Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

MongoDB > DB Security > Flashcards

DB Security Flashcards

(8 cards)

Start Studying
1
Q

What are the x4 core security capabilities

A

Encryption, Authentication, Authorization, Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Encryption

A

Process of concealing information so it can only be accessed by authorized parties. This includes:

1) In Transit (protects data while it is being transferred across networks to prevent interception
2) At Rest (when stored in a database to safeguard against unauthorized access)
3) In-Use (Protects data during active processing or computation to ensure it remains secure while being accessed)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Queryable Encryption

A

Feature allowing encrypted fields to be queried without decryption on the server, enhancing security for sensitive data operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Authentication (Auth)

A

Verifying the identity of a user, application, or system attempting to get access to something, and ensuring they are who they claim to be (e.g. username/password, certificate, etc.).

example: Okta

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Authorization (Authz)

A

Determining what an authenticated user, application, or system is allowed to do, based on assigned roles and permissions.

example: RBAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Auditing

A

Process of monitoring/recording user activities while they access resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Audit Log

A

A record of an event (e.g. user action, admin operation) that can be filtered, stored in BSON/JSON, or sent to syslog for analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Key Regulatory Standards

A

GDPR (General Data Protection Regulation, an EU law enforcing strict data privacy and security for personal data, requiring consent, data minimization, breach notifications

HIPAA (Health Insurance Portability and Accountability Act) - protecting sensitive patent health information

PCI-DSS (Payment Card Industry Data Security Standard - global standard for protecting cardholder data, requiring encryption, access controls, auditing, network security

CCPA (California Consumer Privacy Act, a california law granting consumer righgts over personal data, including access, deltion, opt-out of data sales, with security requirements.

FedRamp: Federal Risk and Authorization Management Program - US framework standardizing security for cloud services used by federal agencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

MongoDB (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions