SecPlusP1

Question 1

How many domains does the CompTIA Security+ (SY0-701) certification exam consist of?

Answer 1

Five

Question 2

What should you be on the lookout for during the exam?

Answer 2

Distractors or red herrings

Question 3

What is the approach to cybersecurity in the real world?

Answer 3

Situational

Question 4

What is the definition of information security?

Answer 4

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Question 5

What is the definition of information systems security?

Answer 5

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data

Question 6

What are the three components of the CIA Triad?

Answer 6

Confidentiality, Integrity, Availability

Question 7

What does confidentiality ensure?

Answer 7

Information is accessible only to authorized personnel (e.g., encryption)

Question 8

What does integrity ensure?

Answer 8

Data remains accurate and unaltered (e.g., checksums)

Question 9

What does availability ensure?

Answer 9

Information and resources are accessible when needed (e.g., redundancy measures)

Question 10

What does non-repudiation guarantee?

Answer 10

An action or event cannot be denied by the involved parties (e.g., digital signatures)

Question 11

What is an extension of the CIA triad with the addition of non-repudiation and authentication?

Answer 11

CIANA Pentagon

Question 12

What are the Triple A’s of Security?

Answer 12

Authentication, Authorization, Accounting

Question 13

What are the four categories of security controls?

Answer 13

Technical, Managerial, Operational, Physical

Question 14

What are the different types of security controls? (DDDCCP)

Answer 14

Preventative, Deterrent, Detective, Corrective, Compensating, Directive

Question 15

What principle does the Zero Trust Model operate on?

Answer 15

No one should be trusted by default

Question 16

What are the two components of achieving zero trust?

Answer 16

Control Plane and Data Plane

Question 17

What are the components of the Control Plane?

Answer 17

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones

Question 18

What are the components of the Data Plane?

Answer 18

1. Subject/system
2. policy engine
3. policy administrator
4. establishing policy enforcement points (PEP)

Question 19

What is a threat?

Answer 19

Anything that could cause harm, loss, damage, or compromise to our information technology systems

Question 20

What are some sources of threats?

Answer 20

Natural disasters, cyber-attacks, data integrity breaches, disclosure of confidential information

Question 21

What is a vulnerability?

Answer 21

Any weakness in the system design or implementation

Question 22

What are some internal factors that can create vulnerabilities?

Answer 22

Software bugs, misconfigured software, improperly protected network devices, missing security patches, lack of physical security

Question 23

Where does the risk to enterprise systems and networks lie?

Answer 23

Where threats and vulnerabilities intersect

Question 24

What happens if there is a threat but no matching vulnerability?

Answer 24

There is no risk

Question 25

What happens if there is a vulnerability but no threat against it?

Answer 25

There is no risk

Question 26

What is the goal of risk management?

Answer 26

To minimize the likelihood of an outcome and achieve the desired outcome

Question 27

What does confidentiality refer to?

Answer 27

Protection of information from unauthorized access and disclosure

Question 28

Why is confidentiality important?

Answer 28

Protect personal privacy, maintain business advantage, achieve regulatory compliance

Question 29

What is encryption?

Answer 29

Converting data into a code to prevent unauthorized access

Question 30

What are access controls?

Answer 30

Setting up strong user permissions to restrict data access

Question 31

What is data masking?

Answer 31

Obscuring specific data within a database

Question 32

What is the purpose of physical security measures?

Answer 32

To ensure confidentiality for both physical and digital data

Question 33

What is the importance of training and awareness in security?

Answer 33

To promote security awareness best practices among employees

Question 34

What is the role of integrity in data security?

Answer 34

To ensure accuracy and trustworthiness of data

Question 35

Why is integrity important?

Answer 35

Data accuracy, trust, system operability

Question 36

What is hashing?

Answer 36

Converting data into a fixed-size value

Question 37

How many reasons are there for the importance of integrity?

Answer 37

Three

Question 38

What is the purpose of digital signatures?

Answer 38

Ensure both integrity and authenticity

Question 39

What is the purpose of checksums?

Answer 39

Method to verify the integrity of data during transmission

Question 40

What is the purpose of access controls?

Answer 40

Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations

Question 41

What is the purpose of regular audits?

Answer 41

Review logs and operations to ensure authorized changes and address discrepancies

Question 42

What is the purpose of availability in security?

Answer 42

Ensure information, systems, and resources are accessible and operational when needed by authorized users

Question 43

What is the value of availability in cybersecurity?

Answer 43

Ensuring Business Continuity, Maintaining Customer Trust, Upholding an Organization’s Reputation

Question 44

What is the best strategy to overcome challenges associated with maintaining availability?

Answer 44

Using redundancy in systems and network designs

Question 45

What is server redundancy?

Answer 45

Using multiple servers in a load balanced or failover configuration.

Question 46

What is data redundancy?

Answer 46

Storing data in multiple places.

Question 47

What is network redundancy?

Answer 47

Ensuring data can travel through another route if one network path fails.

Question 48

What is power redundancy?

Answer 48

Using backup power sources like generators and UPS systems.

Question 49

What is non-repudiation?

Answer 49

Providing undeniable proof in digital transactions.

Question 50

What is a digital signature?

Answer 50

Unique to each user operating within the digital domain

Question 51

How is a digital signature created?

Answer 51

By hashing the message and encrypting the hash digest with the user’s private key

Question 52

What are the three main reasons non-repudiation is important?

Answer 52

Confirm authenticity, ensure integrity, provide accountability

Question 53

What is authentication?

Answer 53

Ensuring individuals are who they claim to be

Question 54

What are the five commonly used authentication methods?

Answer 54

Knowledge, possession, inherence, action, location

Question 55

What is multi-factor authentication (MFA)?

Answer 55

Security process that requires multiple methods of identification

Question 56

What is the importance of authentication?

Answer 56

1. To prevent unauthorized access
2. To protect user data and privacy
3. To ensure that resources are accessed by valid users only

Question 57

What is the purpose of authorization?

Answer 57

Pertains to the permissions and privileges granted to users or entities after they have been authenticated

Question 58

Why are authorization mechanisms important?

Answer 58

1. To protect sensitive data
2. To maintain system integrity
3. To create a more streamlined user experience

Question 59

What is the purpose of accounting?

