Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + > Data Protection > Flashcards

Data Protection Flashcards

1.4 - Explain the importance of using appropriate cryptographic solutions 3.3 - Compare and contrast concepts and strategies to protect data 4.2 - Explain the security implications of proper hardware, software, and data asset management 4.4 - Explain security alerting and monitoring concepts and tools 5.1 - Summarize elements of effective security governance

1
Q

Which of the following classification levels is most appropriate for information such as trade secrets or intellectual property?
A. Public
B. Sensitive
C. Confidential
D. Critical

A

Answer: C. Confidential

Explanation: Correct: Confidential classification includes sensitive data like trade secrets, intellectual property, and source code that could harm the business if disclosed. Incorrect Options:
A: Public data has minimal or no impact if disclosed.
B: Sensitive data might cause minimal impact if leaked but is not as critical as confidential information.
D: Critical data holds highly restricted information but is less specific than confidential data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is NOT a commercial business data classification level?
A. Public
B. Sensitive
C. Confidential
D. Top Secret

A

Answer: D. Top Secret

Explanation: Correct: Top Secret is a classification used by government organizations, not commercial businesses. Incorrect Options:
A: Public data is openly accessible without significant impact.
B: Sensitive data can cause minimal harm if disclosed, e.g., financial data.
C: Confidential data is highly sensitive and requires strict access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following classification levels would most likely apply to an organization’s internal employee records, including salaries?
A. Public
B. Sensitive
C. Private
D. Critical

A

Answer: C. Private

Explanation: Correct: Private data is internal, such as employee records, that do not need to be disclosed externally. Incorrect Options:
A: Public data is freely available without significant impact.
B: Sensitive data is for information that would cause minimal damage if released.
D: Critical data is the most highly restricted due to its extreme value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Choose Two) Which of the following types of data could be classified as “Sensitive but Unclassified” in a government organization?
A. Personal medical records
B. Military deployment plans
C. Social Security numbers of citizens
D. Government trade secrets

A

Answer:
A. Personal medical records
C. Social Security numbers of citizens

Explanation: Correct: Sensitive but Unclassified includes data that could harm individuals but not national security, like medical records and personal identifiers. Incorrect Options:
B: Military deployment plans would fall under Secret or Top Secret.
D: Government trade secrets would be classified as Confidential.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is one consequence of over-classifying data within an organization?
A. Improved security at a lower cost
B. Unnecessary resource allocation and increased costs
C. Easier access for all personnel
D. Decreased technical protections

A

Answer:
B. Unnecessary resource allocation and increased costs

Explanation: Correct: Over-classifying data leads to spending excessive time, money, and resources on protection measures. Incorrect Options:
A: Over-classifying leads to higher, not lower, costs.
C: Over-classifying restricts access rather than making it easier.
D: Over-classification actually increases technical protections unnecessarily.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

(Choose Three) Which of the following actions should be included in an organization’s data lifecycle policy?
A. Clearly defined data retention period
B. Detailed destruction process once data is no longer needed
C. Public access to all data after one year
D. Compliance with legal and regulatory requirements
E. Continuous monitoring of data throughout its lifecycle

A

Answer:
A. Clearly defined data retention period
B. Detailed destruction process once data is no longer needed
D. Compliance with legal and regulatory requirements

Explanation: Correct: Data lifecycle policies should define retention periods, include destruction procedures, and comply with legal requirements. Incorrect Options:
C: Public access is not typically part of a controlled data lifecycle unless specified.
E: While monitoring is important, it’s not a direct part of the lifecycle management outlined here.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which government classification level is most likely to include military deployment plans?
A. Confidential
B. Secret
C. Top Secret
D. Sensitive but Unclassified

A

Answer:
B. Secret

Explanation: Correct: Secret classification includes military deployment plans and other sensitive information that could damage national security. Incorrect Options:
A: Confidential information is restricted but not as sensitive as Secret.
C: Top Secret data is even more sensitive than Secret and may involve extremely high-value information.
D: Sensitive but Unclassified does not pose a major national security risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which classification level would be used for data such as publicly available course materials or a company’s public website information?
A. Public
B. Sensitive
C. Private
D. Confidential

