Data Security Standards

Question 1

What prevents drones from operating in no-fly zones?
A. The operator
B. Firmware
C. Restricting chip
D. Control range

Answer 1

B. Firmware.
Firmware is the software embedded in a device’s hardware, and in the case of drones, it can be programmed to restrict flight in certain areas, including no-fly zones. This restriction is often implemented through geofencing, which uses GPS coordinates to define boundaries that the drone cannot cross.

Question 2

Which data sensitivity regulation applies to European Union citizen’s private data?
A. PCI DSS
B. PIPEDA
C. HIPAA
D. GDPR

Answer 2

D. GDPR.
The GDPR (General Data Protection Regulation) is the primary data protection law in the European Union.
It applies to any organization, regardless of location, that processes personal data of EU residents. This includes collecting, storing, using, and sharing such data.

Question 3

You would like to enforce data loss prevention policies on user stations running word processor and spreadsheet programs. What should you do?
A. Run the programs centrally from a server
B. Install and configure DLP agents on client devices
C. Nothing; DLP policies only work with cloud programs
D. Set the policies to “enforce”

Answer 3

B. Install and configure DLP agents on client devices.
DLP agents are software components installed on client devices that monitor user activity, such as file transfers, email, and web browsing. They can be configured to identify sensitive data and prevent its unauthorized transfer or disclosure. By installing and configuring DLP agents on user stations running word processor and spreadsheet programs, you can effectively enforce data loss prevention policies on these devices.

Question 4

Which AWS service is used for data discovery and classification?
A. S3
B. Macie
C. EC2
D. GuardDuty

Answer 4

B. Macie.
Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in
AWS. It can identify sensitive data such as personally identifiable information (PII) or intellectual property and provides visibility into how this data is being accessed or stored.

Question 5

Which data privacy regulation is directly related to the medical industry?
A. PIPEDA
B. HIPAA
C. GDPR
D. PCI DSS

Answer 5

B. HIPAA.
HIPAA (Health Insurance Portability and Accountability Act) is a US law specifically designed to protect the privacy and security of individuals’ health information. It applies to healthcare providers, health insurers, and healthcare clearinghouses.

Question 6

Which data security standard applies to cardholder data?
A. GDPR
B. PIPEDA
C. HIPAA
D. PCI DSS

Answer 6

D. PCI DSS.
PCI DSS (Payment Card Industry Data Security Standard) is specifically designed to protect cardholder data.
It sets security standards for organizations that process, store, or transmit cardholder data.

Question 7

Your organization is collecting information regarding political party affiliations for government statistic purposes. Which type of data is this?
A. PII
B. PHI
C. PCI
D. SPI

Answer 7

D. SPI
(Sensitive Personal Information) is the correct term for data that reveals specific information about an individual’s attributes, such as political affiliation, religious beliefs, or sexual orientation. This type of data often requires additional layers of protection due to its potential for harm if exposed.

Question 8

You have installed Microsoft File Server Resource Manager on a Windows server. You would like to search for PII and set a flag to “Yes” or “No” when PII is detected. What is the first thing you should do?
A. Set a classification schedule
B. Create a local property
C. Set permissions for file scanning
D. Run the classification rule

Answer 8

B. Create a local property.
Creating a local property will allow you to define a new property, such as “PII Detected,” which can be used to flag files that contain PII. Once this property is created, you can then create a classification rule to automatically scan files and set the property value based on specific criteria.

Create a local property:
Open the File Server Resource Manager console.
Navigate to the “Classification Management” node.
Right-click on “Local Properties” and select “New Local Property.”
Define the property name (e.g., “PII Detected”) and its data type (e.g., Boolean).
Create a classification rule:
Right-click on “Classification Rules” and select “New Classification Rule.”
Define the rule’s name and description.
Set the conditions for the rule to trigger. This might involve using keywords, regular expressions, or other criteria to identify PII.
If the conditions are met, set the “PII Detected” property to “Yes.”
Test the rule to ensure it works as expected.
Schedule the classification rule:

Right-click on the classification rule and select “Properties.”
Configure the schedule for the rule to run automatically.

Question 9

You are reviewing the Amazon Web Services S3 Bucket SLA. Which metric is used to determine whether service credits will be awarded to customers?
A. Monthly uptime percentage
B. Daily uptime in seconds
C. % CPU utilization
D. Storage capacity

Answer 9

A. Monthly uptime percentage.
AWS S3’s Service Level Agreement (SLA) is based on the monthly uptime percentage. If S3’s uptime falls below the specified threshold (typically 99.9%), AWS will provide service credits to customers.

1