Cloud Data Security Flashcards

1
Q

What are the common stages of the data lifecycle?

A
  • Create
  • Store
  • Use
  • Share
  • Archive
  • Destroy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data created by the user should be ______ before uploading to the cloud or if created within the cloud.

A

Encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Packet capture, on-path attacks, and insider threats are all prevented by _____.

A

encryption on data created remotely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

______ helps to analyze networks, manage network traffic, and identify network performance issues. It also allows IT teams to detect intrusion attempts, security issues, network misuse, packet loss, and network congestion.

A

Packet capture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An ________ is when an attacker sits in the middle between two stations and intercepts, and in some cases, changes the information being sent interactively across the network.

A

On-path attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a means to secure network traffic?

A

Using TLS (Transport Layer Security) through an HTPPS connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Provisioning access rights
  • Securing storage locations
  • Protect data thru encryption at rest

Are all security controls that are vital during _____ phase?

A

Store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the set of features an application provides so that a user may supply input to and receive output from the program.

A

An application interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols?

A

APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What contains information on how developers are to structure the communication (requests and responses) between two applications?

A

API documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The application sending the request is called the _____, and the application sending the response is called the _____.

A

Client, server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the most popular and flexible APIs found on the web today, where the client sends requests to the server as data, and the server uses this client input to start internal functions and returns output data back to the client.

A

REST APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data must be protected when it is:

A

Stored, in transit, and at rest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Strong protections in virtualization and shared service implementation
  • Ensure data on virtualized host can’t be read/detected by other VHs on same device
  • Implement personnel/admin controls so workers can’t access raw cust data
A

How CSPs ensure they provide secure environments for data use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Encryption
  • IRM
  • Tagging and permissions models
  • Jurisdiction/legal restrictions (via export or import controls)
  • Egress monitoring
A

Key controls for the Share phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Export restriction that covers State Department prohibitions on defense-related exports:

A

International Traffic in Arms Regulations (ITAR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Export restriction that covers Dept of Commerce prohibitions on dual-use (commercial and military) items:

A

Export Admin Regulations (EAR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Import restriction on cryptosystems or encrypted material:

A

Cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Import restriction where 41 member countries agreed to mutually inform each other about conventional military shipments to non-member countries:

A

The Wassenaar Arrangement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the security considerations for the Archive phase?

A

Cryptography and key management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Cryptography methodology that uses an algebraic elliptical curve that results in smaller keys that can provide the same level of security as the larger ones:

A

Elliptical Curve Cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What areas of physical security are important to consider in Archive phase?

A

Location, format, staff, and procedure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is storage specifically designed to be used for extended periods of time?

A

Long-term storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Amazon Glacier, Azure Archive Storage, and Google Coldline and Archive

A

3 examples of long-term storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is storage for data that exists only as long as an instance does?

A

Ephemeral storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is storage you have direct access to?

A

Raw storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are some examples of raw storage?

A

Hard drive, SSD. You have direct access to underlying storage rather than a storage service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the type of storage that’s represented as a drive attached to the user’s virtual machine?

A

Volume storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A type of volume storage where data is stored/displayed as files and folders:

A

File storage - file level storage - file based storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A blank volume that the customer/user can put anything into.

A

Block storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Volume storage can be offered in any cloud service model but is often associated with _____.

A

IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Object based storage includes:

A

Production content and metadata for object stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Object storage can be in any service model but is usually associated with _____.

A

IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

In the cloud, the database is usually ________, accessed by users utilizing _______.

A

Back-end storage in the data center
Online apps or APIs through a browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
  • Traditional relational databases
  • Nonrelational databases (key-value databases)
  • Document oriented databases
A

Are types of databases CSPs may provide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Databases are most often configured to work with ______.

A

Paas and Saas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Security methods for databases are:

A
  • Minimizing datasets
  • Anonymization/
    pseudonymization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  • Exposure and malicious access
  • Risks to data integrity
  • Exposure of data
  • DDoS
A

Long term storage threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Same as long term + risk to IR and forensics b/c the devices may be automatically destroyed when systems are terminated unless intentionally preserved.

A

Ephemeral storage threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Leaving fragments of data available to next user are _____ threats.

