Domain 2 Continued

Question 1

Emails and other freeform text

Answer 1

Unstructured data

Question 2

Example of structured data

Answer 2

Database data - carefully defined

Question 3

Semi-structured data

Answer 3

XML, JSON - structure without tight control

Question 4

A language that allows you to share and store data in sharable manner, supports info exchange b/w websites, 3rd party apps, etc.

Answer 4

XML

Question 5

Data written as name/value pairs, serializes structured data to share over network

Answer 5

JSON

Question 6

What phase of data lifecycle does labeling occur?

Answer 6

Creation and sometimes use as data is modified

Question 7

Why do DLP systems need to be specially configured in cloud environment?

Answer 7

Because encryption for data in transit and in motion could prevent access to data.

Question 8

What can DLP systems use to identify data?

Answer 8

Pattern matching

Question 9

Checking the sequence of tokens for a pattern.

Answer 9

Pattern matching

Question 10

Preventing loss requires understanding:

Answer 10

When data is going somewhere.

Question 11

Source and destination IP address and privileged access are examples of _____.

Answer 11

Common log data

Question 12

What’s the only way to ensure drives and volumes hosted by 3rd party is securely cleared?

Answer 12

Cryptographic erasure or crypto-shredding, couldn’t do physical destruction like degaussing b/c of contract limitations

Question 13

What is it called when you replace data with alternate characters?

Answer 13

Masking

Question 14

What techniques remove data that would allow individuals to be identified?

Answer 14

Anonymization or deidentification

Question 15

Referencing data with a hash, issue is some properties needed for testing can be lost.

Answer 15

Hashing

Question 16

What technique moves data around but leaves it in place to be tested?

Answer 16

Randomization or shuffling

Question 17

CSV files, XML, NoSQL databases, and HTML files

Answer 17

Semi-structured data

Question 18

Allows data to be saved in tabular format, any regular spreadsheet

Answer 18

CSV files

Question 19

Stores data in format other than relational tables.

Answer 19

NoSQL Database

Question 20

Contains data that’s related to other data therein

Answer 20

Relational table

Question 21

Will information about systems being created and destroyed exist on local system?

Answer 21

No

Question 22

syslog, syslog-ng, local logs

Answer 22

Local system logs

Question 23

Does Linux have an application log?

Answer 23

No.

Question 24

T/F: Event and application logs are common for Windows systems

Answer 24

True

Question 25

Are original source IP addresses visible in load-balancer logs?

Answer 25

Yes. Source, destination IP and destination port, and actual query

Question 26

A communication endpoint in networking

Answer 26

Port

Question 27

Can you perform operations on hashed data using strings or numbers?

Answer 27

No, b/c hashing converts variable length data to fixed-length outputs

Question 28

What’s the practice of ensuring important data is stored in more than one place?

Answer 28

Data dispersion. Doesn’t require a specific distance, or deletion of data not in secure storage, and you don’t need to use multiple data sets to access data.

Question 29

What is storage associated with an instance that will be destroyed when instance is shut down?

Answer 29

Ephemeral storage

Question 30

What is storage you have direct access to?

Answer 30

Raw storage. Think hard-drive or SSD

Question 31

What is long-term storage?

Answer 31

Storage that is intended to continue existing.

Question 32

Storage allocated as a virtual drive or device within cloud.

Answer 32

Volume-based storage

Question 33

What’s commonly used to classify data?

Answer 33

Sensitivity, jurisdiction, criticality

Question 34

What’s most helpful in helping DLP systems identify and manage data?

Answer 34

Labels. Classification ok, but not good w/out tags. Hashing ok, but is done by DLP system when needed.

Question 35

Maintaining chain of custody documentation and hashing files to make sure they’re not changed from their original form is commonly done to support _____ ?

Answer 35

nonrepudiation

Question 36

Inadvertent exposure, malicious access, and loss of forensic artifacts are security concerns for _____ storage.