A

Answer: A. Public

Explanation: Correct: Public data is openly available and poses no impact on the organization if disclosed. Incorrect Options:
B: Sensitive data has some level of risk if disclosed.
C: Private data is internal and not accessible to the public.
D: Confidential data includes information that could seriously affect the organization if leaked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who is responsible for labeling information assets and ensuring they are protected with appropriate controls?
A. Data Controller
B. Data Processor
C. Data Owner
D. Privacy Officer

A

Answer:
C. Data Owner

Explanation:

Correct: The data owner is a senior executive responsible for labeling information assets and ensuring their protection with appropriate controls.
Incorrect Options:
A: The data controller determines the purposes and methods of data storage and collection.
B: The data processor assists with tasks assigned by the data controller.
D: The privacy officer oversees privacy-related data compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

(Choose Two):
Which roles focus on data quality and enforcing access controls?
A. Data Owner
B. Data Custodian
C. Data Controller
D. Data Steward

A

Answer:
B. Data Custodian
D. Data Steward

Explanation:

Correct:
B: The data custodian enforces access controls, encryption, and backup measures for data.
D: The data steward ensures data quality and appropriate labeling.
Incorrect Options:
A: The data owner focuses on labeling and overall protection controls.
C: The data controller determines data storage, collection, and usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Match the following roles to their responsibilities:

Data Processor
Data Custodian
Privacy Officer
A. Responsible for managing systems storing data assets
B. Assists with data collection and processing under the controller’s direction
C. Ensures compliance with privacy regulations

A

Answer:
1 - B
2 - A
3 - C

Explanation:

Data Processor: Assists the data controller with collection/processing.
Data Custodian: Manages systems for storing and protecting data.
Privacy Officer: Oversees privacy compliance for sensitive data like PII, SPI, and PHI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

(Choose Three):
Which principles are critical for ensuring proper data ownership within an organization?
A. Assigning IT personnel as data owners
B. Selecting knowledgeable department leaders as data owners
C. Maintaining data confidentiality, integrity, and availability
D. Ensuring data minimization and retention policies

A

Answer:
B. Selecting knowledgeable department leaders as data owners
C. Maintaining data confidentiality, integrity, and availability
D. Ensuring data minimization and retention policies

Explanation:

Correct:
B: Data owners should be department leaders who understand the data’s context.
C: Protecting confidentiality, integrity, and availability is a primary goal.
D: Governance includes data minimization and retention policies.
Incorrect Option:
A: IT personnel are better suited as data custodians, not owners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the responsibilities of a data controller?
A. Ensuring encryption of all data assets
B. Deciding purposes and methods for data storage and usage
C. Assisting with data quality assurance
D. Overseeing access controls and recovery measures

A

Answer:
B. Deciding purposes and methods for data storage and usage

Explanation:

Correct: The data controller determines data purposes and methods while ensuring legality.
Incorrect Options:
A: This is a responsibility under encryption management, often handled by custodians.
C: Data stewards focus on data quality.
D: Custodians manage access control and recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which role is responsible for ensuring compliance with regulatory frameworks for sensitive data like PII or PHI?
A. Data Steward
B. Privacy Officer
C. Data Custodian
D. Data Owner

A

Answer:
B. Privacy Officer

Explanation:

Correct: The privacy officer ensures compliance with regulations concerning sensitive data.
Incorrect Options:
A: Stewards focus on data quality and labeling.
C: Custodians manage the systems where data is stored.
D: Owners focus on overall control and classification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the primary responsibility of a data custodian?
A. Alerting stakeholders of potential breaches
B. Managing systems storing data assets
C. Deciding on data retention policies
D. Labeling and classifying data assets

A

Answer:
B. Managing systems storing data assets

Explanation:

Correct: The data custodian enforces access controls, manages encryption, and ensures backup measures.
Incorrect Options:
A: Alerting stakeholders falls under monitoring or incident response teams.
C: Retention policies are often set by the privacy officer.
D: Labeling and classification are handled by stewards or owners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the three states of data in the data lifecycle?
A. Data in Motion, Data at Rest, Data in Use
B. Data in Transition, Data in Storage, Data in Access
C. Data in Use, Data in Rest, Data in Progress
D. Data at Rest, Data in Transit, Data in Use