A

Raw storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware – rather than targeting the program or its code directly.

A

Side channel attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Encryption is used to protect data ________.

A

At rest, in transit, and in use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Encryption is used w/in the customer’s enterprise environment to ______, and within the datacenter to ______.

A

Protect data
Keep tenants from accessing each other’s data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What are strings of bits that allow for encryption/decryption to occur?

A

Encryption keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Encryption keys must be at ______ as the data they protect.

A

Same level of control or higher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What type of encryption is where the encryption key is stored in the database itself?

A

Transparent encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is a device that can safely create, store, and manage encryption keys and is used in servers, data transmission, and log files?

A

HSM = Hardware security module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

This is used to hold keys in a secure way so they can be recovered by authorized parties.

A

Key escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What are two reasons a key escrow might be used?

A

Incident response
Legal holds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

T/F: Keys should be stored in the CP’s data center.

A

False - somewhere other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What are 3rd party providers that handle IAM and key management services?

A

CASB - Cloud Access Security Broker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

T/F: The cost of using a CASB is higher than maintaining keys within the org.

A

False - much lower

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What are the commonly used CASBs?

A

Zscaler, Netskope, and McAfee’s Enterprise CASB tool.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is a common issue with keys in the cloud?

A

Inadvertent exposure of private keys in public repositories.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Malicious actors can scan _________ looking for private keys that may have been uploaded w/ other materials when coding projects are submitted.

A

GitHub and other code repositories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Certificates rely on a _______.

A

Public and private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Certificates may be _______

A

Self-generated or generated by a CA (Certificate Authority)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What uses an algorithm to transform a given string of characters into another value?

A

Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

T/F: Hash output is smaller than input provided.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What are two uses of hashes?

A
  • Checking if a file has changed
  • Storing and retrieving data quickly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

T/F: You can decrypt a hash value.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

T/F: Hashes are one-way functions that have keys.

A

F - they don’t have keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What allows you to determine what the input was for a given hash?

A

Rainbow table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What is the technique to make data less meaningful, detailed, or readable?

A

Obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is the replacement of date or part of the data w/ randomized info?

A

Randomization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

When is randomization useful?

A

When you want to remove the real data but maintain its attributes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Removing identifiable data is _____.

A

Anonymization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What involves using a one-way cryptographic function to create a digest of the original data?

A

Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What is using different entries from within the same dataset to represent the data?

A

Shuffling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is hiding the data with useless characters?

A

Masking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is deleting raw data before it is represented?

A

Nulls

72
Q

What is replacing sensitive data with a replacement value called a token?

A

Tokenization

73
Q

Obscuring can be done in ______ or _____ configurations.

A

Dynamic or static

74
Q

New dataset is created as a copy from the original data.

A

Static obscuring

75
Q

Data is obscured as it’s accessed.

A

Dynamic obscuring

76
Q

Tokenization is the process of having two distinct databases:

A

One w/ live, actual sensitive data and one with nonrepresentational tokens mapped to each piece of that data.

77
Q

PCI DSS allows _______ instead of _______ for sensitive cardholder data.

A

Tokenization, encryption

78
Q

DLP tools are also sometimes called:

A

Egress monitoring tools

79
Q

DLP identifies controlled data using:

A

Tagging, pattern matching, etc.

80
Q
  • Search for numeric strings to detect SSN
  • Use categorization/labels/metadata
  • Use keyword searches
A

DLP functions

81
Q

The monitoring task can be implemented:

A

At points of network egress or on all hosts that process data within the production environment.

82
Q

Downsides of DLP:

A
  • High processing overhead
  • Complicated config and usage due to insufficient data center access
83
Q

What are Amazon, Azure, and Google monitoring services called?

A

CloudWatch, Azure Monitor, GCP Operations Suite

84
Q

What are the basic elements of any log you capture:

A

Identity, IP address, geolocation, time stamps

85
Q

ID what you log, what events are most important, which should be alerted, where logs are stored/analyzed, how long you will retain, and how you will secure when designing _____

A

data security models and architecture

86
Q

What are the best practices for logging and analysis for Amazon, Azure, and Google?