Answer 36

ephemeral

Question 37

T/F: Ephemeral storage is less likely to have remnant data in unallocated or reallocated sectors not normally purged through typical wipe operations

Answer 37

True

Question 38

T/F: Its difficult to perform discovery against unstructured data.

Answer 38

True, b/c it’s unlabeled

Question 39

What does geolocation attempt to identify?

Answer 39

The location of a given IP address

Question 40

What’s the best way to have actual data for testing?

Answer 40

Shuffling. Hashing, randomization, and masking all remove or modify data significantly.

Question 41

T/F: Creation and deletion event logging is supported by object-based filesystems

Answer 41

True

Question 42

What policies include language that address legal holds?

Answer 42

Retention policies

Question 43

What’s the best way to store keys?

Answer 43

Encrypted in a hardware security module or key vault

Question 44

When is an IRM most heavily used to ensure data is not inadvertently exposed or misused?

Answer 44

During sharing

Question 45

Data mapping ______ ________ in _________ to allow them to be integrated.

Answer 45

matches fields, databases

Question 46

T/F: You can add labels to filename.

Answer 46

False, best to add as part of metadata

Question 47

Once a key is lost,

Answer 47

it cannot be recovered and the data should be considered to be lost

Question 48

Can hashing be reveresed?

Answer 48

No

Question 49

Is hashing a form of encryption?

Answer 49

No

Question 50

What data is easiest to perform discovery actions on?

Answer 50

Structured data

Question 51

Can you perform discovery on encrypted data?

Answer 51

No.

Question 52

Which is easier to discover? Unstructured or semi-structured data?

Answer 52

Semi structured

Question 53

A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for any transfers.

Answer 53

Chain of custody

Question 54

Matching fields in databases to allow for data migration.

Answer 54

Data mapping

Question 55

Identify classification levels, assign responsibilities, and define roles

Answer 55

classification policies

Question 56

When’s the best time to label data?

Answer 56

At creation to ensure it can be handled properly through rest of lifecycle. Better to use auto labeling.

Question 57

Would a breach of the token database result in a customer data breach?

Answer 57

No, b/c the actual customer data is stored in a separate database.

Question 58

T/F: Timestamps are time-consuming to check and may be modified when files are copied.

Answer 58

True

Question 59

T/F: Dispersion is the concept of ensuring data is in multiple locations so that a single failure, event, or loss cannot result in the destruction or loss of data.

Answer 59

True

Question 60

What are the data lifecycle stages, in order?

Answer 60

Create - Store - Use - Share - Archive - Destroy

Question 61

T/F: Hashes are one-way functions and cannot be reveresed.

Answer 61

True

Question 62

Hashes generate ______ output from variable-length output.

Answer 62

Fixed length. Identical files will generate identical output.

Question 63

What is it called when two different files generate the same output?

Answer 63

Collision

Question 64

IRM ensures _______ and _______ to data are appropriately managed as data moves around the org and potentially leaves it.

Answer 64

Privileges and access

Question 65

Labeling is done as part of what phase of the data lifecycle?

Answer 65

Creation

Question 66

Provisioning may be done at any time but is often associated with what phase of the data lifecycle?

Answer 66

Use

Question 67

Retention periods, compliance requirements, lifecycle requirements, archiving and retrieval procedures, and data classification are often included in a:

Answer 67

Data retention policy. Not data value.

Question 68

Volume-based storage is allocated as a

Answer 68

Virtual drive or device w/in cloud

Question 69

T/F: SharePoint and Microsoft Office don’t natively support IRM.

Answer 69

False

Question 70

What is the software approach of building, deploying, and managing modern applications in cloud computing environments.

Answer 70

Cloud native

Question 71

What technologies support fast and frequent changes to applications without impacting service delivery, providing adopters with an innovative, competitive advantage.

Answer 71

Cloud native

Question 72

Scanning for sensitive data, classifying data, and mapping data to compliance requirements are cataloging efforts that _____ can help speed up.

Answer 72

Metadata