A

Answer:
D. Data at Rest, Data in Transit, Data in Use

Explanation:

Correct: These are the three recognized states of data: data stored (at rest), moving (in transit), or actively processed (in use).
Incorrect Options:
A: “Data in Motion” is a synonym for “Data in Transit,” but the other terms are incorrect.
B & C: These combinations do not accurately reflect the established states of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following methods can protect data at rest? (Choose Three)
A. Full Disk Encryption (FDE)
B. VPN (Virtual Private Network)
C. Record Encryption
D. Database Encryption
E. SSL/TLS

A

Answer:
A. Full Disk Encryption (FDE)
C. Record Encryption
D. Database Encryption

Explanation:

Correct:
Full Disk Encryption protects the entire storage medium.
Record Encryption secures specific fields in a database.
Database Encryption secures data at the column, row, or table level.
Incorrect Options:
B: VPN secures data in transit, not at rest.
E: SSL/TLS secures communication over networks (data in transit).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which encryption method secures the entire storage medium, ensuring all data is encrypted when the system is off?
A. File Encryption
B. Volume Encryption
C. Full Disk Encryption (FDE)
D. Partition Encryption

A

Answer:
C. Full Disk Encryption (FDE)

Explanation:

Correct: Full Disk Encryption encrypts the entire hard drive, protecting all data when the system is off.
Incorrect Options:
A: File Encryption only encrypts individual files.
B: Volume Encryption applies to selected directories or files.
D: Partition Encryption targets specific partitions, not the whole disk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which two methods are commonly used to secure data in transit? (Choose Two)
A. IPSec
B. Database Encryption
C. Secure Sockets Layer (SSL)
D. Record Encryption

A

Answer:
A. IPSec
C. Secure Sockets Layer (SSL)

Explanation:

Correct:
IPSec secures IP communications through encryption and authentication.
SSL provides secure communication over networks like web browsing and email.
Incorrect Options:
B: Database Encryption secures data at rest.
D: Record Encryption applies to database fields, not data in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which mechanism encrypts data in memory to prevent unauthorized access during processing?
A. Secure Sockets Layer (SSL)
B. INTEL Software Guard
C. Volume Encryption
D. VPN

A

Answer:
B. INTEL Software Guard

Explanation:

Correct: INTEL Software Guard encrypts data in memory, safeguarding it from unauthorized processes.
Incorrect Options:
A: SSL secures data in transit, not in use.
C: Volume Encryption applies to stored data, not actively processed data.
D: VPN protects data in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following are transport encryption protocols?
A. SSL/TLS
B. VPN
C. IPSec
D. All of the above

A

Answer:
D. All of the above

Explanation:

Correct: All options listed (SSL/TLS, VPN, and IPSec) are valid transport encryption protocols used to secure data in transit.

22
Q

Which three of the following are encryption methods specifically used for data at rest? (Choose Three)
A. File Encryption
B. Full Disk Encryption (FDE)
C. IPSec
D. Partition Encryption
E. VPN

A

Answer:
A. File Encryption
B. Full Disk Encryption (FDE)
D. Partition Encryption

Explanation:

Correct: These encryption methods target stored data, securing files, partitions, or the entire disk.
Incorrect Options:
C: IPSec is used for data in transit.
E: VPN creates secure connections for data in transit.

23
Q

Why is it essential to understand the three data states (data at rest, data in transit, and data in use)?
A. To implement specific security measures for each state
B. To enhance the user experience of network applications
C. To optimize data storage efficiency
D. To replace encryption protocols with less complex methods

A

nswer:
A. To implement specific security measures for each state

Explanation:

Correct: Different data states require tailored security measures to protect against unique threats.
Incorrect Options:
B: Security measures do not directly influence user experience.
C: Data state understanding focuses on security, not storage efficiency.
D: Encryption protocols remain critical for securing data.