Answer 59

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded

Question 60

Why should your organization use a robust accounting system?

Answer 60

To create an audit trail and maintain regulatory compliance

Question 61

What is the purpose of conducting forensic analysis?

Answer 61

Understand what happened, how it happened, and how to prevent similar incidents

Question 62

How can organizations optimize system performance and minimize costs?

Answer 62

Track resource utilization and allocation decisions

Question 63

Why is user accountability important?

Answer 63

Deter potential misuse and promote adherence to policies

Question 64

What are some technologies used for accounting?

Answer 64

Syslog Servers, Network Analysis Tools, Security Information and Event Management (SIEM) Systems

Question 65

What are the 4 broad categories of security controls?

Answer 65

Technical Controls, Managerial Controls, Operational Controls, Physical Controls

Question 66

What are technical controls?

Answer 66

Technologies, hardware, and software mechanisms to manage and reduce risks

Question 67

What are managerial controls?

Answer 67

Strategic planning and governance side of security

Question 68

What are operational controls?

Answer 68

Procedures and measures to protect data on a day-to-day basis

Question 69

What are physical controls?

Answer 69

Tangible, real-world measures to protect assets

Question 70

What are the 6 basic types of security controls?

Answer 70

Preventive, Deterrent, Detective

Question 71

What are preventive controls?

Answer 71

Proactive measures to thwart threats

Question 72

What are deterrent controls?

Answer 72

Measures to discourage attackers

Question 73

What are detective controls?

Answer 73

Monitoring and alerting to malicious activities

Question 74

What are corrective controls?

Answer 74

Mitigate potential damage and restore systems

Question 75

What are compensating controls?

Answer 75

Alternative measures when primary controls are not feasible or effective

Question 76

What are directive controls?

Answer 76

Guide, inform or mandate actions

Question 77

What is gap analysis?

Answer 77

Evaluating differences between current and desired performance

Question 78

What is a gap analysis?

Answer 78

Tool for organizations to improve operations

Question 79

What are the steps involved in conducting a gap analysis?

Answer 79

Define scope, Gather data, Analyze data, Develop a plan

Question 80

What is the purpose of gathering data in a gap analysis?

Answer 80

To understand the current state of the organization

Question 81

Why is analyzing data important in a gap analysis?

Answer 81

To identify areas of improvement

Question 82

What is the final step in conducting a gap analysis?

Answer 82

Developing a plan to bridge the gap

Question 83

What are the 2 basic types of gap analysis?

Answer 83

Technical and Business

Question 84

What is technical gap analysis?

Answer 84

Evaluation of current technical infrastructure

Question 85

What is business gap analysis?

Answer 85

Evaluation of current business processes

Question 86

What does a Plan of Action and Milestones (POA&M) outline?

Answer 86

Specific measures to address vulnerabilities and timelines for remediation tasks

Question 87

What is Zero Trust?

Answer 87

Demanding verification for every device, user, and transaction within the network

Question 88

What is the control plane?

Answer 88

The framework and components responsible for defining, managing, and enforcing access policies

Question 89

What is adaptive identity?

Answer 89

Real-time validation considering user’s behavior, device, location, etc.

Question 90

What is threat scope reduction?

Answer 90

Limits users’ access

Question 91

What is policy-driven access control?

Answer 91

Enforcing user access policies

Question 92

What are secured zones?

Answer 92

Isolated environments for sensitive data

Question 93

What is the data plane?

Answer 93

Ensures proper execution of policies

The data plane forwards network traffic, applying security measures like firewalls and encryption.

Question 94

Who/what is a subject/system?

Answer 94

Individual/entity attempting access

Question 95

What is the role of the Policy Engine?

Answer 95

Cross-references the access request with its predefined policies

Question 96

What is the role of the Policy Administrator?

Answer 96

Establish and manage the access policies

Question 97

What happens at the Policy Enforcement Point?

Answer 97

Execution of the decision to grant or deny access

Question 98

What are the common motivations for threat actors?

Answer 98

Data exfiltration, blackmail, espionage, service disruption, financial gain

Question 99

What are the differences between internal and external threat actors?

Answer 99

Resources, funding, level of sophistication

Question 100

What are the types of threat actors?

Answer 100

Unskilled attackers

Question 101

What are hacktivists driven by?

Answer 101

political, social, or environmental ideologies

Question 102

What is the motivation behind organized crime cyberattacks?

Answer 102

financial gain

Question 103

Who sponsors highly skilled attackers for cyber espionage or warfare?

Answer 103

governments

Question 104

What are insider threats?

Answer 104

security threats originating from within the organization

Question 105

What is shadow IT?

Answer 105

IT systems, devices, software, or services managed without explicit organizational approval

Question 106

What are some threat vectors and attack surfaces?

Answer 106

message-based, image-based, file-based, voice calls, removable devices, unsecured networks

Question 107

What are honeypots?

Answer 107

decoy systems to attract and deceive attackers

Question 108

What are honeynets?

Answer 108

network of decoy systems for observing complex attacks

Question 109

What are honeyfiles?

Answer 109

decoy files to detect unauthorized access or data breaches

Question 110

What are honeytokens?

Answer 110

Fake data used to alert administrators when accessed or used

Question 111

What is the difference between threat actors’ intent and motivation?

Answer 111

Intent is the specific objective or goal, motivation is the underlying reason or driving force

Question 112

What are some motivations behind threat actors?

Answer 112

Data exfiltration, financial gain, blackmail, service disruption

Question 113

What is data exfiltration?

Answer 113

Unauthorized transfer of data from a computer

Question 114

How do threat actors achieve financial gain?

Answer 114

Through ransomware attacks and banking trojans

Question 115

What is blackmail in the context of threat actors?

Answer 115

Obtaining sensitive information and threatening to release it unless demands are met

Question 116

Why do some threat actors aim to disrupt services?

Answer 116

To cause chaos, make a political statement, or demand a ransom

Question 117

What is hacktivism?

Answer 117

Attacks conducted due to philosophical or political beliefs

Question 118

What motivates ethical hackers?

Answer 118

Desire to improve security

Question 119

What can be a motivation for a threat actor?

