steward is accountable for business data sets, and the data custodian is accountable for technical data assets for the storage and transport of data.

Question 11

Privacy Officer

Answer 11

Senior executive who is responsible for the privacy of the organization’s data. Maintains privacy policies as well as investigate and track incidents and security loopholes.

Question 12

Data Protection Officer (DPO)

Answer 12

Ensures that sensitive information on the personnel, customers, or any other individual meets the compliance requirements of the organization.

Question 13

Data Classification

Answer 13

Process of assigning sensitivity levels to data while the data are being generated, modified, saved, or passed over an information system.

Question 14

What are data classification levels?

Answer 14

1 - Top secret
2 - Highly confidential information
3 - Proprietary information
4 - Information for internal use
5 - Public documents

Question 15

Do folders and files have the same NTFS permissions?

Answer 15

No, folders have additional permission “List folder contents”

Question 16

Command that assigns file access on Linux

Answer 16

setfacl

Question 17

Command that displays file name, owner, the group and ACL on Linux

Answer 17

getfacl

Question 18

What permission mask (numeric) would you use for setting read permission on a file for all users?

Answer 18

444

Question 19

What does 644 permission mask mean?

Answer 19

Only the owner can write, all can read.

Question 20

What does -rwx------ on a file mean?

Answer 20

Only the owner can read, write and execute.

Question 21

How to lock the directory only for owners? How the permission triads would look like?

Locked - noone can read, write and execute

Answer 21

chmod 700 <dir>
drwx------ dir

Question 22

Why the filesystem ACL is not enough to protect data and file encryption should be used?

Answer 22

Plugging the storage media under different device or system is enough to bypass the filesystem ACL.

Question 23

Does Windows OS have a built-in tool to securely remove files?

Answer 23

Yes, it’s Cipher.
cipher /w:filename

Although running on encrypted/decrypted file will just wipe unused space

Question 24

How does EFS work?

Answer 24

Encrypting File System on Windows works by encrypting files and directories with a symmetric key, and this key is then encrypted with the user’s public key. Only the user who owns the corresponding private key can decrypt the symmetric key and, consequently, access the encrypted files.

Question 25

How the key used in EFS called? When is it generated? Where is it stored?

Answer 25

File Encryption Key (FEK) is generated for each file/folder being encrypted. It is stored in the encrypted format alongside the file/folder.

Question 26

What are different database encryption types?

Answer 26

• Transparent/External database encryption
• Column-level encryption
• Symmetric database encryption
• Asymmetric database encryption

Question 27

How does transparent/external database encryption work?

Answer 27

It uses a symmetric encryption key to encrypt the database and all backups using a database encryption key.

Question 28

Is symmetric or asymmetric encryption used in bulk encryption?

Answer 28

Always symmetric encryption for large (bulk) data.

Asymmetric encryption is an order of magnitude slower

Question 29

How does column-level encryption work?

Answer 29

It encrypts the individual columns within the database tables using different encryption keys

Question 30

How does symmetric database encryption work?

Answer 30

In is an enhanced transparent database encryption method where the database remains encrypted till it is opened and accessed

Question 31

How does asymmetric database encryption work?

Answer 31

It uses one public key to encrypt the data and one private key per authorized user to decrypt the data

Question 32

How is HTTP (SSL) connection established between server and the client?

Answer 32

1. The browser connects to a web server by sending a message indicating that SSL is requested.
2. Web server responds by sending a copy of its root certificate along with server’s public key.
3. Browser verifies the certificate (is valid, is signed by CA, is not expired)
4. Browser creates, encrypts and sends a one-time session key along with the server’s public key.
5. Server uses its private key to decrypt the session key, sends back an ACK encrypted with the session key to begin the secure session.
6. Secure data transmission with session key can be continued.

Question 33

SSL

Answer 33

Secure Sockets Layer - security protocol that creates an encrypted link between a web server and a web browser.

Question 34

Explain how SSL MiTM works

Answer 34

The attacker spoofs the SSL certificate of the legitimate site to establish a middleman connection from the victim to the site, gaining clear text traversal on communication between parties.

Question 34

What are the minimum requirements for the TLS encryption certificate?

Answer 34

1. Server computer should contain an installed certificate.
2. Certificate purpose must include Server Authentication.
3. Certificate must be issued for FQDN of the server.
4. Client must trust the certificate (trust the Cert Root Authority).

Question 34

S/MIME

Answer 34

Secure/Multipurpose Internet Mail Extensions. Email encryption standard. Both recipients must have a mail application that supports the S/MIME standard.

Question 35

Can you encrypt a single message?

Answer 35

Yes. In Outlook, it’s achievable from Security Settings. You have to have the recipient’s public key to encrypt the message.

Question 36

Explain how signing the data works. (public/private keys)

Answer 36

X encrypts the MD5 of data with a private key. Others can verify the integrity of the data by calculating MD5 of data and decrypting the X’s MD5 using the private key.

Question 37

Data Masking

Answer 37

Known also as data obfuscation - the process of hiding original data with random characters.

