Data Protection Flashcards
1.4 - Explain the importance of using appropriate cryptographic solutions 3.3 - Compare and contrast concepts and strategies to protect data 4.2 - Explain the security implications of proper hardware, software, and data asset management 4.4 - Explain security alerting and monitoring concepts and tools 5.1 - Summarize elements of effective security governance
Which of the following classification levels is most appropriate for information such as trade secrets or intellectual property?
A. Public
B. Sensitive
C. Confidential
D. Critical
Answer: C. Confidential
Explanation: Correct: Confidential classification includes sensitive data like trade secrets, intellectual property, and source code that could harm the business if disclosed. Incorrect Options:
A: Public data has minimal or no impact if disclosed.
B: Sensitive data might cause minimal impact if leaked but is not as critical as confidential information.
D: Critical data holds highly restricted information but is less specific than confidential data.
Which of the following is NOT a commercial business data classification level?
A. Public
B. Sensitive
C. Confidential
D. Top Secret
Answer: D. Top Secret
Explanation: Correct: Top Secret is a classification used by government organizations, not commercial businesses. Incorrect Options:
A: Public data is openly accessible without significant impact.
B: Sensitive data can cause minimal harm if disclosed, e.g., financial data.
C: Confidential data is highly sensitive and requires strict access control.
Which of the following classification levels would most likely apply to an organization’s internal employee records, including salaries?
A. Public
B. Sensitive
C. Private
D. Critical
Answer: C. Private
Explanation: Correct: Private data is internal, such as employee records, that do not need to be disclosed externally. Incorrect Options:
A: Public data is freely available without significant impact.
B: Sensitive data is for information that would cause minimal damage if released.
D: Critical data is the most highly restricted due to its extreme value.
Choose Two) Which of the following types of data could be classified as “Sensitive but Unclassified” in a government organization?
A. Personal medical records
B. Military deployment plans
C. Social Security numbers of citizens
D. Government trade secrets
Answer:
A. Personal medical records
C. Social Security numbers of citizens
Explanation: Correct: Sensitive but Unclassified includes data that could harm individuals but not national security, like medical records and personal identifiers. Incorrect Options:
B: Military deployment plans would fall under Secret or Top Secret.
D: Government trade secrets would be classified as Confidential.
What is one consequence of over-classifying data within an organization?
A. Improved security at a lower cost
B. Unnecessary resource allocation and increased costs
C. Easier access for all personnel
D. Decreased technical protections
Answer:
B. Unnecessary resource allocation and increased costs
Explanation: Correct: Over-classifying data leads to spending excessive time, money, and resources on protection measures. Incorrect Options:
A: Over-classifying leads to higher, not lower, costs.
C: Over-classifying restricts access rather than making it easier.
D: Over-classification actually increases technical protections unnecessarily.
(Choose Three) Which of the following actions should be included in an organization’s data lifecycle policy?
A. Clearly defined data retention period
B. Detailed destruction process once data is no longer needed
C. Public access to all data after one year
D. Compliance with legal and regulatory requirements
E. Continuous monitoring of data throughout its lifecycle
Answer:
A. Clearly defined data retention period
B. Detailed destruction process once data is no longer needed
D. Compliance with legal and regulatory requirements
Explanation: Correct: Data lifecycle policies should define retention periods, include destruction procedures, and comply with legal requirements. Incorrect Options:
C: Public access is not typically part of a controlled data lifecycle unless specified.
E: While monitoring is important, it’s not a direct part of the lifecycle management outlined here.
Which government classification level is most likely to include military deployment plans?
A. Confidential
B. Secret
C. Top Secret
D. Sensitive but Unclassified
Answer:
B. Secret
Explanation: Correct: Secret classification includes military deployment plans and other sensitive information that could damage national security. Incorrect Options:
A: Confidential information is restricted but not as sensitive as Secret.
C: Top Secret data is even more sensitive than Secret and may involve extremely high-value information.
D: Sensitive but Unclassified does not pose a major national security risk.
Which classification level would be used for data such as publicly available course materials or a company’s public website information?
