Módulo 13 - Data Protection and Compliance

Question 1

List:
Impacts of non-compliance with data protection laws

Answer 1

1. Legal sanctions
2. Financial penalties
3. Legal liabilities
4. Reputational damage
5. Loss of customer trust
6. Increased regulatory scrutiny

Question 2

List:
Consequences of a data or privacy breach

Answer 2

1. Reputation damage
2. Identity theft
3. Fines
4. Intellectual property (IP) theft
5. Escalation risks

Question 3

List:
Notifications required in data breaches

Answer 3

1. Regulator
2. Law enforcement
3. Affected individuals
4. Third-party companies
5. Public (media or social channels)

Question 4

List:
Impacts of contractual non-compliance

Answer 4

1. Breach of contract
2. Termination of contracts
3. Indemnification and liability
4. Non-compliance penalties

Question 5

List:
Forms of non-compliance with software licensing

Answer 5

1. Exceeding permitted installations
2. Unauthorized sharing
3. Unauthorized usage
4. Modifying code
5. Distributing software without authorization

Question 6

Define:
Security compliance

Answer 6

Adherence to standards, regulations, and practices to protect sensitive data.

Question 7

Define:
Sanctions

Answer 7

Penalties for non-compliance with laws or rules.

Question 8

Define:
Data breach

Answer 8

Unauthorized reading, modification, or deletion of data.

Question 9

Define: Privacy breach

Answer 9

Loss or disclosure of personal and sensitive data.

Question 10

Define:
Escalation in data breaches

Answer 10

Raising the issue to senior decision-makers for legal and regulatory assessment.

Question 11

Define:
Indemnification in contracts

Answer 11

Shifting liability for damages or legal costs to another party.

Question 12

Define:
Non-compliance penalties

Answer 12

Fines or damages stipulated in contracts for failing cybersecurity measures.

Question 13

Define:
License remediation

Answer 13

Correcting non-compliance with software licenses.

Question 14

List:
Types of regulated data

Answer 14

1. Financial information
2. Healthcare records
3. Social security numbers
4. Credit card details
5. Personally identifiable information (PII)

Question 15

List:
Types of human-readable data

Answer 15

1. Text
2. Images
3. Multimedia content
4. Documents
5. Reports
6. Emails
7. Presentations

Question 16

List:
Types of non-human-readable data

Answer 16

1. Binary code
2. Encrypted data
3. Machine-readable formats
4. Complex structured data
5. Encoded information

Question 17

List:
Security measures for non-human-readable data

Answer 17

1. Encryption
2. Access controls
3. Intrusion detection and prevention
4. Secure data exchange
5. Code/application security

Question 18

List:
Data classification levels based on confidentiality

Answer 18

1. Public (unclassified)
2. Confidential (secret)
3. Critical (top secret)

Question 19

List:
Data classification levels for government and military

Answer 19

1. Unclassified
2. Sensitive
3. Confidential
4. Secret
5. Top Secret
6. Top Secret Compartmentalized

Question 20

List:
Examples of private/personal data

Answer 20

1. Names
2. Addresses
3. Social security numbers
4. Financial information
5. Login credentials
6. Biometric data
7. Health records

Question 21

List:
Categories of proprietary data

Answer 21

1. Intellectual property (IP)
2. Trade secrets
3. Product information
4. Service information

Question 22

Define:
Data types

Answer 22

Categorization of data based on characteristics and use.

Question 23

Define:
Regulated data

Answer 23

Data subject to legal and regulatory requirements for handling and protection.

Question 24

Define:
Trade secrets

Answer 24

Confidential information giving a business a competitive advantage.

Question 25

Define: Human-readable data

Answer 25

Data easily understood by humans, such as text and images.

Question 26

Define: Non-human-readable data

Answer 26

Data requiring specialized software to interpret, such as binary or encrypted formats.

Question 27

Define: Data classification schema

Answer 27

A system to label data based on confidentiality and type.

Question 28

Define: Proprietary information

Answer 28

Nonpublic data owned by a company, like intellectual property.

Question 29

Define: Restricted data

Answer 29

Highly confidential data with stringent access controls.