24
Q

Which of the following are examples of regulated data? (Choose Three)
A. PII
B. PHI
C. Trade Secrets
D. Financial Information
E. Intellectual Property

A

Answer: A, B, D

Explanation:

Correct:
A: PII (Personal Identification Information) is regulated by laws to ensure individual privacy.
B: PHI (Protected Health Information) is regulated under laws such as HIPAA in the U.S.
D: Financial Information is subject to regulations like PCI DSS to protect against fraud.
Incorrect:
C: Trade Secrets are confidential business information but are not directly regulated by law like PII or PHI.
E: Intellectual Property is protected by patents, copyrights, and trademarks, not by data-specific regulations.

25
Q

What are the two key regulations associated with regulated data in the U.S. and the European Union?
A. GDPR
B. PCI DSS
C. HIPAA
D. DMCA

A

Answer: A, C

Explanation:

Correct:
A: GDPR (General Data Protection Regulation) applies in the European Union and governs personal data privacy.
C: HIPAA (Health Insurance Portability and Accountability Act) governs PHI in the U.S.
Incorrect:
B: PCI DSS applies to financial data security but is not a general data privacy regulation.
D: DMCA relates to intellectual property rights, not regulated data.

26
Q

Which type of data includes manufacturing processes and proprietary software, providing a competitive edge to organizations?
A. Trade Secrets
B. PII
C. Legal Information
D. Intellectual Property

A

Answer: A

Explanation:

Correct:
A: Trade Secrets include confidential business information like manufacturing processes and proprietary software.
Incorrect:
B: PII is personal information identifying individuals.
C: Legal Information relates to legal proceedings or contracts.
D: Intellectual Property covers creations like inventions, not business strategies.

27
Q

Which two types of data require specific software or machines to interpret?
A. PHI
B. Trade Secrets
C. Non-Human-Readable Data
D. Human-Readable Data

A

Answer: C, D

Explanation:

Correct:
C: Non-Human-Readable Data includes binary code or machine language, requiring software for interpretation.
D: Human-Readable Data, like text documents, is understandable directly without machines.
Incorrect:
A: PHI does not relate to machine-readable formats.
B: Trade Secrets do not specify readability.

28
Q

What is the importance of protecting intellectual property (IP)?
A. Encourages innovation and creativity
B. Prevents identity theft
C. Maintains legal privilege
D. Provides insight into business operations

A

Answer: A

Explanation:

Correct:
A: Protecting IP encourages innovation by safeguarding inventions, artistic works, and designs.
Incorrect:
B: Preventing identity theft applies to protecting PII or financial data.
C: Maintaining legal privilege is relevant to legal information.
D: Insights into business operations relate to data analytics, not IP.

29
Q

What are the benefits of proper classification and security of data types? (Choose Three)
A. Protect valuable assets
B. Comply with regulations
C. Prevent data readability
D. Maintain reputation and trust

A

Answer: A, B, D

Explanation:

Correct:
A: Protecting assets ensures that confidential data remains secure.
B: Compliance with regulations avoids penalties and maintains legal integrity.
D: Trust is maintained with customers and partners through secure practices.
Incorrect:
C: Preventing data readability is not a benefit; accessibility depends on need and format.

30
Q

Match the following data types with their corresponding regulations:

1- PII
2- PHI
3- Financial Information
A. PCI DSS
B. HIPAA
C. GDPR

A

Answer:
1 - C
2 - B
3 - A

Explanation:

PII (C): GDPR regulates personal data in the EU.
PHI (B): HIPAA governs protected health information in the U.S.
Financial Information (A): PCI DSS ensures secure handling of payment data.

31
Q

Which type of data includes sales records and tax documents and is targeted by cybercriminals for fraud?
A. Intellectual Property
B. Legal Information
C. Financial Information
D. Non-Human-Readable Data

A

Answer: C

Explanation:

Correct:
C: Financial Information includes sales records, invoices, and tax documents and is a target for fraud and theft.
Incorrect:
A: Intellectual Property relates to inventions or designs.
B: Legal Information pertains to legal proceedings.
D: Non-Human-Readable Data refers to machine-readable formats.