A. Public
B. Sensitive
C. Private
D. Confidential
Answer: A. Public
Explanation: Correct: Public data is openly available and poses no impact on the organization if disclosed. Incorrect Options:
B: Sensitive data has some level of risk if disclosed.
C: Private data is internal and not accessible to the public.
D: Confidential data includes information that could seriously affect the organization if leaked.
Who is responsible for labeling information assets and ensuring they are protected with appropriate controls?
A. Data Controller
B. Data Processor
C. Data Owner
D. Privacy Officer
Answer:
C. Data Owner
Explanation:
Correct: The data owner is a senior executive responsible for labeling information assets and ensuring their protection with appropriate controls.
Incorrect Options:
A: The data controller determines the purposes and methods of data storage and collection.
B: The data processor assists with tasks assigned by the data controller.
D: The privacy officer oversees privacy-related data compliance.
(Choose Two):
Which roles focus on data quality and enforcing access controls?
A. Data Owner
B. Data Custodian
C. Data Controller
D. Data Steward
Answer:
B. Data Custodian
D. Data Steward
Explanation:
Correct:
B: The data custodian enforces access controls, encryption, and backup measures for data.
D: The data steward ensures data quality and appropriate labeling.
Incorrect Options:
A: The data owner focuses on labeling and overall protection controls.
C: The data controller determines data storage, collection, and usage.
Match the following roles to their responsibilities:
Data Processor
Data Custodian
Privacy Officer
A. Responsible for managing systems storing data assets
B. Assists with data collection and processing under the controller’s direction
C. Ensures compliance with privacy regulations
Answer:
1 - B
2 - A
3 - C
Explanation:
Data Processor: Assists the data controller with collection/processing.
Data Custodian: Manages systems for storing and protecting data.
Privacy Officer: Oversees privacy compliance for sensitive data like PII, SPI, and PHI.
(Choose Three):
Which principles are critical for ensuring proper data ownership within an organization?
A. Assigning IT personnel as data owners
B. Selecting knowledgeable department leaders as data owners
C. Maintaining data confidentiality, integrity, and availability
D. Ensuring data minimization and retention policies
Answer:
B. Selecting knowledgeable department leaders as data owners
C. Maintaining data confidentiality, integrity, and availability
D. Ensuring data minimization and retention policies
Explanation:
Correct:
B: Data owners should be department leaders who understand the data’s context.
C: Protecting confidentiality, integrity, and availability is a primary goal.
D: Governance includes data minimization and retention policies.
Incorrect Option:
A: IT personnel are better suited as data custodians, not owners.
What are the responsibilities of a data controller?
A. Ensuring encryption of all data assets
B. Deciding purposes and methods for data storage and usage
C. Assisting with data quality assurance
D. Overseeing access controls and recovery measures
Answer:
B. Deciding purposes and methods for data storage and usage
Explanation:
Correct: The data controller determines data purposes and methods while ensuring legality.
Incorrect Options:
A: This is a responsibility under encryption management, often handled by custodians.
C: Data stewards focus on data quality.
D: Custodians manage access control and recovery.
Which role is responsible for ensuring compliance with regulatory frameworks for sensitive data like PII or PHI?
A. Data Steward
B. Privacy Officer
C. Data Custodian
D. Data Owner
Answer:
B. Privacy Officer
Explanation:
Correct: The privacy officer ensures compliance with regulations concerning sensitive data.
Incorrect Options:
A: Stewards focus on data quality and labeling.
C: Custodians manage the systems where data is stored.
D: Owners focus on overall control and classification.
What is the primary responsibility of a data custodian?
A. Alerting stakeholders of potential breaches
B. Managing systems storing data assets
C. Deciding on data retention policies
D. Labeling and classifying data assets
Answer:
B. Managing systems storing data assets
Explanation:
Correct: The data custodian enforces access controls, manages encryption, and ensures backup measures.
Incorrect Options:
A: Alerting stakeholders falls under monitoring or incident response teams.
C: Retention policies are often set by the privacy officer.