Answer 119

Revenge

Question 120

What is the motivation behind creating and spreading malware or launching cyberattacks in a populated city?

Answer 120

Disruption or Chaos

Question 121

What is the purpose of espionage in the context of cybersecurity?

Answer 121

Gathering sensitive or classified information

Question 122

How can cyber warfare be used?

Answer 122

To disrupt infrastructure, compromise national security, and cause economic damage

Question 123

What are the two most basic attributes of a threat actor?

Answer 123

Internal and external

Question 124

Who are internal threat actors?

Answer 124

Individuals or entities within an organization

Question 125

What are external threat actors?

Answer 125

Individuals or groups outside an organization who attempt to breach its cybersecurity defenses

Question 126

What factors determine the level of sophistication of a threat actor?

Answer 126

Resources, funding, tools, skills, and personnel

Question 127

What is a script kiddie?

Answer 127

An individual with limited technical knowledge who uses pre-made software or scripts to exploit computer systems and networks

Question 128

What are examples of highly skilled threat actors?

Answer 128

Nation-state actors and Advanced Persistent Threats

Question 129

How do unskilled attackers cause damage?

Answer 129

Launch a DDoS attack

Question 130

What is website defacement?

Answer 130

Form of electronic graffiti and is usually treated as an act of vandalism

Question 131

What are distributed denial of service (DDoS) attacks?

Answer 131

Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by legitimate users

Question 132

What is doxing?

Answer 132

Involves the public release of private information about an individual or organization

Question 133

What is the motivation behind hacktivists?

Answer 133

Ideological beliefs rather than financial gain

Question 134

What is the name of the most well-known hacktivist group?

Answer 134

Anonymous

Question 135

What is the objective of Anonymous?

Answer 135

Target organizations they perceive as unethical

Question 136

What are organized cybercrime groups?

Answer 136

Collective criminal activities in the digital world

Question 137

What are some advanced hacking techniques and tools used by organized crime groups?

Answer 137

Custom Malware, Ransomware, Sophisticated Phishing Campaigns

Question 138

What are some illicit activities engaged in by organized crime groups to generate revenue?

Answer 138

Data Breaches, Identity Theft, Online Fraud, Ransomware Attacks

Question 139

Are organized cybercrime groups driven by ideological or political objectives?

Answer 139

No

Question 140

Who may hire organized cybercrime groups to conduct cyber operations and attacks on their behalf?

Answer 140

Other entities, including governments

Question 141

What is the objective of attacks by nation-state actors?

Answer 141

Money

Question 142

What is a nation-state actor?

Answer 142

Groups or individuals sponsored by a government to conduct cyber operations against others

Question 143

What is a false flag attack?

Answer 143

An attack that appears to originate from a different source or group

Question 144

What are some techniques used by nation-state actors in cyber operations?

Answer 144

Creating custom malware, using zero-day exploits, becoming an advanced persistent threat

Question 145

What is an advanced persistent threat (APT)?

Answer 145

A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period

Question 146

What is the significance of advanced persistent threats?

Answer 146

They are often sponsored by a nation-state or its proxies

Question 147

What motivates a nation-state actor?

Answer 147

Long-term strategic goals

Question 148

What forms can insider threats take?

Answer 148

Data theft, sabotage, misuse of access privileges

Question 149

What are some motivations for insider threats?

Answer 149

Financial gain, revenge, carelessness/lack of awareness

Question 150

What does insider threat refer to?

Answer 150

Potential risk posed by individuals within an organization with access to sensitive information

Question 151

What should organizations do to mitigate the risk of insider threats?

Answer 151

Implement zero-trust architecture

Question 152

Why does shadow IT exist?

Answer 152

Security posture too high or complex for business operations

Question 153

What is BYOD?

Answer 153

Use of personal devices for work purposes

Question 154

What is a threat vector?

Answer 154

Means or pathway for unauthorized access

Question 155

What is an attack surface?

Answer 155

Various points for unauthorized entry or data extraction

Question 156

How can the attack surface be minimized?

Answer 156

Restricting access

Question 157

What are some message-based threat vectors?

Answer 157

Email, SMS text messaging, instant messaging

Question 158

What are some image-based threat vectors?

Answer 158

Embedding malicious code inside an image file

Question 159

How can files be used as threat vectors?

Answer 159

Disguised as legitimate documents or software

Question 160

What is vhishing?

Answer 160

Use of voice calls to trick victims into revealing sensitive information

Question 161

What is baiting?

Answer 161

Leaving a malware-infected USB drive in a location where the target might find it

Question 162

What are unsecure networks?

Answer 162

Wireless, wired, and Bluetooth networks lacking appropriate security measures

Question 163

Why are wireless networks vulnerable?

Answer 163

Unauthorized individuals can intercept wireless communications or gain access to the network

Question 164

Are wired networks completely secure?

Answer 164

No, they are still susceptible to threats

Question 165

What are two types of attacks that can occur due to physical access to the network infrastructure?

Answer 165

MAC Address Cloning, VLAN Hopping

Question 166

What are two Bluetooth exploits that attackers can use to carry out attacks?

Answer 166

BlueBorne, BlueSmack

Question 167

What is BlueBorne?

Answer 167

Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or intercept communications

Question 168

What is BlueSmack?

Answer 168

Bluetooth DoS attack

Question 169

How can you learn from threat actors?

Answer 169

Set up deception and disruption technologies

Question 170

What are Tactics, Techniques, and Procedures (TTPs)?

Answer 170

Methods associated with threat actors

Question 171

What are deceptive and disruption technologies?

Answer 171

Tech to mislead attackers and detect threats

Question 172

What is a honeypot?

Answer 172

Decoy system to attract hackers

Question 173

What is a honeynet?

Answer 173

Network of honeypots

Question 174

What types of devices can be part of a honeynet?

Answer 174

Servers, routers, switches

Question 175

What is a honeyfile?

Answer 175

Decoy file to lure attackers

Question 176

What is a honeytoken?

Answer 176

Piece of data or resource monitored for access

Question 177

What are bogus DNS entries?

Answer 177

Fake DNS entries in system’s DNS server

Question 178

What is the purpose of creating decoy directories?

