Chapter 7 - Confidentiality and Privacy

Question 1

What three things should you see when reviewing the efficiency of a training and education program on confidentiality and privacy?

Answer 1

1. Have a document policy that aligns with current procedures
2. Conduct regular training sessions
   3.maintains records to track employee participation and compliance

Question 2

What is a common attack against hashes? Define it

Answer 2

Collision attack - allows bad actors to create different inputs that result in the same hash value

Question 3

What is SSH

Answer 3

1. Called secure shell
2. method for secure remote communications from one computer to another.
3. Provides strong authentication and secure channel over internet or unsecured networks

Question 4

Transport Layer Security

1. What does it protect
2. What does it authenticate

Answer 4

protect the confidentiality and integrity of data in transit.

Authenticates web server or both then server and client

Question 5

A digital envelope uses what type of encryption?

Answer 5

Asymmetric and symmetric encryption

Question 6

Performing regular audits and checking system logs are examples of what?

Answer 6

Reactive measures

• detect ongoing crimes and crimes that have already been committed

Question 7

Digital signatures use what?

Answer 7

Hashing and asymmetric encryption

Question 8

What helps the autior understand how a carved out org communicates to subcompany in Soc 2

Answer 8

Orgs contractual agreement

Question 9

What governance process involves creating usage policies based on sensitive data classifications?

Answer 9

Data loss prevention

Question 10

What would you do to compare the process with the documented policy?

Answer 10

Walkthrough

Question 11

Which Principle compares your company to other companies in the same industry?

Answer 11

Governance

Question 12

How can you monitor data usage through automated and manual activities as part of a data loss prevention program?

Answer 12

Data Access logs

-Logs provide an audit trail showing the date, time, and user who created, read, updated, or deleted data.

Question 13

Who selects members of the incident handling and incident response teams?

Answer 13

Senior Management

Question 14

What encryption uses AES
-Generate keys of 128, 192,258
-uses the same key for encryption and decryption

Answer 14

Symmetric encryption

Question 15

What encrpytion uses RSA
- Generate keys of 2048, 3072, 4096
-Uses a public key for encryption and a private key for decryption
-used for digital signatures

Answer 15

Asymmetric encryption

Question 16

What method is most effect for encrypting data on mobile devices?

Answer 16

Elliptic curve cryptography

Requires shorter keys and limited bandwidth resources

Question 17

What do you use to encrypt data before transmission, especially when accessed remotely?

Answer 17

Cryptographic keys