D: Labeling and classification are handled by stewards or owners.
What are the three states of data in the data lifecycle?
A. Data in Motion, Data at Rest, Data in Use
B. Data in Transition, Data in Storage, Data in Access
C. Data in Use, Data in Rest, Data in Progress
D. Data at Rest, Data in Transit, Data in Use
Answer:
D. Data at Rest, Data in Transit, Data in Use
Explanation:
Correct: These are the three recognized states of data: data stored (at rest), moving (in transit), or actively processed (in use).
Incorrect Options:
A: “Data in Motion” is a synonym for “Data in Transit,” but the other terms are incorrect.
B & C: These combinations do not accurately reflect the established states of data.
Which of the following methods can protect data at rest? (Choose Three)
A. Full Disk Encryption (FDE)
B. VPN (Virtual Private Network)
C. Record Encryption
D. Database Encryption
E. SSL/TLS
Answer:
A. Full Disk Encryption (FDE)
C. Record Encryption
D. Database Encryption
Explanation:
Correct:
Full Disk Encryption protects the entire storage medium.
Record Encryption secures specific fields in a database.
Database Encryption secures data at the column, row, or table level.
Incorrect Options:
B: VPN secures data in transit, not at rest.
E: SSL/TLS secures communication over networks (data in transit).
Which encryption method secures the entire storage medium, ensuring all data is encrypted when the system is off?
A. File Encryption
B. Volume Encryption
C. Full Disk Encryption (FDE)
D. Partition Encryption
Answer:
C. Full Disk Encryption (FDE)
Explanation:
Correct: Full Disk Encryption encrypts the entire hard drive, protecting all data when the system is off.
Incorrect Options:
A: File Encryption only encrypts individual files.
B: Volume Encryption applies to selected directories or files.
D: Partition Encryption targets specific partitions, not the whole disk.
Which two methods are commonly used to secure data in transit? (Choose Two)
A. IPSec
B. Database Encryption
C. Secure Sockets Layer (SSL)
D. Record Encryption
Answer:
A. IPSec
C. Secure Sockets Layer (SSL)
Explanation:
Correct:
IPSec secures IP communications through encryption and authentication.
SSL provides secure communication over networks like web browsing and email.
Incorrect Options:
B: Database Encryption secures data at rest.
D: Record Encryption applies to database fields, not data in transit.
Which mechanism encrypts data in memory to prevent unauthorized access during processing?
A. Secure Sockets Layer (SSL)
B. INTEL Software Guard
C. Volume Encryption
D. VPN
Answer:
B. INTEL Software Guard
Explanation:
Correct: INTEL Software Guard encrypts data in memory, safeguarding it from unauthorized processes.
Incorrect Options:
A: SSL secures data in transit, not in use.
C: Volume Encryption applies to stored data, not actively processed data.
D: VPN protects data in transit.
Which of the following are transport encryption protocols?
A. SSL/TLS
B. VPN
C. IPSec
D. All of the above
Answer:
D. All of the above
Explanation:
Correct: All options listed (SSL/TLS, VPN, and IPSec) are valid transport encryption protocols used to secure data in transit.
Which three of the following are encryption methods specifically used for data at rest? (Choose Three)
A. File Encryption
B. Full Disk Encryption (FDE)
C. IPSec
D. Partition Encryption
E. VPN
Answer:
A. File Encryption
B. Full Disk Encryption (FDE)
D. Partition Encryption
Explanation:
Correct: These encryption methods target stored data, securing files, partitions, or the entire disk.
Incorrect Options:
C: IPSec is used for data in transit.
E: VPN creates secure connections for data in transit.
Why is it essential to understand the three data states (data at rest, data in transit, and data in use)?
A. To implement specific security measures for each state
B. To enhance the user experience of network applications
C. To optimize data storage efficiency
D. To replace encryption protocols with less complex methods
nswer:
A. To implement specific security measures for each state
Explanation:
Correct: Different data states require tailored security measures to protect against unique threats.
Incorrect Options:
B: Security measures do not directly influence user experience.