Answer 178

Fake folders and files placed in storage

Question 179

How does dynamic page generation help secure websites?

Answer 179

Effective against scraping tools or bots

Question 180

What is port triggering used for?

Answer 180

Hiding services until specific outbound pattern

Question 181

How can spoofing fake telemetry data be used as a security measure?

Answer 181

Sending out fake data when network scan detected

Question 182

What are the objectives of physical security?

Answer 182

Measures to protect tangible assets from harm or unauthorized access

Question 183

What are some examples of physical security controls?

Answer 183

Fencing and Bollards

Question 184

What are bollards?

Answer 184

Short, sturdy vertical posts controlling or preventing vehicle access

Question 185

What are fences?

Answer 185

Barriers made of posts and wire or boards to enclose or separate areas

Question 186

What are some examples of brute force attacks on physical security?

Answer 186

Forcible entry, tampering with security devices, confronting security personnel, ramming a barrier with a vehicle

Question 187

What are surveillance systems used for?

Answer 187

Observing and reporting activities

Question 188

What are the components of surveillance systems?

Answer 188

Video surveillance

Question 189

What are access control vestibules?

Answer 189

Double-door system electronically controlled to allow only one door open at a time

Question 190

What are some types of door locks?

Answer 190

Padlocks, pin and tumbler locks, numeric locks, wireless locks, biometric locks, cipher locks, electronic access control systems

Question 191

What are access badges?

Answer 191

Use of Radio Frequency Identification (RFID) or Near Field Communication (NFC) for access

Question 192

What is the purpose of a fence in terms of physical security?

Answer 192

Provides a visual deterrent by defining a boundary

Question 193

What is the purpose of establishing a physical barrier against unauthorized entry?

Answer 193

Delay intruders

Question 194

What is fencing well-suited for?

Answer 194

Safeguarding large perimeters

Question 195

What are bollards designed to counter?

Answer 195

Vehicular threats

Question 196

What is brute force attack?

Answer 196

Gaining access by trying all possibilities

Question 197

What is forcible entry?

Answer 197

Gaining unauthorized access by breaking barriers

Question 198

How can tampering with security devices be protected against?

Answer 198

Having redundancy in physical security measures

Question 199

What is the concept of confronting security personnel?

Answer 199

Direct attack on security personnel

Question 200

What training should security personnel undergo to mitigate risks during confrontations?

Answer 200

Rigorous conflict resolution and self-defense training

Question 201

How does ramming barriers with vehicles breach physical security?

Answer 201

Using vehicles to breach physical security barriers

Question 202

What measures can be taken to prevent vehicles from driving into facilities?

Answer 202

Installing bollards or reinforced barriers

Question 203

What is a surveillance system?

Answer 203

An organized strategy to observe and report activities.

Question 204

What are the four main categories of surveillance?

Answer 204

Video Surveillance, Motion detection, Night vision, Facial recognition

Question 205

What are some features of video surveillance?

Answer 205

Motion detection, Night vision, Facial recognition

Question 206

What does a wired solution security camera use?

Answer 206

A physical cable from the camera to the central monitoring station

Question 207

What does a wireless solution rely on to send its signal back to the central monitoring station?

Answer 207

Wi-Fi

Question 208

What is a Pan-Tilt-Zoom (PTZ) System used for?

Answer 208

To better detect issues during an intrusion

Question 209

What are some of the best places to have cameras?

Answer 209

Data center, telecommunications closets, entrance or exit areas

Question 210

What should cameras be configured to do?

Answer 210

Record what they’re observing

Question 211

What do security guards provide?

Answer 211

Flexible and adaptable forms of surveillance

Question 212

Why is proper lighting crucial for conducting effective surveillance?

Answer 212

To deter criminals, reduce shadows and hiding spots, and enhance the quality of video recordings

Question 213

What are sensors?

Answer 213

Devices that detect and respond to external stimuli or changes in the environment

Question 214

What do infrared sensors detect?

Answer 214

Changes in infrared radiation emitted by warm bodies

Question 215

What are pressure sensors?

Answer 215

Activated by weight on sensor

Question 216

How do microwave sensors work?

Answer 216

Measure reflection of microwave pulses off moving objects

Question 217

What do ultrasonic sensors measure?

Answer 217

Reflection of ultrasonic waves off moving objects

Question 218

What is visual obstruction in bypassing surveillance systems?

Answer 218

Blocking camera’s line of sight

Question 219

What are some methods to disable a camera?

Answer 219

Placing a sticker or tape over the lens, positioning objects like balloons or umbrellas in front of the camera

Question 220

How can you blind sensors and cameras?

Answer 220

Overwhelming them with a sudden burst of light

Question 221

What is a method to interfere with acoustics?

Answer 221

Listening to the environment

Question 222

What are some methods to prevent eavesdropping?

Answer 222

Jamming or playing loud music

Question 223

What is Electromagnetic Interference (EMI)?

Answer 223

Jamming surveillance signals

Question 224

How can the physical environment be used to attack surveillance equipment?

Answer 224

Physical tampering

Question 225

What is an access control vestibule?

Answer 225

Double-door system with electronically controlled doors

Question 226

How does an access control vestibule prevent piggybacking and tailgating?

Answer 226

By allowing only one door to be open at a time

Question 227

What is the key difference between Piggybacking and Tailgating?

Answer 227

Piggybacking gains consent, Tailgating doesn’t

Question 228

What are some technologies used in access control badges?

Answer 228

RFID, NFC

Question 229

What are the roles of security guards at access control vestibules?

Answer 229

Visual deterrent, assistance, checking identity, response

Question 230

What is the purpose of door locks in physical security?

Answer 230

Restrict and regulate access to specific spaces or properties

Question 231

What is the function of traditional padlocks?

Answer 231

Minimal protection

Question 232

What are basic door locks vulnerable to?

Answer 232

Lock picking

Question 233

What authentication methods do modern electronic door locks use?

Answer 233

Identification Numbers, Wireless Signals, Biometrics

Question 234

What technologies can be used for wireless signal authentication?

Answer 234

NFC, Wi-Fi, Bluetooth, RFID

Question 235

What are some physical characteristics used for biometric authentication?