A

Well-Architected Tools, Well-Architected Framework, Cloud Architecture Framework

87
Q
  • Centralize collection of log data
  • Enhance analysis capabilities
  • Dashboarding
  • Automated response
A

SIEM goals

88
Q

SIEMs are only useful when:

A

Someone actually looks at what they produce.

89
Q

Data should always be stored in

A

more than one location

90
Q

– Local: replicas within a single datacenter
– Zone: replicas to multiple datacenters within a region
– Global: region level resiliency (replicas to backup region)

A

Cloud storage for IaaS levels of storage redundancy

91
Q

Is useful to gain visibility and ensure that adequate security controls are implemented

A

data flow diagram

92
Q
  • Decreased development time and faster deployment of new system features.
  • Visibility into data movement, critical for regulatory compliance, where data security is often mandated in law.

These are benefits of a _____.

A

data flow diagram

93
Q

T/F: Creating the DFD can be both a risk assessment activity and a crucial compliance activity.

A

True

94
Q

Ephemeral, raw, long term, volume, and object storage are associated with:

A

IaaS

95
Q

Disk, databases, binary large object (blob) are associated with

A

PaaS

96
Q

Information storage and management, content and file storage, content delivery network (CDN) are associated with

A

SaaS

97
Q
  • Raw Storage. Physical media, allows a VM access a storage LUN
  • Volume storage. Attached as IaaS Instance (EC)
  • Object storage. S3 storage bucket, Azure storage
A

IaaS

98
Q

– Structured. Relational databases
– Unstructured. Big data

A

PaaS

99
Q

– Information Storage and Mgmt. Data entered via the web interface
– Content/File Storage. File based content
– Ephemeral Storage. It used for any temporary data such as cache, buffers, session data, swap volume, etc.
– Content Delivery Network (CDN) Geo distributed content for (better UX)

A

SaaS

100
Q

– Unauthorized access threatens
– Improper modification threatens
– Loss of connectivity threatens

A

C
I
A

101
Q

— Jurisdictional issues
— Denial of service
— Data corruption/destruction
— Theft or media loss
— Malware and ransomware
— Improper disposal

A

threats to storage

102
Q

Primarily a cost and operational concern. Ease of use can lead to unofficial use, unapproved deployment, and unexpected costs

A

unauthorized provisioning - shadow IT

103
Q

Privacy legislation bars data transfer to countries without adequate privacy protections, like _____

A

Germany

104
Q

Defenses for data corruption/destruction are least privilege, _____, and offsite data backups

A

RBAC

105
Q

Who retains responsibility for preventing the loss of physical media through appropriate physical security controls?

A

CSP

106
Q

Who is responsible for hardware disposal?

A

CSP

107
Q
  • Back up your computer
  • Store backups separately
  • File auto versioning
A

ransomware countermeasures

108
Q
  • Update and patch computers
  • Use caution with web links
  • Use caution with email attachments
  • Verify email senders
  • Preventative software programs
  • User awareness training
A

ransomware prevention

109
Q

Relies on the use of a single shared secret key. Lacks support for scalability, easy key
distribution, and nonrepudiation

A

symmetric

110
Q

Public private key pairs for communication between parties. Supports scalability, easy
key distribution, and nonrepudiation

A

asymmetric

111
Q

_____keys are shared among communicating parties. _____ keys are kept secret.

A

Public / Private

112
Q

To encrypt a message:
To decrypt a message:

A

use the recipient’s public key / use your own private key

113
Q

To sign a message:
To validate a signature:

A

use your own private key / use the sender’s public key

114
Q

bridge, hierarchical, hybrid, and mesh.

A

trust models used with public key infrastructure ( PKI)

115
Q

Many CSPs offer FIPS compliant virtualized _____ to securely generate, store, and control access to cryptographic keys.

A

HSMs

116
Q

Organizations that use multiple cloud providers or need to retain physical control over key management may need to implement a _____

A

bring-your-own-key (BYOK) strategy

117
Q

Provides encryption of data as it is written to storage, utilizing keys that are controlled by the CSP.

A

storage-level encryption

118
Q

Provides encryption of data written to volumes connected to specific VM instances, utilizing keys controlled by the customer.

A

Volume-level encryption

119
Q

Encryption of objects as they are written to storage, in which case the CSP likely controls the keys and could potentially access the data.