C: Data state understanding focuses on security, not storage efficiency.
D: Encryption protocols remain critical for securing data.
Which of the following are examples of regulated data? (Choose Three)
A. PII
B. PHI
C. Trade Secrets
D. Financial Information
E. Intellectual Property
Answer: A, B, D
Explanation:
Correct:
A: PII (Personal Identification Information) is regulated by laws to ensure individual privacy.
B: PHI (Protected Health Information) is regulated under laws such as HIPAA in the U.S.
D: Financial Information is subject to regulations like PCI DSS to protect against fraud.
Incorrect:
C: Trade Secrets are confidential business information but are not directly regulated by law like PII or PHI.
E: Intellectual Property is protected by patents, copyrights, and trademarks, not by data-specific regulations.
What are the two key regulations associated with regulated data in the U.S. and the European Union?
A. GDPR
B. PCI DSS
C. HIPAA
D. DMCA
Answer: A, C
Explanation:
Correct:
A: GDPR (General Data Protection Regulation) applies in the European Union and governs personal data privacy.
C: HIPAA (Health Insurance Portability and Accountability Act) governs PHI in the U.S.
Incorrect:
B: PCI DSS applies to financial data security but is not a general data privacy regulation.
D: DMCA relates to intellectual property rights, not regulated data.
Which type of data includes manufacturing processes and proprietary software, providing a competitive edge to organizations?
A. Trade Secrets
B. PII
C. Legal Information
D. Intellectual Property
Answer: A
Explanation:
Correct:
A: Trade Secrets include confidential business information like manufacturing processes and proprietary software.
Incorrect:
B: PII is personal information identifying individuals.
C: Legal Information relates to legal proceedings or contracts.
D: Intellectual Property covers creations like inventions, not business strategies.
Which two types of data require specific software or machines to interpret?
A. PHI
B. Trade Secrets
C. Non-Human-Readable Data
D. Human-Readable Data
Answer: C, D
Explanation:
Correct:
C: Non-Human-Readable Data includes binary code or machine language, requiring software for interpretation.
D: Human-Readable Data, like text documents, is understandable directly without machines.
Incorrect:
A: PHI does not relate to machine-readable formats.
B: Trade Secrets do not specify readability.
What is the importance of protecting intellectual property (IP)?
A. Encourages innovation and creativity
B. Prevents identity theft
C. Maintains legal privilege
D. Provides insight into business operations
Answer: A
Explanation:
Correct:
A: Protecting IP encourages innovation by safeguarding inventions, artistic works, and designs.
Incorrect:
B: Preventing identity theft applies to protecting PII or financial data.
C: Maintaining legal privilege is relevant to legal information.
D: Insights into business operations relate to data analytics, not IP.
What are the benefits of proper classification and security of data types? (Choose Three)
A. Protect valuable assets
B. Comply with regulations
C. Prevent data readability
D. Maintain reputation and trust
Answer: A, B, D
Explanation:
Correct:
A: Protecting assets ensures that confidential data remains secure.
B: Compliance with regulations avoids penalties and maintains legal integrity.
D: Trust is maintained with customers and partners through secure practices.
Incorrect:
C: Preventing data readability is not a benefit; accessibility depends on need and format.
Match the following data types with their corresponding regulations:
1- PII
2- PHI
3- Financial Information
A. PCI DSS
B. HIPAA
C. GDPR
Answer:
1 - C
2 - B
3 - A
Explanation:
PII (C): GDPR regulates personal data in the EU.
PHI (B): HIPAA governs protected health information in the U.S.
Financial Information (A): PCI DSS ensures secure handling of payment data.
Which type of data includes sales records and tax documents and is targeted by cybercriminals for fraud?
A. Intellectual Property
B. Legal Information
C. Financial Information
D. Non-Human-Readable Data
Answer: C
Explanation:
Correct:
C: Financial Information includes sales records, invoices, and tax documents and is a target for fraud and theft.
Incorrect:
A: Intellectual Property relates to inventions or designs.
B: Legal Information pertains to legal proceedings.