32
Q

Which of the following are examples of data protection regulations that may influence an organization’s cryptographic strategies? (Choose Two)
A. GDPR
B. TLS
C. Data Sovereignty
D. AES

A

Answer:
A. GDPR
C. Data Sovereignty

Explanation:

A. GDPR: The General Data Protection Regulation imposes strict rules on the protection of personal data, influencing cryptographic solutions like encryption for data protection.
C. Data Sovereignty: This refers to the requirement that data is subject to the laws of the country it resides in, which can dictate the use of specific cryptographic measures.
B. TLS: While TLS is a cryptographic protocol for securing data in transit, it is not a data protection regulation.
D. AES: AES is a cryptographic algorithm, not a regulation.

33
Q

What are the geographical considerations that impact data protection and can complicate compliance for multinational companies? (Choose Three)
A. GDPR
B. Access Restrictions
C. Data Sovereignty Laws
D. GDPR Fines
E. Cloud Storage Location

A

Answer:
A. GDPR
C. Data Sovereignty Laws
E. Cloud Storage Location

Explanation:

A. GDPR: Imposes data protection requirements within EU/EEA borders, affecting companies globally.
C. Data Sovereignty Laws: Countries like China and Russia require data to be stored and processed within their borders, impacting international companies.
E. Cloud Storage Location: The physical location of cloud storage can determine which regulations apply, which is a critical factor in data protection strategies.
B. Access Restrictions: While important, access restrictions are not directly related to geographical concerns about data protection.
D. GDPR Fines: Fines are consequences of non-compliance, but not a geographical consideration.

34
Q

How does proper data asset management relate to data sovereignty and its geographical implications?
A. It ensures that data is stored in compliance with local laws
B. It helps avoid data being stored in regions with stricter laws
C. It ensures that cloud services restrict access to multiple locations
D. It reduces the cost of data storage

A

Answer:
A. It ensures that data is stored in compliance with local laws
B. It helps avoid data being stored in regions with stricter laws

Explanation:

A. Ensuring data is stored in compliance with local laws is a key part of managing data assets in accordance with data sovereignty requirements.
B. Avoiding storage in regions with stricter laws ensures organizations don’t face legal challenges due to non-compliance with regulations like GDPR or national sovereignty laws.
C. Access restrictions are important for security but don’t directly relate to data asset management in terms of geographical storage compliance.
D. Reducing storage cost is unrelated to data sovereignty.

35
Q

Which of the following are crucial aspects of managing data in compliance with data sovereignty laws? (Choose Two)
A. Knowledge of data center locations
B. Cloud service encryption protocols
C. Understanding cross-border data flow restrictions
D. Monitoring access from multiple geographic locations

A

Answer:
A. Knowledge of data center locations
C. Understanding cross-border data flow restrictions

Explanation:

A. Knowledge of data center locations: Knowing where your data is physically stored is crucial to comply with data sovereignty laws.
C. Understanding cross-border data flow restrictions: This is necessary to prevent illegal transfer of data across borders, which could violate data protection laws.
B. Cloud service encryption protocols: While important for protecting data, they are not directly related to data sovereignty laws.
D. Monitoring access from multiple geographic locations: While it is important for security, this is more about access control rather than data sovereignty compliance.

36
Q

Which of the following are elements of effective security governance when addressing data sovereignty and privacy regulations? (Choose Two)
A. Legal guidance
B. Cloud-based access control
C. Regular data encryption updates
D. Strategic use of technology

A

Answer:
A. Legal guidance
D. Strategic use of technology

Explanation:

A. Legal guidance: Ensuring that data management complies with local laws and regulations is crucial for governance in the context of data sovereignty.
D. Strategic use of technology: Organizations must use technology wisely to navigate complex data sovereignty laws and maintain compliance.
B. Cloud-based access control: While relevant for security governance, it’s not specific to data sovereignty.
C. Regular data encryption updates: This is important for overall security but does not directly relate to governance for data sovereignty compliance.