Question 30

Acronym: PCI DSS

Answer 30

Payment Card Industry Data Security Standard

Question 31

Acronym: PII

Answer 31

Personally Identifiable Information

Question 32

List: Examples of privacy data

Answer 32

1. Names 2. Addresses 3. Contact information 4. Social security numbers 5. Medical records 6. Financial transactions

Question 33

List: Examples of confidential data

Answer 33

1. Trade secrets 2. Intellectual property 3. Financial statements 4. Proprietary algorithms 5. Source code

Question 34

List: Rights of data subjects under GDPR

Answer 34

1. Right to access 2. Right to rectification 3. Right to erasure 4. Right to restrict processing 5. Right to data portability 6. Right to object 7. Right to withdraw consent

Question 35

List: Impacts of privacy laws on data inventories and retention

Answer 35

1. Maintaining detailed records 2. Identifying legal grounds for processing 3. Ensuring data minimization 4. Defining retention periods 5. Responding to data subject requests 6. Implementing robust security measures

Question 36

List: Responsibilities of data processors under GDPR

Answer 36

1. Process data only as instructed by the controller 2. Implement appropriate security measures 3. Maintain confidentiality and integrity of data 4. Keep records of processing activities 5. Cooperate with data controllers

Question 37

List: Responsibilities of data controllers under GDPR

Answer 37

1. Define purposes and means of processing 2. Obtain consent from data subjects 3. Provide privacy notices 4. Implement data protection policies 5. Handle data subject requests

Question 38

Define: Privacy data

Answer 38

Personal information linked to an individual's identity and privacy rights.

Question 39

Define: Confidential data

Answer 39

Information requiring protection due to business or proprietary sensitivity.

Question 40

Define: Data controller

Answer 40

Entity deciding why and how personal data is processed.

Question 41

Define: Data processor

Answer 41

Entity processing personal data on behalf of the controller.

Question 42

Define: Data subject

Answer 42

Individual whose personal data is being processed.

Question 43

Define: Right to be forgotten

Answer 43

Data subject's right to request deletion of personal data under certain conditions.

Question 44

Define: Data minimization

Answer 44

Collecting only necessary data for specific and legitimate purposes.

Question 45

Define: Data inventory

Answer 45

Record detailing personal data types, processing purposes, and recipients.

Question 46

List: Steps in the decommissioning process

Answer 46

1. Data sanitization 2. Reset to factory settings 3. Physical destruction of components (if necessary) 4. Documentation and inventory updates

Question 47

List: Methods for secure data sanitization

Answer 47

1. Data wiping 2. Degaussing 3. Encryption

Question 48

List: Methods for secure data destruction

Answer 48

1. Shredding 2. Crushing 3. Incinerating 4. Overwriting

Question 49

List: Circumstances requiring data destruction

Answer 49

1. End of data retention period 2. Compliance with regulations (e.g., GDPR, HIPAA) 3. Decommissioning storage devices 4. Reducing outdated data

Question 50

List: Key concepts in asset disposal

Answer 50

1. Sanitization 2. Destruction 3. Certification

Question 51

List: Steps to decommission a multifunction network printer

Answer 51

1. Sanitize stored print jobs and documents 2. Wipe network credentials and configuration data 3. Perform a full factory reset 4. Securely dispose of or destroy physical components 5. Update asset inventory

Question 52

List: Overwriting steps for HDD sanitization

Answer 52

1. Pass of all zeros 2. Pass of all ones 3. Pass in a pseudorandom pattern

Question 53

Define: Decommissioning

Answer 53

Process of securely retiring devices by erasing data and resetting configurations.

Question 54

Define: Data sanitization

Answer 54

Removing sensitive information to ensure it cannot be recovered.

Question 55

Define: Data destruction

Answer 55

Physically or electronically eliminating data to make it irrecoverable.

Question 56

Define: Certification (in asset disposal)

Answer 56

Documentation verifying secure data sanitization or destruction.

Question 57

Define: Overwriting

Answer 57

Sanitization method replacing data with patterns of zeros, ones, and random data.

Question 58

Define: Zero filling

Answer 58

Overwriting method setting all bits on a drive to zero.