D: Non-Human-Readable Data refers to machine-readable formats.
Which of the following are examples of data protection regulations that may influence an organization’s cryptographic strategies? (Choose Two)
A. GDPR
B. TLS
C. Data Sovereignty
D. AES
Answer:
A. GDPR
C. Data Sovereignty
Explanation:
A. GDPR: The General Data Protection Regulation imposes strict rules on the protection of personal data, influencing cryptographic solutions like encryption for data protection.
C. Data Sovereignty: This refers to the requirement that data is subject to the laws of the country it resides in, which can dictate the use of specific cryptographic measures.
B. TLS: While TLS is a cryptographic protocol for securing data in transit, it is not a data protection regulation.
D. AES: AES is a cryptographic algorithm, not a regulation.
What are the geographical considerations that impact data protection and can complicate compliance for multinational companies? (Choose Three)
A. GDPR
B. Access Restrictions
C. Data Sovereignty Laws
D. GDPR Fines
E. Cloud Storage Location
Answer:
A. GDPR
C. Data Sovereignty Laws
E. Cloud Storage Location
Explanation:
A. GDPR: Imposes data protection requirements within EU/EEA borders, affecting companies globally.
C. Data Sovereignty Laws: Countries like China and Russia require data to be stored and processed within their borders, impacting international companies.
E. Cloud Storage Location: The physical location of cloud storage can determine which regulations apply, which is a critical factor in data protection strategies.
B. Access Restrictions: While important, access restrictions are not directly related to geographical concerns about data protection.
D. GDPR Fines: Fines are consequences of non-compliance, but not a geographical consideration.
How does proper data asset management relate to data sovereignty and its geographical implications?
A. It ensures that data is stored in compliance with local laws
B. It helps avoid data being stored in regions with stricter laws
C. It ensures that cloud services restrict access to multiple locations
D. It reduces the cost of data storage
Answer:
A. It ensures that data is stored in compliance with local laws
B. It helps avoid data being stored in regions with stricter laws
Explanation:
A. Ensuring data is stored in compliance with local laws is a key part of managing data assets in accordance with data sovereignty requirements.
B. Avoiding storage in regions with stricter laws ensures organizations don’t face legal challenges due to non-compliance with regulations like GDPR or national sovereignty laws.
C. Access restrictions are important for security but don’t directly relate to data asset management in terms of geographical storage compliance.
D. Reducing storage cost is unrelated to data sovereignty.
Which of the following are crucial aspects of managing data in compliance with data sovereignty laws? (Choose Two)
A. Knowledge of data center locations
B. Cloud service encryption protocols
C. Understanding cross-border data flow restrictions
D. Monitoring access from multiple geographic locations
Answer:
A. Knowledge of data center locations
C. Understanding cross-border data flow restrictions
Explanation:
A. Knowledge of data center locations: Knowing where your data is physically stored is crucial to comply with data sovereignty laws.
C. Understanding cross-border data flow restrictions: This is necessary to prevent illegal transfer of data across borders, which could violate data protection laws.
B. Cloud service encryption protocols: While important for protecting data, they are not directly related to data sovereignty laws.
D. Monitoring access from multiple geographic locations: While it is important for security, this is more about access control rather than data sovereignty compliance.
Which of the following are elements of effective security governance when addressing data sovereignty and privacy regulations? (Choose Two)
A. Legal guidance
B. Cloud-based access control
C. Regular data encryption updates
D. Strategic use of technology
Answer:
A. Legal guidance
D. Strategic use of technology
Explanation:
A. Legal guidance: Ensuring that data management complies with local laws and regulations is crucial for governance in the context of data sovereignty.
D. Strategic use of technology: Organizations must use technology wisely to navigate complex data sovereignty laws and maintain compliance.
B. Cloud-based access control: While relevant for security governance, it’s not specific to data sovereignty.
C. Regular data encryption updates: This is important for overall security but does not directly relate to governance for data sovereignty compliance.