A

object-level encryption

120
Q

Implemented in client apps, such as word processing apps like Microsoft
Word or collaboration apps like SharePoint

A

file level encryption

121
Q

Implemented in an application typically using object storage. Data entered by user typically encrypted before storage

A

Application level encryption

122
Q

Transparent data encryption (database files, logs, backups), column level or row level encryption, or data masking

A

Database level encryption

123
Q

The process of removing all relevant data so that it is impossible to identify original subject or person. If done effectively, then GDPR is no longer relevant for the data.

A

Anonymization

124
Q

De identification procedure using pseudonyms (aliases) to represent other data. Can result in less stringent requirements than would otherwise apply under the GDPR.

A

Pseudonymization

125
Q

A one way function that scrambles plain text to produce a unique message digest. Conversion of a string of characters into a shorter fixed length value. No way to reverse if properly designed

A

hashing

126
Q

Verification of digital signatures
Generation of pseudo random numbers
Integrity services

A

uses of hashing

127
Q
  1. They must allow input of any length.
  2. Provide fixed length output.
  3. Make it relatively easy to compute the hash function for any input.
  4. Provide one way functionality.
  5. Must be collision free.
A

5 requirements of good hash functions

128
Q

A system designed to identify, inventory, and control the use of data that an
organization deems sensitive. Spans several categories of controls including detective, preventative, and corrective.

A

DLP

129
Q

Is a way to protect sensitive information and prevent its inadvertent disclosure. Can identify, monitor, and automatically protect sensitive information in documents monitors for and alerts on for potential breaches, policy violations like oversharing

A

DLP

130
Q

Are used to verify the identity of a communication party and can also be used for asymmetric encryption by providing a trusted public key. Often used to encrypt a shared session key or other symmetric key for secure transmission.

A

Certificates

131
Q

This is an encrypted hash of a message, encrypted with the sender’s private key. In a signed email scenario, it provides three key benefits:
Authentication. This positively identifies the sender of the email. Ownership of a digital signature secret key is bound to a specific user
Non repudiation. The sender cannot later deny sending the message. This is sometimes required with online transactions
Integrity. Provides assurances that the message has not been modified or
corrupted. Recipients know that the message was not altered in transit

A

digital signature

132
Q

Include cryptographic protocol design, key servers, user procedures, and other relevant protocols.

A

Key Management Design Considerations

133
Q

Create digital certificates and own the policies.

A

Certification Authorities

134
Q

A trust anchor in a PKI environment from which the whole chain of trust is derived.

A

the root certificate

135
Q

A Domain Validated (DV) certificate is an X.509 certificate that

A

proves the ownership of a domain name.

136
Q

Extended validation certificates provide _____ in identifying the entity that is using the certificate.

A

a higher level of trust

137
Q

Usually maintained in an offline state.
Issues certs to new subordinate CAs.

A

root ca

138
Q

Also called a Policy CA or Intermediate CA. Issues certs to new issuing CAs. Have the ability to revoke certificates.

A

Subordinate CA

139
Q

Certificates for clients, servers, devices, websites, etc. issued from here

A

issuing ca

140
Q

If the issuing CA is breached, its certificate can be

A

revoked and a new one issued.

141
Q

Contains information about any certificates that have been revoked by a subordinate CA due to compromises to the certificate or PKI hierarchy.

A

Certificate revocation list (CRL)

142
Q

T/F: CAs are required to publish CRLs, but it’s up to certificate consumers if they check these lists and how they respond if a certificate has been revoked.

A

True

143
Q

Two potential options for tracking revocation:

A

ask for the CRL or if available, OCSP endpoint/service.

144
Q

Endpoint to query for CRL or OCSP is on the _____

A

certificate

145
Q

Offers a faster way to check a certificate’s status compared to downloading a CRL in which the consumer of a certificate can submit a request to obtain the status of a specific certificate.

A

OCSP - online certificate status protocol

146
Q

Records identifying information for a person or device that owns a private key as well as information on the corresponding public key. It is the message that’s sent to the CA in order to get a digital certificate created.

A

Certificate signing request (CSR)

147
Q

the Fully Qualified Domain Name (FQDN) of the entity (e.g web server)

A

CN (common name)

148
Q

Metadata, or data that describes data, is a critical part of discovery in structured data
Semantics, or the meaning of data, is described in the schema or data model and explains relationships expressed in data.