37
Q

Which of the following are methods of securing data that involve transforming or replacing sensitive information? (Choose Two)

A. Encryption
B. Hashing
C. Tokenization
D. Segmentation

A

Answer:
A. Encryption
C. Tokenization

Explanation:

Correct:

Encryption transforms plaintext into ciphertext using algorithms and keys to protect data at rest and in transit.
Tokenization replaces sensitive data with non-sensitive tokens, where the original data is stored securely in a separate database.
Incorrect:

Hashing is a one-way function that converts data into a fixed-size hash value and cannot be reversed.
Segmentation involves dividing a network into segments to enhance security, but does not transform data directly.

38
Q

Which of the following security techniques is most commonly used for password storage?
A. Masking
B. Hashing
C. Encryption
D. Obfuscation

A

Answer:
B. Hashing

Explanation:

Correct:
Hashing is a one-way function used for storing passwords securely, ensuring the original password cannot be recovered.

Incorrect Options:

Masking replaces some or all data with placeholders but is not used for password storage.
Encryption can be used for protecting data, but it’s reversible with a decryption key, unlike hashing.
Obfuscation makes data unclear or unintelligible but is not a typical method for storing passwords securely.

39
Q

What are the three main benefits of implementing segmentation in a network? (Choose Three)

A. Prevents lateral movement during a breach
B. Encrypts sensitive data
C. Limits the damage caused by a breach
D. Allows for separate security controls for each segment

A

Answer:
A. Prevents lateral movement during a breach
C. Limits the damage caused by a breach
D. Allows for separate security controls for each segment

Explanation:

Correct:

Segmentation divides a network into separate segments, preventing lateral movement during a breach, limiting damage, and allowing tailored security for each segment.
Incorrect:

Encryption protects data, but it’s not a direct benefit of segmentation.

40
Q

Which of the following data protection techniques are irreversible methods for de-identifying sensitive data? (Choose Two)

A. Encryption
B. Tokenization
C. Masking
D. Hashing

A

Answer:
C. Masking
D. Hashing

Explanation:

Correct:

Masking replaces sensitive data with placeholders and cannot be reversed, making it an irreversible de-identification method.
Hashing is an irreversible process that converts data into a fixed-size hash and cannot be converted back to its original form.
Incorrect:

Encryption is reversible with the decryption key.
Tokenization replaces sensitive data with tokens, but the original data can be retrieved from a separate secure database.

41
Q

Which of the following methods are used to restrict data access based on location?
A. Geofencing
B. Masking
C. Segmentation
D. Encryption

A

Answer:
A. Geofencing

Explanation:

Correct:

Geofencing involves setting up virtual boundaries to restrict data access based on geographic location, often used to comply with data sovereignty laws.
Incorrect Options:

Masking and Encryption are data protection techniques, not methods for restricting access based on location.
Segmentation divides networks into secure segments, unrelated to geographic access control.

42
Q

Which of the following techniques are used for protecting sensitive information in payment processing systems? (Choose Two)

A. Hashing
B. Tokenization
C. Encryption
D. Geofencing

A

Answer:
B. Tokenization
C. Encryption

Explanation:

Correct:

Tokenization replaces sensitive data with non-sensitive tokens and stores the original data securely, widely used in payment processing.
Encryption protects data in transit, ensuring sensitive payment information remains secure during transmission.
Incorrect:

Hashing is used for irreversible data protection, not typically for payment processing.
Geofencing restricts access based on location but is not specifically for payment systems.

43
Q

Which of the following control mechanisms are most commonly used to restrict access to sensitive data? (Choose Two)

A. ACLs (Access Control Lists)
B. RBAC (Role-Based Access Control)
C. Geofencing
D. Masking

A

Answer:
A. ACLs (Access Control Lists)
B. RBAC (Role-Based Access Control)

Explanation:

Correct:

ACLs define permissions for users to access specific data or perform actions.
RBAC assigns data access based on a user’s role, limiting access to only necessary information.
Incorrect:

Geofencing restricts access based on geographic location, not user permissions.
Masking is a data obfuscation technique, not an access control mechanism.

