Chapter 4 - Cloud Data Security Flashcards
All of the following are terms used to describe the practice of obscuring original raw data so that only a portion is displayed for operational purposes, except:
A. Tokenization
B. Data discovery
C. Obfuscation
D. Masking
B. Data discovery is a term used to describe the process of identifying information according to specific traits or categories. The rest are all methods for obscuring data.
The goals of SIEM solution implementation include all of the following, except:
A. Centralization of log streams
B. Trend analysis
C. Dashboarding
D. Performance enhancement
D. SIEM does not intend to provide any enhancement of performance; in fact, a SIEM solution may decrease performance because of additional overhead. All the rest are goals f SIEM implementations.
The goals of DLP solution implementation include all of the following, except:
A. Policy enforcement
B. Elasticity
C. Data discovery
D. Loss of mitigation
B. DLP does not have anything to do with elasticity, which is the capability of the environment to scale up or down according to demand. All the rest are goals of DLP implementations.
DLP solutions can aid in deterring loss due to which of the following?
A. Randomization
B. Inadvertent disclosure
C. Natural disaster
D. Device failure
B. DLP solutions may protect against inadvertent disclosure. Randomization is a technique for obscuring data, not a risk to data. DLP tools will not protect against risks from natural disasters, or against impacts due to device failure.
DLP solutions can ad in deterring loss due to which of the following?
A. Malicious disclosure
B. Performance issues
C. Bad policy
D. Power failure
A. DLP tools can identify outbound traffic that violates the organization’s policies. DLP will not protect against losses due to performance issues or power failures. The DLP solution must be configured according to the organization’s policies, so bad policies will attenuate the effectiveness of DLP tools, not the other way around
What is the experimental technology that might lad to the possibility of processing encrypted data without having to decrypt it first?
A. AES
B. Link encryption
C. Homomorphic encryption
D. One-time pads
C. AES is an encryption standard. Link encryption is a method for protecting communications traffic. One-time pads are an encryption method.
Proper implementation of DLP solutions for successful function requires which of the following?
A. Accurate data categorization
B. Physical access limitations
C. USB connectivity
D. Physical presence
A. DLP tools need to be aware of which information to monitor and which requires categorization (usually done upon data creation, by the data owners). DLPs can be implemented with or without physical access or presence. USB connectivity has nothing to do with DLP solutions.
Tokenization required two distinct_____________.
A. Authentication factors
B. Databases
C. Encryption keys
D. Personnel
B. In order to implement tokenization, there will need to be two databases: the database containing the raw, original data, and the token database containing tokens that map to original data. Having two-factor authentication is nice, but certainly not required. Encryption keys are not necessary for tokenization. Two-person integrity has nothing to do with tokenization.
Data masking can be used to provide all of the following functionality, except:
A. Secure remote access
B. Enforcing least privilege
C. Test data in sandboxed environments
D. Authentication of privileged user
D. Data masking does not support authentication in any way. All the others are excellent uses cases for data masking.
DLP can be combined with what other security technology to enhance data controls?
A. DRM
B. SIEM
C. Kerberos
D. Hypervisors
A. DLP can be combined with DRM to protect intellectual property; both are designed to deal with data that falls into special categories. SIEMs are used to monitoring even logs, not live data movement. Kerberos is an authentication mechanism. Hypervisors are used for virtualization.
What are the US State Department controls on technology exports knows as?
A. ITAR
B. EAR
C. EAL
D. DRM
B. ITAR is a Department of State program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.
What are the US Commerce Department controls on technology exports known as?
A. ITAR
B. EAR
C. EAL
D. DRM
A. EAR is a Commerce Department program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.
Cryptographic keys for encrypted data stored in the cloud should be_______________.
A. At least 128 bits long
B. Not stored wit the cloud provider
C. Split into groups
D. Generated with redundancy
B. Cryptographic keys should not be stored along with the data they secure, regardless of key length. We don’t split crypto keys or generate redundant keys (doing so would violate the principle of secrecy necessary for keys to serve their purpose).
Best practices for key management include all of the following, except:
A. have key recovery process
B. Maintain key security
C. Pass keys out of band
D. Ensure multifactor authenitication
D. We should do all of these except for requiring multifactor authentication, which is pointless in key managment.
Cryptographic keys should be secured
A. To a level at least as high as the data hey can decrypt
B. In vaults
C. By armed guards
D. With two-person integrity
A. The physical security of crypto keys is of some concern, but guards or vaults are not always necessary. Tw-person integrity might be a good practice for protecting keys. The best answer to this questions is option A, because it is always true, whereas the remaining options depend on circumstances.