Question 59

Acronym: GDPR

Answer 59

General Data Protection Regulation

Question 60

Acronym: HIPAA

Answer 60

Health Insurance Portability and Accountability Act

Question 61

List: Phases of personnel management in HR

Answer 61

1. Recruitment 2. Operation 3. Termination/Separation

Question 62

List: Key components of onboarding

Answer 62

1. Secure transmission of credentials 2. Asset allocation 3. Training and policies

Question 63

List: Processes involved in offboarding

Answer 63

1. Account management 2. Retrieval of company assets 3. Wiping personal assets of corporate data 4. Changing shared credentials

Question 64

List: Topics covered in security awareness training

Answer 64

1. Security policies and penalties for noncompliance 2. Incident identification and reporting 3. Data handling and confidentiality 4. Password and account management 5. Social engineering and malware threats 6. Secure software usage

Question 65

List: Security training methods

Answer 65

1. Workshops 2. One-on-one mentoring 3. Computer-based training (CBT) 4. Videos and blogs 5. Simulations 6. Gamification

Question 66

List: Security awareness training lifecycle stages

Answer 66

1. Assessing needs and risks 2. Planning and designing activities 3. Developing materials 4. Delivering training 5. Evaluation and feedback 6. Reinforcement 7. Monitoring and adaptation

Question 67

List: Examples of risky behaviors

Answer 67

1. Clicking on suspicious links 2. Visiting untrusted websites 3. Downloading unauthorized software 4. Sharing credentials 5. Ignoring software updates

Question 68

List: Techniques to detect anomalous behavior

Answer 68

1. Network intrusion detection 2. User behavior analytics 3. System log analysis 4. Fraud detection

Question 69

Define: Acceptable Use Policy (AUP)

Answer 69

Guidelines for proper use of organizational equipment and resources.

Question 70

Define: Onboarding

Answer 70

Welcoming and equipping new employees or contractors with tools and training.

Question 71

Define: Offboarding

Answer 71

Process ensuring employees or contractors leave without retaining access or assets.

Question 72

Define: Clean desk policy

Answer 72

Work areas must be free of documents to protect sensitive information.

Question 73

Define: Anomalous behavior

Answer 73

Actions or patterns deviating from normal expectations.

Question 74

Define: Gamification

Answer 74

Using game-like elements in training to improve engagement and learning.

Question 75

Define: Phishing simulation

Answer 75

Simulated attacks to train employees to recognize and respond to phishing.

Question 76

Define: Shadow IT

Answer 76

Unauthorized use of personal software or services in the workplace.

Question 77

List: States of data for protection measures

Answer 77

1. Data at rest 2. Data in transit (or motion) 3. Data in use

Question 78

List: Components of Data Loss Prevention (DLP)

Answer 78

1. Policy server 2. Endpoint agents 3. Network agents

Question 79

List: Typical remediation mechanisms in DLP

Answer 79

1. Alert only 2. Block 3. Quarantine 4. Tombstone

Question 80

List: Approaches to maintain data sovereignty compliance

Answer 80

1. Data localization using local datacenters 2. Contractual agreements with vendors 3. Location-specific cloud storage facilities

Question 81

List: Geographic access requirement impacts

Answer 81

1. Data storage locations and sovereignty 2. Constraint-based access controls 3. Data replication and dispersion 4. Jurisdiction-specific legal requirements for forensics

Question 82

List: Benefits of a data retention policy

Answer 82

1. Reduced discovery costs during litigation 2. Reduced exposure to potential litigation risks 3. Lower hardware/software requirements for old data 4. Protection from evidence destruction accusations

Question 83

List: Data retention best practices

Answer 83

1. Delete emails after 90 days 2. Retain tax-related information for seven years 3. Keep employee records for four years post-employment 4. Retain research/patents for 25 years 5. Keep vendor contracts for five years post-expiration 6. Delete employee files after one year

Question 84

Define: Data protection

Answer 84

Measures to secure data from unauthorized access, loss, or misuse.

Question 85

Define: Compliance

Answer 85

Adherence to legal, regulatory, and industry requirements.

Question 86

Define: Data at rest

Answer 86

Data stored on persistent media, like databases or files.

Question 87

Define: Data in transit

Answer 87

Data transmitted over a network.

Question 88

Define: Data in use

Answer 88

Data present in volatile memory or being processed.

Question 89

Define: Data sovereignty

Answer 89

Jurisdictional control over data storage and processing.

Question 90

Define: DLP policy server

Answer 90

Configures classification and privacy rules, logs incidents, and compiles reports.

Question 91

Define: Tombstone (DLP)

Answer 91

Replaces a quarantined file with a notice about the policy violation.

Question 92

Define: Data retention policy

Answer 92

Defines how long data is retained and procedures for archiving or destruction.

Question 93

Define: Due diligence in data protection

Answer 93

Assessing and verifying the adequacy of security and compliance practices.