Siedel Chapter 2 Review Questions Flashcards
Which of the following is not a common method of data discovery?
A. Content Based
B. User Based
C. Label Based
D. Metadata based
B. User Based
Explanation:
All the others are valid methods of data discovery’ user based is a red herring with no meaning
Sara is planning to implement data labeling for her organization. Which of the following is not a data label field that she should consider?
A. Date data was created
B. Data owner
C. Data value
D. Date of scheduled destruction
C. Data value
Explanation:
The data creation date, the data owner, and the date of scheduled destruction might be included in data labels, but we dont usually include data value because it is prone to change frequently and it might not be information we want to disclose
Sarah is continuing her data labeling efforts and has received suggestion for appropriate data labels for data that will be used in multiple countries in which her company operates as part of ongoing security and data lifecycle efforts. Which of the following is not a label that would help with that usage?
A. Source
B. Language
C. Handling restrictions
D. Jurisdiction
B. Language
Explanation:
While language may be useful for internal practices; it is not useful for lifecycle management or security functions. The source of the data, any handling restrictions and the jurisdiction in which the data was collected or used are all useful when dealing with data that may move between different countries
Asha wants to document the path that data takes from creation to storage in her institutions database. As part of that effort, she creates a data flow diagram. Which of the following is not a common element of a data flow diagram?
A. Credentials used for each service listed
B. Hostnames and IP addresses or address blocks for each system involved
C. Ports and protocols used for data transfer
D. Security controls used at each point in the diagram
A. Credentials used for each service listed
Explanation:
Credentials are not typically included in documentation and should be kept in a secured location. Hostnames, IP addresses, ports, protocols and security controls are commonly documented in data flow diagrams
Mei wants to conduct data discovery activities in her organization. Which of the following types of data discovery is best suited for identifying all photos that were taken using a specific model of camera based on the original files generated by the camera?
A. Label based
B. Metadata based
C. Extension based
D. Content based
B. Metadata based
Explanation:
Most cameras generate metadata about the images they create. Mei can rely on the metadata embedded in the original image files to conduct the discovery that she needs through her organizations files
Felix wants to monitor data transfers between two systems inside his IaaS cloud hosted data center. Which of the following mechanisms is unlikely to be available to him that is commonly available in on premises environments?
A. Log review
B. Packet capture
C. Data flow diagrams
D. Log correlation
B. Packet capture
Explanation:
Packet capture is often impossible in cloud hosted environments due to architectural and security reasons. Felix may want to identify another way to validate traffic flows for the data transfer
Megan is documenting roles as part of the implementation of her organizations’ data classification policy. Her organization uses a SaaS tool to accept applications from customers. What term best describes the SaaS vendor?
A. A data custodian
B. A data owner
C. A data processor
D. A data steward
C. A data processor
Explanation:
In legal terms, when data processor is defined, it refers to anyone who stores, handles, moves or manipulates data on behalf of the data owner or controller. In the cloud computing realm, particularly with software as a service tools, this is the cloud service providers
Jamie has been informed of legal action against his company and must now ensure that data relevant to the case is kept. What term describes this?
A. Legal retention
B. Legal arching
C. Court hold
D. Legal hold
D. Legal hold
Explanation:
Legal hols require organizations and individuals to retain data relevant to a course case. Organizations cannot follow their normal data destruction and lifecycle practices when data is impacted by a legal hold
All policies within the organization should include a section that includes all of the following except _____________
A. Policy maintenance
B. Policy monitoring
C. Policy enforcement
D. Policy transference
D. Policy transference
Explanation:
All the elements except transference need to be addressed in each policy. Transference is not an element of data retention policy
Melissa knows that many data destruction options are not available for data kept in the cloud due to how the services are architected using shared hardware and services. Which of the following is the best option for her organization to select for cloud hosted data that must be disposed of in a secure manner?
A. Melting
B. Cryptoshredding
C. Zeroization
D. Overwriting
B. Cryptoshredding
Explanation:
Most cloud services dont provide physical ownership, control or even access to the hardware devices holding the data, so physical destruction, including melting, is not an option. Overwriting and zeroization rely on access to a physical disk or space containing the data will be overwritten, which cannot be guaranteed in a cloud hosted, shared and virtualized environment. Cryptoshredding is the only alternative in most cases when operating in the cloud
Which of the following is not a common data right controlled by an IRM system?
A. Copyright
B. Creating
C. Editing
D. Viewing
A. Copyright
Explanation:
Copyrights are protected tangible expressions of creative works. IRM rights management focuses on abilities like creating, editing, copying, viewing, printing, forwarding and similar capabilities
Jason wants to properly describe the type of data his organization is using. He knows that the data is stored in a MySQL database.
What type of data is Jasons organization storing?
A. Unstructured data
B. Tabular data
C. Structured data
D. Warehoused data
C. Structured data
Explanation:
Traditional databases like MySQL are used to contain structured data. Unstructured data isnt stored in a defined format. Tabular data and warehouse data are not terms used for CCSP
Sensitivity, jurisdiction and criticality might all be considered for what cloud data security activity?
A. Cryptoshredding
B. Data flow diagramming
C. Classification
D. Tokenization
D. Tokenization
Explanation:
Data classification activities often use sensitivity, jurisdiction and criticality as inputs to determine the classification level of data for an organization
Angela wants to provider users with access rights to files based on their roles. What capability of an IRM system most directly supports this requirement?
A. Provisioning
B. DRM
C. CRM
D. Data labeling
A. Provisioning
Explanation:
IRM provisioning capabilities are designed to provider users with rights based on their roles or other criteria. Data labeling is used to determine which data should be handled based on IRM rules but does not match roles to rights. DRM is digital rights management and is the technical implementation of controls - it does not match rights to files based on a role. Finally, CRM is the acronym for customer relationship management
Nina’s company has stored unstructured data in an S3 bucket in AWS. She wants to perform data discovery on the data, but the discovery tool that she has requires the data to be local. What concern should Nina express about retrieving large volumes of data from a cloud service?
A. Performance may be low
B. Data ingress costs may be high
C. Data egress costs may be high
D. The data will need to be structured before discovery can run
C. Data egress costs may be high
Explanation:
Moving large volumes of data from a c loud service can result in high egress fees