Answer 235

Fingerprints, retinal scans, facial recognition

Question 236

What is the False Acceptance Rate (FAR)?

Answer 236

FAR measures the rate at which unauthorized users are wrongly authenticated as authorized.

Question 237

What is False Acceptance Rate (FAR)?

Answer 237

System erroneously authenticates an unauthorized user.

Question 238

How can scanner sensitivity be adjusted to lower FAR?

Answer 238

Increase the scanner sensitivity.

Question 239

What is False Rejection Rate (FRR)?

Answer 239

Denial of access to an authorized user.

Question 240

What happens to FRR when sensitivity is adjusted?

Answer 240

FRR can increase.

Question 241

What is Crossover Error Rate (CER)?

Answer 241

Optimal balance between FAR and FRR for authentication effectiveness.

Question 242

What are some examples of multiple factors used in electronic door locks?

Answer 242

Identification number and fingerprint

Question 243

What are cipher locks?

Answer 243

Mechanical locks with numbered push buttons

Question 244

Where are cipher locks commonly used?

Answer 244

High-security areas like server rooms

Question 245

What type of authentication is commonly used in secure entry areas in office buildings?

Answer 245

Electronic access systems with badges and PINs

Question 246

What are popular technologies used for contactless authentication?

Answer 246

RFID and NFC

Question 247

How does an attacker clone an access badge?

Answer 247

Step 1: Scanning, Step 2: Data Extraction, Step 3: Writing to a new card or device, Step 4: Using the cloned access badge

Question 248

What are the reasons access badge cloning is common?

Answer 248

Ease of execution, Ability to be stealthy, Potentially widespread use

Question 249

How can access badge cloning be stopped?

Answer 249

Implement advanced encryption, Implement MFA, Regularly update security protocols, Educate users, Use shielded wallets or sleeves, Monitor and audit access logs

Question 250

What is social engineering?

Answer 250

Manipulative strategy exploiting human psychology for unauthorized access

Question 251

What are the motivational triggers used by social engineers?

Answer 251

Familiarity, Likability, Consensus, Authority, Scarcity, Urgency

Question 252

What is impersonation in social engineering?

Answer 252

Pretending to be someone else

Question 253

What is pretexting in social engineering?

Answer 253

Creating a fabricated scenario to manipulate targets

Question 254

What are the types of phishing attacks?

Answer 254

Phishing, Vishing, Smishing, Spear Phishing, Whaling, Business Email Compromise

Question 255

What are some common fraudulent practices used to deceive people?

Answer 255

Deceptive practices to obtain money or valuable information

Question 256

What do influence campaigns involve?

Answer 256

Spreading misinformation and disinformation to impact politics, economics, etc.

Question 257

Name some other social engineering attacks.

Answer 257

Diversion Theft, Hoaxes, Shoulder Surfing, Dumpster Diving, Eavesdropping, Baiting, Piggybacking, Tailgating

Question 258

What are the six main types of motivational triggers that social engineers use?

Answer 258

Authority, Urgency, Social Proof, Scarcity, Likability, Fear

Question 259

What is impersonation?

Answer 259

Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data

Question 260

What is required for impersonation?

Answer 260

The attacker needs to collect information about the organization and earn the trust of their targeted users

Question 261

What do attackers provide to make impersonation more believable?

Answer 261

Details to help make the lies and the impersonation more believable to a potential victim

Question 262

What are the potential risks of unauthorized access?

Answer 262

Unauthorized access can lead to disruption of services and complete system takeover.

Question 263

What can organizations do to mitigate against attacks?

Answer 263

Provide security awareness training to their employees on a regular basis.

Question 264

What is brand impersonation?

Answer 264

A specific form of impersonation where an attacker pretends to represent a legitimate company or brand.

Question 265

How do attackers carry out brand impersonation?

Answer 265

By using the brand’s logos, language, and information to create deceptive communications or websites.

Question 266

How can organizations protect against brand impersonation?

Answer 266

Educate their users about these types of threats and use secure email gateways to filter out phishing emails.

Question 267

What is typosquatting?

Answer 267

URL hijacking or cybersquatting

Question 268

How can organizations combat typosquatting?

Answer 268

Register common misspellings of their own domain names

Question 269

Why is monitoring the online presence important?

Answer 269

To detect any fraudulent activities as soon as they occur

Question 270

What are watering hole attacks?

Answer 270

Targeted attacks on specific websites or services

Question 271

What can organizations do to mitigate watering hole attacks?

Answer 271

Keep systems updated, use threat intelligence, employ malware detection tools

Question 272

What is pretexting?

Answer 272

Gives some amount of information that seems true so that the victim will give more information

Question 273

How can pretexting be mitigated?

Answer 273

Training employees not to fall for pretext and not to fill in the gaps for people when they are calling

Question 274

What is phishing?

Answer 274

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information

Question 275

What is spear phishing?

Answer 275

More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations

Question 276

What is whaling?

Answer 276

Form of spear phishing that targets high-profile individuals, like CEOs or CFOs

Question 277

Why is whaling used?

Answer 277

The attacker aims to catch one of the executives, board members, or higher level managers in the company since the rewards are potentially much greater

Question 278

What is the purpose of whaling as an initial step?

Answer 278

To compromise an executive’s account for subsequent attacks within their organization

Question 279

What is Business Email Compromise (BEC)?

Answer 279

Sophisticated type of phishing attack that targets businesses using internal email accounts.

Question 280

What is Vishing?

Answer 280

Tricking victims into sharing personal or financial information over the phone.

Question 281

What is Smishing?

Answer 281

Using text messages to trick individuals into providing personal information.

Question 282

What is one way to mitigate the threat of a successful phishing campaign?

Answer 282

Implement the right strategies and provide user security awareness training

Question 283

What is an anti-phishing campaign?

Answer 283

Essential user security awareness training tool

Question 284

What should an anti-phishing campaign offer for users who fell victim to simulated phishing emails?

Answer 284

Remedial training

Question 285

What is business email compromise?

Answer 285

Phishing that aims to impersonate a trusted business contact

Question 286

What is vishing?

Answer 286

Phishing using voice calls

Question 287

What is smishing?

Answer 287

Phishing using SMS or text messages

Question 288

What are some key indicators of phishing attacks?