Which of the following are methods of securing data that involve transforming or replacing sensitive information? (Choose Two)
A. Encryption
B. Hashing
C. Tokenization
D. Segmentation
Answer:
A. Encryption
C. Tokenization
Explanation:
Correct:
Encryption transforms plaintext into ciphertext using algorithms and keys to protect data at rest and in transit.
Tokenization replaces sensitive data with non-sensitive tokens, where the original data is stored securely in a separate database.
Incorrect:
Hashing is a one-way function that converts data into a fixed-size hash value and cannot be reversed.
Segmentation involves dividing a network into segments to enhance security, but does not transform data directly.
Which of the following security techniques is most commonly used for password storage?
A. Masking
B. Hashing
C. Encryption
D. Obfuscation
Answer:
B. Hashing
Explanation:
Correct:
Hashing is a one-way function used for storing passwords securely, ensuring the original password cannot be recovered.
Incorrect Options:
Masking replaces some or all data with placeholders but is not used for password storage.
Encryption can be used for protecting data, but it’s reversible with a decryption key, unlike hashing.
Obfuscation makes data unclear or unintelligible but is not a typical method for storing passwords securely.
What are the three main benefits of implementing segmentation in a network? (Choose Three)
A. Prevents lateral movement during a breach
B. Encrypts sensitive data
C. Limits the damage caused by a breach
D. Allows for separate security controls for each segment
Answer:
A. Prevents lateral movement during a breach
C. Limits the damage caused by a breach
D. Allows for separate security controls for each segment
Explanation:
Correct:
Segmentation divides a network into separate segments, preventing lateral movement during a breach, limiting damage, and allowing tailored security for each segment.
Incorrect:
Encryption protects data, but it’s not a direct benefit of segmentation.
Which of the following data protection techniques are irreversible methods for de-identifying sensitive data? (Choose Two)
A. Encryption
B. Tokenization
C. Masking
D. Hashing
Answer:
C. Masking
D. Hashing
Explanation:
Correct:
Masking replaces sensitive data with placeholders and cannot be reversed, making it an irreversible de-identification method.
Hashing is an irreversible process that converts data into a fixed-size hash and cannot be converted back to its original form.
Incorrect:
Encryption is reversible with the decryption key.
Tokenization replaces sensitive data with tokens, but the original data can be retrieved from a separate secure database.
Which of the following methods are used to restrict data access based on location?
A. Geofencing
B. Masking
C. Segmentation
D. Encryption
Answer:
A. Geofencing
Explanation:
Correct:
Geofencing involves setting up virtual boundaries to restrict data access based on geographic location, often used to comply with data sovereignty laws.
Incorrect Options:
Masking and Encryption are data protection techniques, not methods for restricting access based on location.
Segmentation divides networks into secure segments, unrelated to geographic access control.
Which of the following techniques are used for protecting sensitive information in payment processing systems? (Choose Two)
A. Hashing
B. Tokenization
C. Encryption
D. Geofencing
Answer:
B. Tokenization
C. Encryption
Explanation:
Correct:
Tokenization replaces sensitive data with non-sensitive tokens and stores the original data securely, widely used in payment processing.
Encryption protects data in transit, ensuring sensitive payment information remains secure during transmission.
Incorrect:
Hashing is used for irreversible data protection, not typically for payment processing.
Geofencing restricts access based on location but is not specifically for payment systems.
Which of the following control mechanisms are most commonly used to restrict access to sensitive data? (Choose Two)
A. ACLs (Access Control Lists)
B. RBAC (Role-Based Access Control)
C. Geofencing
D. Masking
Answer:
A. ACLs (Access Control Lists)
B. RBAC (Role-Based Access Control)
Explanation:
Correct:
ACLs define permissions for users to access specific data or perform actions.
RBAC assigns data access based on a user’s role, limiting access to only necessary information.
Incorrect:
Geofencing restricts access based on geographic location, not user permissions.
Masking is a data obfuscation technique, not an access control mechanism.