Question 38

Types of data masking

Answer 38

Static (data at rest) and dynamic (data in transit)

Question 39

Techniques of data masking

Answer 39

Character scrambling, lookup substitution, nulling out or deletion, shuffling, number/data variance (part of data changed), masking out (part of data masked)

Question 40

Deidentification

Answer 40

Process of segregating or replacing an entity’s personal identity from the data stored in a database.

Question 41

Types of deidentification

Answer 41

Masking, bucketing (replacing with common), tokenization (replace with arbitrary), hashing/salting

Question 42

What failure to notify users of their compromised data, in case of data breach, is called?

Answer 42

Violation of security norms.

Question 43

What data breach notification should include?

Answer 43

The type of data affected, the extent of breach, how many data subjects are concerned and steps to be taken to mitigate further compromise.

Question 44

What are the different levels of escalation of data breach?

Answer 44

Initial escalation (IT desk, administrators app manager), unit level (information authority, security management and coordinators), organization level (managers, like executives) and external level (ISPs, 3rd part contractors, telecom agencies, law enforcements).

Question 45

How should the organization inform the affected individuals?

Answer 45

Through social media or mainstream media. It should be disseminated in a manner to rebuild confidence in customers and convince them to avoid legal consequences.

Question 46

What are the different data sharing and privacy agreements?

Answer 46

ISA, Data Sharing and Usage Agreement, SLA and CNDA

Question 47

ISA (Interconnection Security Agreement)

Answer 47

Mutual agreement between an organization and 3rd party that decide to connect their IT systems.

Question 48

Data Sharing and Usage Agreement

Answer 48

Document agreement between data provider and receiver. Contains clear understanding of what type of data is to be shared and how the data needs to be handled.

Question 49

SLA (Service-Level Agreement)

Answer 49

Contractual agreement. States the level of service that an organization expects from a vendor. Includes metrics and detailed terms of penalties if not met.

Question 50

CNDA (Confidentiality and Non-Disclosure Agreement)

Answer 50

Security contract signed between two parties for maintaining the confidentiality of information shared between them.

Question 51

AD Rights Management Services

Answer 51

AD RMS, security solutions designed for data security through proper implementation of access policies.

Question 52

What are 8 steps of successful data backup strategy?

Answer 52

1. Identify critical data.
2. Select backup media.
3. Select backup technology.
4. Select RAID levels.
5. Select backup method.
6. Select backup types.
7. Choose right backup solution.
8. Recovery drill test.

Question 53

What are the factors to consider when choosing a backup media?

Answer 53

• Reliability
• Usability
• Speed
• Cost
• Availability

Question 54

RAID

Answer 54

Redundant Array of Independent Disks. Method of combining multiple disks to a single unit. Offers fault tolerance.

Question 55

How many RAID levels exist?

Answer 55

0, 1, 3, 5, 1+0, 5+0

Question 56

What RAID architecture consists of?

Answer 56

• RAID Controller
• IDE/SATA/SCSI Interface
• Multiport Memory Controller
• SDRAM

Question 57

SDRAM

Answer 57

Dynamic Random Access Memory synchronized with CPU clock speed.

Question 58

Characterize RAID 0

Answer 58

• Disk striping
• No data redundancy
• Splits data evenly across multiple hard drives
• Increases performance

Question 59

Characterize RAID 1

Answer 59

• Disk mirroring
• Duplicates data in multiple drives
• Provide data redundancy

Question 60

Characterize RAID 3

Answer 60

• Disk stripping with parity
• Data stripped at the byte level across multiple drives
• One drive per set is taken up for parity information
• Data recovery and error correction

Question 61

Characterize RAID 5

Answer 61

• Block interleaved distributed parity
• Data stripped at the byte level across multiple drives..
• ..and parity information is distributed among all the member drives
• minimum 3 disks

Question 62

Characterize RAID 1+0

Answer 62

• Blocks striped and mirrored
• combination of RAID 0 and RAID 1
• at least 4 drives

Question 63

Characterize RAID 5+0

Answer 63

• Mirroring and striping across multiple RAID levels
• minimum 6 drives
• offers better reads and writes than RAID 5 and the highest levels of redundancy and performance

Question 64

SAN

Answer 64

Storage Area Network. Specialized, dedicated and discrete high-speed network that connects storage devices with a high speed I/O interconnected (fiber channel, Ethernet)

Question 65

NAS

Answer 65

Network Attached Storage. File-based data storage and dedicated computer appliance shared over the network.

Question 66

Backup Methods

Answer 66

• Hot
• Cold
• Warm

Question 67

Backup Locations

Answer 67

• Onsite
• Offsite
• Cloud

Question 68

Types of backup

Answer 68

• Full
• Differential
• Incremental

Question 69

What’s the difference between differential and incremental backup?

Answer 69

Differential - always in context of some specific state, regardless previous differentials (faster to restore)
Incremental - always in context of the last incremental. (faster to backup)

Question 70

Data Destruction Techniques

Answer 70

• Clearing
• Purging (degaussing)
• Destroying

Question 71

Data Loss Prevention

Answer 71

DLP. Set of software products and processes that do now allow users to send confidential corporate data outside the organization.

Question 72

Types of DLP

Answer 72

• Endpoint DLP
• Network DLP
• Storage DLP