Answer 288

• Urgency
• Unusual Requests
• Mismatched URLs

Question 289

What is a red flag for a suspicious email?

Answer 289

Email addresses don’t match.

Question 290

What are signs of a phishing email?

Answer 290

Poor spelling or grammar.

Question 291

How can organizations protect against phishing attacks?

Answer 291

Training and reporting suspicious messages.

Question 292

What should be done if a phishing email is opened?

Answer 292

Conduct a quick investigation and triage the user’s system.

Question 293

What is a common type of online fraud?

Answer 293

Identity fraud or identity theft.

Question 294

What is the difference between identity fraud and identity theft?

Answer 294

Fraud: charges items to victim’s credit card
Theft: assumes victim’s identity

Question 295

What is the most common scam called?

Answer 295

Invoice scam

Question 296

What is an influence campaign?

Answer 296

Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group

Question 297

What is the difference between misinformation and disinformation?

Answer 297

Misinformation is false or inaccurate information shared without harmful intent, while disinformation involves the deliberate creation and sharing of false information with the intent to deceive or mislead

Question 298

Why are influence campaigns powerful?

Answer 298

They are a powerful tool for shaping public opinion and behavior

Question 299

Why is misinformation and disinformation concerning?

Answer 299

They can have serious consequences

Question 300

What is diversion theft?

Answer 300

Manipulating a situation to steal valuable items or information

Question 301

What is a hoax?

Answer 301

Malicious deception often spread through social media or email

Question 302

What is shoulder surfing?

Answer 302

Looking over someone’s shoulder to gather personal information

Question 303

What is dumpster diving?

Answer 303

Searching through trash to find valuable information

Question 304

What is eavesdropping?

Answer 304

Secretly listening to private conversations

Question 305

How can eavesdropping be prevented?

Answer 305

Encrypting data in transit

Question 306

How can baiting be prevented?

Answer 306

Training users to not use devices they find

Question 307

What is piggybacking and tailgating?

Answer 307

Unauthorized person following an authorized person into a secure area

Question 308

What is tailgating?

Answer 308

Unauthorized person following an employee

Question 309

What is piggybacking?

Answer 309

Unauthorized person convincing an employee to let them in

Question 310

What is malware?

Answer 310

Malicious software designed to infiltrate computer systems and potentially damage them without user consent

Question 311

What are the categories of malware?

Answer 311

Viruses, Worms, Trojans, Ransomware, Spyware, Rootkits, Spam

Question 312

What is an attack vector?

Answer 312

Means by which the attacker gains access and infects the system

Question 313

What are the types of malware attacks?

Answer 313

Viruses, Worms, Trojans, Ransomware, Zombies and Botnets, Rootkits, Backdoors and Logic Bombs, Keyloggers, Spyware and Bloatware

Question 314

What is the definition of viruses?

Answer 314

Attach to clean files, spread, and corrupt host files

Question 315

What is the definition of worms?

Answer 315

Standalone programs replicating and spreading to other computers

Question 316

What is the definition of Trojans?

Answer 316

Disguise as legitimate software, grant unauthorized access

Question 317

What is the definition of ransomware?

Answer 317

Encrypts user data, demands ransom for decryption

Question 318

What is the definition of zombies and botnets?

Answer 318

Compromised computers remotely controlled in a network for malicious purposes

Question 319

What is the definition of rootkits?

Answer 319

Hide presence and activities on a computer, operate at the OS level

Question 320

What is the definition of backdoors and logic bombs?

Answer 320

Backdoors allow unauthorized access, logic bombs execute malicious actions

Question 321

What is the definition of keyloggers?

Answer 321

Record keystrokes, capture passwords or sensitive information

Question 322

What is the definition of spyware and bloatware?

Answer 322

Spyware monitors and gathers user/system information, bloatware consumes resources without value

Question 323

What are some malware techniques and infection vectors?

Answer 323

Evolving from file-based tactics to modern fileless techniques, multi-stage deployment, leveraging system tools, and obfuscation techniques

Question 324

What are some indications of a malware attack?

Answer 324

Account lockouts, Concurrent session utilization, Blocked content, Impossible travel, Resource consumption, Inaccessibility, Out-of-cycle logging, Missing logs, Documented attacks, Viruses

Question 325

What is a computer virus?

Answer 325

Malicious code that infects a computer when run without the user’s knowledge

Question 326

What is a boot sector virus?

Answer 326

Virus stored in the first sector of a hard drive that is loaded into memory during boot-up

Question 327

What is a macro virus?

Answer 327

Virus embedded inside a document, executed when the user opens the document

Question 328

What is a multipartite virus?

Answer 328

Combination of a boot sector type virus and a program virus

Question 329

How does an encrypted virus hide itself from detection?

Answer 329

By encrypting its malicious code or payloads

Question 330

What is the difference between an encrypted virus and a polymorphic virus?

Answer 330

Polymorphic viruses change their code each time they are executed

Question 331

What does a metamorphic virus do before it attempts to infect a file?

Answer 331

It rewrites itself entirely

Question 332

What is stealth technique used for in viruses?

Answer 332

To prevent detection by anti-virus software

Question 333

What does an armored virus have?

Answer 333

A layer of protection to confuse analysis

Question 334

What is a hoax virus?

Answer 334

A form of technical social engineering to scare end users

Question 335

What is a worm?

Answer 335

Malicious software that can replicate itself without user interaction

Question 336

What makes worms dangerous?

Answer 336

They can infect workstations and cause disruptions to network traffic

Question 337

What is a worm known for?

Answer 337

Spreading far and wide over the internet

Question 338

What is a Trojan?

Answer 338

Malicious software disguised as harmless software

Question 339

What is a remote access Trojan (RAT) used for?

Answer 339

Providing remote control of a victim machine

Question 340

How are Trojans commonly used by attackers today?

Answer 340

Exploiting vulnerabilities and conducting data exfiltration

Question 341

What is ransomware?

Answer 341

Malicious software that blocks access to a system until a ransom is paid

Question 342

How can we protect against ransomware?

Answer 342

Regular backups, software updates, security awareness training, MFA

Question 343

What should you do if you find yourself or your organization as the victim of a ransomware attack?

