19-C

Question 1

What is the consequence of breaching confidential data?

Answer 1

Almost impossible to recover and re-secure

Breaches can lead to significant reputational damage and legal implications.

Question 2

What is regulated data?

Answer 2

Information that must be collected, processed, and stored in compliance with federal and/or state legislation

Question 3

Define a data breach.

Answer 3

When confidential or regulated data is read, copied, modified, or deleted without authorization

Question 4

What is personally identifiable information (PII)?

Answer 4

Data that can be used to identify, contact, or locate an individual

Question 5

Give examples of PII.

Answer 5

• Name
• Date of birth
• Email address
• Street address
• Biometric data

Question 6

What are examples of personal government-issued information?

Answer 6

• Social security number (SSN)
• Passport
• Driving license
• Birth/marriage certificates

Question 7

What does healthcare data include?

Answer 7

Medical and insurance records plus associated hospital and laboratory test results

Question 8

What is the PCI DSS?

Answer 8

Payment Card Industry Data Security Standard governing processing of credit card transactions

Question 9

What is a key aspect of data handling best practices?

Answer 9

Training employees to identify PII and handle sensitive data appropriately

Question 10

What are data retention requirements?

Answer 10

Regulations that may set maximum or minimum periods for the retention of data

Question 11

What constitutes prohibited content?

Answer 11

Any information not applicable to work, including obscene or illegally copied content

Question 12

What is an end-user license agreement (EULA)?

Answer 12

A license governing the use of software, often restricting installation to one computer or user

Question 13

What is a personal license in software terms?

Answer 13

Allows the product to be used by a single person at a time, potentially on multiple devices

Question 14

What is the role of a Computer Security Incident Response Team (CSIRT)?

Answer 14

To provide a single point-of-contact for reporting security incidents

Question 15

True or False: Involving law enforcement in an incident investigation is always under the organization’s control.

Answer 15

False

Question 16

What is digital forensics?

Answer 16

The science of collecting evidence from computer systems to be accepted in a court of law

Question 17

What does a chain of custody form record?

Answer 17

Where, when, and who collected the evidence, who handled it subsequently, and where it was stored

Question 18

What is data destruction and disposal?

Answer 18

Destroying or decommissioning data storage media, such as hard disks and flash drives

Question 19

Fill in the blank: Data from a file ‘deleted’ from a disk is not ______.

Answer 19

erased

Question 20

What should be done before repurposing or recycling media devices?

Answer 20

Sanitize data remnants on the media

Question 21

What is the importance of monitoring software licenses?

Answer 21

To ensure compliance with licensing agreements and avoid legal issues

Question 22

What happens to data when a file is deleted from a disk?

Answer 22

The HDD sector or SSD block is marked as available for writing; the information remains until new data is written over it.

Question 23

True or False: Using the OS standard formatting tool completely erases all data from a disk.

Answer 23

False

The formatting tool only removes references to files and marks sectors as usable.

Question 24

What is the purpose of disk erasing/wiping software?

Answer 24

To ensure that old data is destroyed by writing to each location on a hard disk drive.

Question 25

What is a low-level format?

Answer 25

A process to reset a disk to its factory condition, often incorporating a sanitize function.

Question 26

What does Secure Erase (SE) do?

Answer 26

Performs zero-filling on HDDs and marks all blocks as empty on SSDs.

Question 27

What is Instant Secure Erase (ISE)/Crypto Erase?

Answer 27

A method that destroys the media encryption key of self-encrypting drives, rendering encrypted data unrecoverable.

Question 28

Fill in the blank: If a device firmware does not support encryption, using a software disk-encryption product and then destroying the key and using _______ should be sufficient for most confidentiality requirements.

Answer 28

Secure Erase (SE)

Question 29

What are three methods of physical destruction for media devices?

Answer 29

* Shredding * Incinerating * Degaussing

Question 30

What is the risk associated with degaussing?

Answer 30

It does not work with SSDs or optical media.

Question 31

What should a third-party vendor provide after secure disposal?

Answer 31

A certificate of destruction showing the make, model, and serial number of each drive handled.

Question 32

What is a potential risk when using drill or hammer hand tools for disk destruction?

Answer 32

There is a risk of leaving fragments that could be analyzed using specialist tools.

Question 33

What is an example of regulated data in healthcare?

Answer 33

Patient records, medical history, billing information.

Question 34

Is it valid for an employee to use a private license for a graphics editing application temporarily at work?

Answer 34

No, unless the license permits such use.

Question 35

Why are the actions of a first responder critical in forensic investigations?

Answer 35

They help preserve evidence and maintain the integrity of the investigation.

Question 36

What does chain-of-custody documentation prove?

Answer 36

It proves the integrity and handling of evidence throughout the investigation process.

Question 37

What factors must be considered before using a Windows boot disk to delete partition information from workstations?

Answer 37

The effectiveness of the method on HDDs and SSDs, potential data recovery risks, and compliance with data handling policies.