44
Q

Which of the following are types of Data Loss Prevention (DLP) systems? (Choose Three)

A. Endpoint DLP System
B. Storage DLP System
C. Identity DLP System
D. Network DLP System
E. Cloud-Based DLP System

A

Answer:
A. Endpoint DLP System
B. Storage DLP System
D. Network DLP System

Explanation:

A. Endpoint DLP System: Installed on individual workstations or laptops, monitors data in use.
B. Storage DLP System: Installed on servers to inspect data at rest.
D. Network DLP System: Monitors data entering and leaving the network, focusing on data in transit.
C. Identity DLP System is not a recognized DLP system.
E. Cloud-Based DLP System protects data stored in cloud services but is not an option for this question.

45
Q

Which of the following are primary goals of Data Loss Prevention (DLP) systems? (Choose Two)

A. To prevent unauthorized access to data
B. To monitor data in use, in transit, and at rest
C. To increase data encryption
D. To prevent data theft or loss

A

Answer:
B. To monitor data in use, in transit, and at rest
D. To prevent data theft or loss

Explanation:

B. Monitoring data in use, in transit, and at rest is the core function of DLP systems.
D. Preventing data theft or loss is the ultimate goal of implementing DLP systems.
A. Unauthorized access prevention is a related goal but not the specific focus of DLP systems.
C. Increasing data encryption may complement DLP but is not the core function.

46
Q

What type of DLP system would be most appropriate for protecting data at rest, particularly encrypted or watermarked data?

A. Endpoint DLP System
B. Cloud-Based DLP System
C. Storage DLP System
D. Network DLP System

A

Answer:
C. Storage DLP System

Explanation:

C. Storage DLP System is specifically designed to protect data at rest and can monitor encrypted or watermarked data.
A. Endpoint DLP System focuses on data in use on individual devices.
B. Cloud-Based DLP System is used for cloud data protection.
D. Network DLP System focuses on data in transit across the network.

47
Q

What is the primary function of a Network DLP system?

A. To monitor data at rest
B. To prevent unauthorized file transfers on workstations
C. To detect and block unauthorized data leaving the network
D. To monitor data usage on cloud services

A

Answer:
C. To detect and block unauthorized data leaving the network

Explanation:

C. Network DLP System is placed at the perimeter of the network and focuses on monitoring and blocking unauthorized data leaving the network.
A. Storage DLP monitors data at rest.
B. Endpoint DLP focuses on preventing unauthorized file transfers on workstations.
D. Cloud-based DLP protects cloud data.

48
Q

Which of the following is an advantage of cloud-based DLP systems?

A. They are installed on workstations or laptops
B. They offer protection for data stored in cloud services
C. They monitor data at the network perimeter
D. They can encrypt data stored on physical hard drives

A

Answer:
B. They offer protection for data stored in cloud services

Explanation:

B. Cloud-based DLP systems protect data stored in cloud services like Google Drive.
A. Endpoint DLP is installed on workstations or laptops.
C. Network DLP monitors data at the network perimeter.
D. Data encryption is typically handled by other security mechanisms.

49
Q

Which of the following are characteristics of an Endpoint DLP system? (Choose Two)

A. Monitors data in use on individual devices
B. Monitors data entering and leaving the network
C. Can prevent or alert on file transfers based on predefined rules
D. Protects data stored in cloud services

A

Answer:
A. Monitors data in use on individual devices
C. Can prevent or alert on file transfers based on predefined rules

Explanation:

A. Endpoint DLP monitors data on individual workstations or laptops.
C. It can block or alert admins on file transfers based on policy rules.
B. Network DLP monitors data at the network perimeter.
D. Cloud-based DLP protects data in cloud services, not Endpoint DLP.

50
Q

Which of the following describes a key concern that Data Loss Prevention (DLP) systems address?

A. Reducing the cost of cloud storage
B. Preventing physical theft of devices
C. Preventing unauthorized access to sensitive data
D. Encrypting files automatically

A

Answer:
C. Preventing unauthorized access to sensitive data

Explanation:

C. DLP systems focus on preventing unauthorized access, transfer, or loss of sensitive data.
A. Cloud storage cost reduction is not a primary concern of DLP.
B. Preventing physical theft is not the direct responsibility of DLP systems.
D. Encryption is a complementary measure but not the primary function of DLP systems.

CompTIA Security + (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions