2 Data Classification Exam Flashcards
Which of the following is not a common method of data discovery?
A. Content-based
B. User-based
C. Label-based
D. Metadata-based
Answer: B. User-based
All the others are valid methods of data discovery; user- based is a red herring with no
meaning.
Sara is planning to implement data labeling for her organization. Which of the following is not a data label field that she should consider?
A. Date data was created
B. Data owner
C. Data value
D. Date of scheduled destruction
Answer: C. Data value
The data creation date, the data owner, and the date of scheduled destruction might be included in data labels, but we don’t usually include data value because it is prone to change frequently and it might not be information we want to disclose to anyone who does not have a need to know.
Sarah is continuing her data labeling efforts and has received suggestions for appropriate data labels for data that will be used in multiple countries in which her company operates as part of ongoing security and data lifecycle efforts. Which of the following is not a label that would help with that usage?
A. Source
B. Language
C. Handling restrictions
D. Jurisdiction
Answer: B. Language
While the language may be useful for internal practices, it is not useful for lifecycle management or security functions. The source of the data, any handling restrictions, and the jurisdiction in which the data was collected or used are all useful when dealing with data that may move between different countries.
Asha wants to document the path that data takes from creation to storage in her institution’s
database. As part of that effort, she creates a data flow diagram. Which of the following is not a common element of a data flow diagram?
A. Credentials used for each service listed.
B. Hostnames and IP addresses or address blocks for each system involved.
C. Ports and protocols used for data transfer.
D. Security controls used at each point in the diagram.
Answer: A. Credentials used for each service listed.
Credentials are not typically included in documentation and should be kept in a secured
location. Host names, IP addresses, ports, protocols, and security controls are commonly
documented in data flow diagrams.
Mei wants to conduct data discovery activities in her organization. Which of the following types of data discovery is best suited for identifying all photos that were taken using a specific model of camera based on the original files generated by the camera?
A. Label-based
B. Metadata-based
C. Extension-based
D. Content-based
Answer: B. Metadata-based
Most cameras generate metadata about the images they create. Mei can rely on the metadata embedded in the original image files to conduct the discovery that she needs through her organization’s files.
Felix wants to monitor data transfers between two systems inside of his IaaS cloud–hosted data center. Which of the following audit mechanisms is unlikely to be available to him that is commonly available in on-premises environments?
A. Log review
B. Packet capture
C. Data flow diagrams
D. Log correlation
Answer: B. Packet capture
Packet capture is often impossible in cloud- hosted environments due to architectural and security reasons. Felix may want to identify another way to validate traffic flows for the data transfer.
Megan is documenting roles as part of the implementation of her organization’s data classification policy. Her organization uses a software as a service tool to accept applications from customers. What term best describes the SaaS vendor?
A. A data custodian
B. A data owner
C. A data processor
D. A data steward
Answer: C. A data processor
In legal terms, when data processor is defined, it refers to anyone who stores, handles, moves, or manipulates data on behalf of the data owner or controller. In the cloud computing
realm, particularly with software as a service tools, this is the cloud service provider.
Jaime has been informed of legal action against his company and must now ensure that data relevant to the case is kept. What term describes this?
A. Legal retention
B. Legal archiving
C. Court hold
D. Legal hold
Answer: D. Legal hold
Legal holds require organizations and individuals to retain data relevant to a court case. Organizations cannot follow their normal data destruction and lifecycle practices when data
is impacted by a legal hold.
All policies within the organization should include a section that includes all of the following except ___________________.
A. Policy maintenance.
B. Policy monitoring.
C. Policy enforcement.
D. Policy transference.
Answer: D. Policy transference
All the elements except transference need to be addressed in each policy. Transference is not an element of data retention policy.
Melissa knows that many data destruction options are not available for data kept in the cloud due to how the services are architected using shared hardware and services. Which of the following is the best option for her organization to select for cloud-hosted data that must be disposed of in a secure manner?
A. Melting
B. Crypto- shredding
C. Zeroization
D. Overwriting
Answer: B. Crypto- shredding
Most cloud services don’t provide physical ownership, control, or even access to the hardware devices holding the data, so physical destruction, including melting, is not an option. Overwriting and zeroization rely on access to a physical disk and only work when you can ensure that the entire disk or space containing the data will be overwritten, which
cannot be guaranteed in a cloud- hosted, shared, and virtualized environment. Crypto-shredding is the only alternative in most cases when operating in the cloud.
Which of the following is not a common data right controlled by an IRM system?
A. Copyright
B. Creating
C. Editing
D. Viewing
Answer: A. Copyright
Copyrights are protected tangible expressions of creative works. IRM rights management focuses on abilities like creating, editing, copying, viewing, printing, forwarding, and similar capabilities.
Jason wants to properly describe the type of data his organization is using. He knows that the data is stored in a MySQL database. What type of data is Jason’s organization storing?
A. Unstructured data
B. Tabular data
C. Structured data
D. Warehoused data
Answer: C. Structured data
Traditional databases like MySQL are used to contain structured data. Unstructured data isn’t stored in a defined format. Tabular data and warehoused data are not terms used for the CCSP exam.
Sensitivity, jurisdiction, and criticality might all be considered for what cloud data security activity?
A. Crypto- shredding
B. Data flow diagramming
C. Classification
D. Tokenization
Answer: C. Classification
Data classification activities often use sensitivity, jurisdiction, and criticality as inputs to determine the classification level of data for an organization. Crypto- shredding is a process
used to destroy data, which may be required by classification at the end of its lifecycle. Data flow diagramming might note the classification level, but it’s unlikely to show this level of
detail, and tokenization is used to substitute nonsensitive data elements for sensitive data elements to allow processing without the potential for data leakage.
Angela wants to provide users with access rights to files based on their roles. What capability of an IRM system most directly supports this requirement?
A. Provisioning
B. DRM
C. CRM
D. Data labeling
Answer: A. Provisioning
IRM provisioning capabilities are designed to provide users with rights based on their roles or other criteria. Data labeling is used to determine which data should be handled based
on IRM rules but does not match roles to rights. DRM is digital rights management and is the technical implementation of controls— it does not match rights to files based on a role.
Finally, CRM is the acronym for customer relationship management, an entirely different type of tool!
Nina’s company has stored unstructured data in an S3 bucket in AWS. She wants to perform data discovery on the data, but the discovery tool that she has requires the data to be local. What concern should Nina express about retrieving large volumes of data from a cloud service?
A. Performance may be low.
B. Data ingress costs may be high.
C. Data egress costs may be high.
D. The data will need to be structured before discovery can run.
**Answer: C. Data egress costs may be high.
**
Moving large volumes of data from a cloud service can result in high egress fees. Nina may want to analyze the data using a tool in the same cloud as the data. There are no indications of issues that may cause low performance for retrieving the data, ingress costs are typically lower with cloud vendors because they have a desire for customers to bring their data and use storage services, and the data is unstructured and there is nothing in the question to indicate a need to structure it before analysis.
Tej wants to conduct data discovery across his organization’s databases; however, he knows that data is stored in multiple countries. What concern should he raise before the discovery
process is conducted?
A. Structured data is harder to conduct discovery on.
B. The discovery process may create a denial of service condition on the database servers.
C. Jurisdiction and local laws may impact the ability to perform discovery.
D. Unstructured data is harder to conduct discovery on.
Answer: C. Jurisdiction and local laws may impact the ability to perform discovery.
Jurisdiction and local law may create concerns for data discovery. Some data may require specific handling and needs to be accounted for before discovery and related actions are
taken. Structured data is typically easier to conduct discovery against due to its well understood nature. While it is possible that the discovery process could overload database servers,
Tej should be able to configure his discovery tools to not create issues and should monitor them when they are run.
Naomi has implemented a data archiving process as part of her organization’s cloud design. What important part of her archiving plan should she prioritize to ensure its long-term success?
A. Data classification
B. Periodic testing
C. Data mapping
D. Hashing
Answer: B. Periodic testing
Periodically testing data archiving, backup, and recovery capabilities is a key part of ensuring that they are successful in the long term. Classification and data mapping are useful to determine what should be archived and when it should be destroyed or discarded but are not critical to the success of the archiving process itself. Hashing is not critical to the
archiving process, but it can be used to validate that data has not changed.
Yasine’s organization wants to enable systems to use data controlled by an IRM. What method is most commonly used to identify systems while allowing them to have their trust revoked if needed?
A. LEAP authentication
B. Multifactor authentication
C. Certificate-based authentication and authorization
D. TACACS
Answer: C. Certificate-based authentication and authorization
Certificates are commonly used to allow systems to authenticate and receive authorization to access data through an IRM system. Multifactor authentication typically requires an event and human interaction, making it less useful for system- based accesses. Neither TACACS nor LEAP is used for this purpose.
Meena is conducting data discovery with data encoded in JSON. What type of data is she working with?
A. Structured
B. Semi-structured
C. Super-structured
D. Unstructured
Answer: B. Semi-structured
JSON is an example of semi- structured data. Traditional databases are examples of structured data, unstructured data does not have labels or other categorization information built
in, and super-structured data is not a term used for the CCSP exam.
Isaac wants to describe common information rights management (IRM) functions to his team. Which of the following is not a common IRM function?
A. Persistency
B. Crypto- shredding
C. Automatic expiration
D. Dynamic policy control
Answer: B. Crypto- shredding
IRM tools should include all the functions listed except for crypto- shredding, which is typically associated with lifecycle management rather than rights management.