Answer 343

Never pay the ransom

Question 344

What is a botnet?

Answer 344

Network of compromised computers or devices controlled remotely

Question 345

What is a zombie?

Answer 345

Compromised computer or device in a botnet

Question 346

What is the purpose of a command and control node?

Answer 346

Manage and coordinate network activities

Question 347

What are some uses of botnets?

Answer 347

Pivot points, disguise attacker, host illegal activities, spam others

Question 348

What is the most common use for a botnet?

Answer 348

To conduct a DDoS attack

Question 349

What is a DDoS attack?

Answer 349

When many machines target a single victim and attack them at the exact same time

Question 350

How do attackers use botnets in DDoS attacks?

Answer 350

To combine processing power and break through encryption schemes

Question 351

What percentage of a zombie’s power do attackers usually use in a DDoS attack?

Answer 351

20-25%

Question 352

What is a rootkit?

Answer 352

Software designed to gain administrative level control over a computer system without being detected

Question 353

What is the highest level of permissions called?

Answer 353

Administrator account

Question 354

What can a person do with an Administrator account?

Answer 354

Install programs, delete programs, open ports, shut ports

Question 355

What is the equivalent of an Administrator account in UNIX, Linux, or MacOS?

Answer 355

Root account

Question 356

What is Ring 3 in a computer system?

Answer 356

Outermost Ring where user level permissions are used

Question 357

What is Ring 0 in a computer system?

Answer 357

Innermost or Highest Permission Levels, operating in kernel mode

Question 358

What does an operating system control access to?

Answer 358

Device drivers, sound card, video display, etc.

Question 359

What level of permission does the administrator or root user have?

Answer 359

Root permission at Ring 1

Question 360

Why is malicious code closer to the kernel more dangerous?

Answer 360

More permissions and can cause more damage

Question 361

What is a technique used by rootkits to gain deeper access to a system?

Answer 361

DLL injection

Question 362

What is a shim in software development?

Answer 362

Piece of software code that intercepts calls between two components

Question 363

Why are rootkits difficult to detect?

Answer 363

Operating system is essentially blinded to them

Question 364

What is the best way to detect rootkits?

Answer 364

Boot from an external device and scan the internal hard drive

Question 365

What is a backdoor?

Answer 365

Bypasses normal security

Question 366

Who often puts backdoors in systems?

Answer 366

Designers and programmers

Question 367

What is a Remote Access Trojan (RAT)?

Answer 367

Acts like a backdoor in networks

Question 368

What is an Easter egg?

Answer 368

Hidden feature or novelty in a program

Question 369

What are logic bombs?

Answer 369

Malicious code that executes under certain conditions

Question 370

What is a keylogger?

Answer 370

Software or hardware that records keystrokes

Question 371

What is the difference between software and hardware keyloggers?

Answer 371

Software is installed on a computer, hardware is a physical device

Question 372

How are software keyloggers typically installed?

Answer 372

Bundled with other software or delivered through social engineering attacks

Question 373

How can you protect your organization from keyloggers?

Answer 373

Perform regular updates and patches, Rely on quality antivirus and antimalware solutions, Conduct phishing awareness training for users, Implement multi-factor authentication systems, Encrypt keystrokes being sent to systems, Perform physical checks of desktops, laptops, and servers

Question 374

What is spyware?

Answer 374

Malicious software that gathers and sends information without the user’s knowledge

Question 375

How can spyware get installed on a system?

Answer 375

Bundled with other software, Installed through a malicious website, Installed when users click on a deceptive pop-up advertisement

Question 376

What can you do to protect against spyware?

Answer 376

Use reputable antivirus and anti-spyware tools that are regularly updated

Question 377

What is bloatware?

Answer 377

Software that comes pre-installed on a new computer or smartphone that you did not request, want, or need

Question 378

What are the potential issues with bloatware?

Answer 378

Wastes storage space, slows down device performance, introduces security vulnerabilities

Question 379

How can you remove bloatware?

Answer 379

Manual removal process, Use bloatware removal tools, Perform a clean operating system installation

Question 380

Why is updating applications important in terms of security?

Answer 380

It reduces potential threat vectors for attackers to exploit

Question 381

What is a malware exploitation technique?

Answer 381

Method by which malware code penetrates and infects a system

Question 382

What is a common approach used by modern malware to avoid detection?

Answer 382

Fileless techniques

Question 383

What is fileless malware?

Answer 383

Malware that creates a process in system memory without relying on the local file system

Question 384

How does modern malware work?

Answer 384

Stage 1 dropper or downloader retrieves and activates additional malware

Question 385

What is shellcode?

Answer 385

Lightweight code to execute an exploit

Question 386

What does the Stage 2 Downloader do?

Answer 386

Downloads and installs a remote access Trojan

Question 387

What is the ‘Actions on Objectives’ phase?

Answer 387

Executing primary objectives to meet core objectives

Question 388

What is the purpose of Concealment?

Answer 388

Prolong unauthorized access by hiding tracks and evidence

Question 389

What is ‘Living off the Land’ strategy?

Answer 389

Exploiting standard tools for intrusions

Question 390

What are some common indicators of malware attacks?

Answer 390

Account lockouts, concurrent session utilization, blocked content, impossible travel, resource consumption, resource inaccessibility

Question 391

What is out-of-cycle logging?

Answer 391

Logs generated at odd hours

Question 392

What are missing logs?

Answer 392

Gaps or cleared logs without authorization

Question 393

What are published or documented attacks?

Answer 393

Network infected as part of a malware-based attack

Question 394

What is the importance of using appropriate cryptographic solutions?

Answer 394

1.4 - Data Protection Objectives

Question 395

What should you compare and contrast to protect data?

Answer 395

3.3 - Data Protection Objectives

Question 396

What are the security implications of proper hardware, software, and data asset management?

Answer 396

4.2 - Data Protection Objectives

Question 397

What are some security alerting and monitoring concepts and tools?

Answer 397

4.4 - Data Protection Objectives

Question 398

What are the elements of effective security governance?

Answer 398

5.1 - Data Protection Objectives

Question 399

What are the two roles involved in data governance?

Answer 399

Data Custodians and Data Stewards

Question 400

What are the three states of data?