A

discovery methods for structured data

149
Q

How does unstructured data discovery occur?

A

through content analysis, like:
Pattern matching, which compares data to known formats like
credit card numbers.
Lexical analysis: attempts to find data meaning and context to
discover sensitive info that may not conform to a specific pattern
Hashing: attempts to identify known data by calculating a hash of
files and comparing it to a known set of sensitive file hashes

150
Q

JSON, XML, HTML, email messages, NoSQL

A

semi-structured data - may contain meta data to help organize

151
Q

T/F: Network-based DLP may not analyze all traffic between on premises endpoints and cloud.

A

True

152
Q

T/F: An optimal DLP approach will discover data in on-premises and in cloud repositories, as well as in transit

A

True

153
Q

T/F: Tools must be able to scan unstructured data within structured data sources, such as relational databases.

A

True

154
Q

T/F: If a single data classification label has to be placed on a large data source the most sensitive classification found will apply

A

True

155
Q

T/F: Both unstructured and structured in same repository will increase tool cost and complexity and may present classification challenges

A

True

156
Q

Exceptionally grave damage
Serious damage
Damage
No damage

A

top secret/confidential/proprietary
secret/private
confidential/sensitive
unclassified/public

157
Q

Who regulates PHI?

A

HIPAA
HITRUST

158
Q

Brings understanding that enables implementation of security controls and classification polices. Usually precedes classification and labeling

A

mapping

159
Q

Enforce data rights, provisioning access, and implementing access control model. Often implemented to control access to data designed to be shared but not freely distributed. Can be used to block specific actions, like print, copy/paste, download, and sharing. Provide file expiration so that documents can no longer be viewed after a specified time

A

IRM programs

160
Q

persistence
dynamic policy control
expiration
continuous audit trail
interoperability

A

IRM objectives

161
Q
  • Centralized service for identity proofing and certificate issuance, store of revoked certificates, and for unauthorized identify information access.
  • Enables enforcement from anywhere.
  • Secrets storage: These solutions require local storage for encryption keys, tokens, or digital certificates used to validate users and access authorizations.
  • Local storage requires protection primarily for data integrity to prevent tampering
A

IRM

162
Q

Provides inventor exclusive use of their invention for a period of time, generally 20 years.

A

patent

163
Q

Retention happens b/w _____.

A

archive and destroy

164
Q
  • Data Encryption
  • Data Monitoring
  • eDiscovery and Retrieval
  • Backup and DR Options
  • Data Format
  • Media Type
A

key elements of data archiving

165
Q

To maintain data governance, it is required that all data access and movements be _____

A

tracked and logged.

166
Q

T/F: Accountability, traceability, auditability should be maintained in data archiving

A

True

167
Q

Directly promotes good user behavior and compliance with the organization’s security policy.

A

auditing

168
Q

Help ensure that management programs are effective and being followed. Commonly associated with account management practices to prevent violations with least privilege or need to know principles. Can also be performed to oversee many programs and processes

A

security audits and reviews

169
Q

T/F: Because the cloud customer has nearly full control over their compute environment in IaaS, including system and network capabilities, virtually all logs and data events should be exposed and available for capture.

A

True - same level of detail on app level in PaaS

170
Q

T/F: In SaaS, customer responsibility is limited to access control, shared responsibility for data recovery, and feature configuration

A

True

171
Q

Sufficient user ID attribution should be accessible, or it may be impossible to determine who performed a specific action at a specific time.

A

identity attribution

172
Q

What should logs be able to answer?

A

“Who did (source address and user identity)
what, (event type, severity, flag, and description)
when, (date, time, interaction identifier)
and from where?” Application identifier (name, version, etc.), application address, Service, Geolocation, Window/for/page (URL and HTTP method), and Code location
(script or module name)

173
Q

Provides evidence integrity through convincing proof evidence was not tampered with in a way that damages its reliability.

A

chain of custody

174
Q

Documents key elements of evidence movement and handling, including :
- Each person who handled the evidence
- Date and time of movement/transfer
- Purpose evidence movement/transfer

A

chain of custody

175
Q

Inclusion of sufficient evidence in log files
Digital Signatures

A

methods to provide non-repudiation