Which of the following are types of Data Loss Prevention (DLP) systems? (Choose Three)
A. Endpoint DLP System
B. Storage DLP System
C. Identity DLP System
D. Network DLP System
E. Cloud-Based DLP System
Answer:
A. Endpoint DLP System
B. Storage DLP System
D. Network DLP System
Explanation:
A. Endpoint DLP System: Installed on individual workstations or laptops, monitors data in use.
B. Storage DLP System: Installed on servers to inspect data at rest.
D. Network DLP System: Monitors data entering and leaving the network, focusing on data in transit.
C. Identity DLP System is not a recognized DLP system.
E. Cloud-Based DLP System protects data stored in cloud services but is not an option for this question.
Which of the following are primary goals of Data Loss Prevention (DLP) systems? (Choose Two)
A. To prevent unauthorized access to data
B. To monitor data in use, in transit, and at rest
C. To increase data encryption
D. To prevent data theft or loss
Answer:
B. To monitor data in use, in transit, and at rest
D. To prevent data theft or loss
Explanation:
B. Monitoring data in use, in transit, and at rest is the core function of DLP systems.
D. Preventing data theft or loss is the ultimate goal of implementing DLP systems.
A. Unauthorized access prevention is a related goal but not the specific focus of DLP systems.
C. Increasing data encryption may complement DLP but is not the core function.
What type of DLP system would be most appropriate for protecting data at rest, particularly encrypted or watermarked data?
A. Endpoint DLP System
B. Cloud-Based DLP System
C. Storage DLP System
D. Network DLP System
Answer:
C. Storage DLP System
Explanation:
C. Storage DLP System is specifically designed to protect data at rest and can monitor encrypted or watermarked data.
A. Endpoint DLP System focuses on data in use on individual devices.
B. Cloud-Based DLP System is used for cloud data protection.
D. Network DLP System focuses on data in transit across the network.
What is the primary function of a Network DLP system?
A. To monitor data at rest
B. To prevent unauthorized file transfers on workstations
C. To detect and block unauthorized data leaving the network
D. To monitor data usage on cloud services
Answer:
C. To detect and block unauthorized data leaving the network
Explanation:
C. Network DLP System is placed at the perimeter of the network and focuses on monitoring and blocking unauthorized data leaving the network.
A. Storage DLP monitors data at rest.
B. Endpoint DLP focuses on preventing unauthorized file transfers on workstations.
D. Cloud-based DLP protects cloud data.
Which of the following is an advantage of cloud-based DLP systems?
A. They are installed on workstations or laptops
B. They offer protection for data stored in cloud services
C. They monitor data at the network perimeter
D. They can encrypt data stored on physical hard drives
Answer:
B. They offer protection for data stored in cloud services
Explanation:
B. Cloud-based DLP systems protect data stored in cloud services like Google Drive.
A. Endpoint DLP is installed on workstations or laptops.
C. Network DLP monitors data at the network perimeter.
D. Data encryption is typically handled by other security mechanisms.
Which of the following are characteristics of an Endpoint DLP system? (Choose Two)
A. Monitors data in use on individual devices
B. Monitors data entering and leaving the network
C. Can prevent or alert on file transfers based on predefined rules
D. Protects data stored in cloud services
Answer:
A. Monitors data in use on individual devices
C. Can prevent or alert on file transfers based on predefined rules
Explanation:
A. Endpoint DLP monitors data on individual workstations or laptops.
C. It can block or alert admins on file transfers based on policy rules.
B. Network DLP monitors data at the network perimeter.
D. Cloud-based DLP protects data in cloud services, not Endpoint DLP.
Which of the following describes a key concern that Data Loss Prevention (DLP) systems address?
A. Reducing the cost of cloud storage
B. Preventing physical theft of devices
C. Preventing unauthorized access to sensitive data
D. Encrypting files automatically
Answer:
C. Preventing unauthorized access to sensitive data
Explanation:
C. DLP systems focus on preventing unauthorized access, transfer, or loss of sensitive data.
A. Cloud storage cost reduction is not a primary concern of DLP.
B. Preventing physical theft is not the direct responsibility of DLP systems.
D. Encryption is a complementary measure but not the primary function of DLP systems.