Answer 400

Data at rest, in transit, in use

Question 401

What are two methods for protecting data?

Answer 401

Disk encryption and communication tunneling

Question 402

What are some examples of data types?

Answer 402

Regulated data, trade secrets, intellectual property, legal information, financial information

Question 403

What is data sovereignty?

Answer 403

Information subject to nation’s laws and governance structures

Question 404

Name four methods for securing data.

Answer 404

Geographic restrictions, encryption, hashing, masking

Question 405

What are some strategies to prevent sensitive information from leaving an organization?

Answer 405

Tokenization, Obfuscation, Segmentation

Question 406

What is data classification?

Answer 406

Determination of the value and sensitivity of information

Question 407

What is sensitive data?

Answer 407

Information that, if accessed by unauthorized persons, can result in loss of security or competitive advantage

Question 408

What are the importance of data classification?

Answer 408

Allocate appropriate protection resources, prevent over-classification, require proper policies

Question 409

What are the commercial business classification levels?

Answer 409

Public, Sensitive, Private

Question 410

What are the government classification levels?

Answer 410

Unclassified, Sensitive but Unclassified, Confidential, Secret, Top Secret

Question 411

What kind of information is included in the Confidential level?

Answer 411

Internal personnel or salary information

Question 412

What kind of information is included in the Critical level?

Answer 412

Trade secrets, intellectual property, source code, etc.

Question 413

What kind of information is included in the Sensitive but Unclassified level?

Answer 413

Includes medical records, personnel files, etc.

Question 414

What kind of information is included in the Secret level?

Answer 414

Military deployment plans, defensive postures

Question 415

What kind of information is included in the Top Secret level?

Answer 415

Highly sensitive national security information

Question 416

What are the legal requirements for data maintenance?

Answer 416

Depends on organization type

Question 417

What should organizational policies outline?

Answer 417

Data classification, retention, and disposal requirements

Question 418

Why is understanding data classifications important?

Answer 418

For protecting sensitive information and complying with regulations

Question 419

What is data ownership?

Answer 419

Identifying the individual responsible for maintaining confidentiality, integrity, availability, and privacy of information assets

Question 420

Who is a data owner?

Answer 420

Senior executive responsible for labeling information assets and ensuring they are protected

Question 421

Who is a data controller?

Answer 421

Entity responsible for determining data storage, collection, and usage purposes and methods

Question 422

What is a data processor?

Answer 422

Group or individual hired by the data controller to assist with tasks like data collection and processing

Question 423

What is the role of a Data Steward?

Answer 423

Focuses on data quality and metadata

Question 424

What is the role of a Data Custodian?

Answer 424

Responsible for managing data storage systems

Question 425

What is the role of a Privacy Officer?

Answer 425

Oversees privacy-related data

Question 426

Who should be the data owner?

Answer 426

Not the IT department

Question 427

Who should be the owners of data?

Answer 427

Individuals from the business side who understand the data’s content and can make informed decisions about classification

Question 428

How should data owners be selected?

Answer 428

Based on their knowledge of the data and its significance within the organization

Question 429

Why is proper data ownership important?

Answer 429

For maintaining data security, compliance, and effective data management within an organization

Question 430

What are the different data states?

Answer 430

Data at Rest

Question 431

What is Full Disk Encryption (FDE)?

Answer 431

Encrypts entire hard drive

Question 432

What is Partition Encryption?

Answer 432

Encrypts specific partitions

Question 433

What is File Encryption?

Answer 433

Encrypts individual files

Question 434

What is Volume Encryption?

Answer 434

Encrypts selected files or directories

Question 435

What is Database Encryption?

Answer 435

Encrypts data stored in a database at column, row, or table levels

Question 436

What is Record Encryption?

Answer 436

Encrypts specific fields within a database record

Question 437

What is data in transit?

Answer 437

Data actively moving from one location to another, vulnerable to interception

Question 438

What are some transport encryption methods?

Answer 438

SSL, TLS, VPN, IPSec

Question 439

What is SSL?

Answer 439

Secure Sockets Layer - provides secure communication over networks

Question 440

What is TLS?

Answer 440

Transport Layer Security - provides secure communication over networks

Question 441

What is VPN?

Answer 441

Virtual Private Network - creates secure connections over less secure networks like the internet

Question 442

What is IPSec?

Answer 442

Internet Protocol Security - secures IP communications by authenticating and encrypting IP packets

Question 443

What is data in use?

Answer 443

Data actively being created, retrieved, updated, or deleted

Question 444

What are some protection measures for data in use?

Answer 444

Encryption at the Application Level, Access Controls, Secure Enclaves, Mechanisms like INTEL Software Guard

Question 445

What does encryption at the application level do?

Answer 445

Encrypts data during processing

Question 446

What do access controls for data in use do?

Answer 446

Restricts access to data during processing

Question 447

What are secure enclaves?

Answer 447

Isolated environments for processing sensitive data

Question 448

What does INTEL Software Guard do?

Answer 448

Encrypts data in memory to prevent unauthorized access

Question 449

Why is understanding the three data states essential?

Answer 449

To implement appropriate security measures for each

Question 450

What is regulated data?

Answer 450

Data controlled by laws, regulations, or industry standards

Question 451

What are two compliance requirements for regulated data?

Answer 451

GDPR, HIPAA

Question 452

What is PII?

Answer 452

Information used to identify an individual (e.g., names, social security numbers, addresses)

Question 453

What is PHI?

Answer 453

Information about health status, healthcare provision, or payment linked to a specific individual

Question 454

What are trade secrets?

Answer 454

Confidential business information giving a competitive edge (e.g., manufacturing processes, marketing strategies, proprietary software)

Question 455

What is intellectual property (IP)?

Answer 455

Creations of the mind protected by patents, copyrights, trademarks.

Question 456

What are some examples of intellectual property (IP)?

Answer 456

Inventions, literary works, designs.

Question 457

How is intellectual property (IP) protected?

Answer 457

By patents, copyrights, trademarks.

Question 458

What is the purpose of protecting intellectual property (IP)?

Answer 458

To encourage innovation.

Question 459

What can happen if intellectual property (IP) is used without authorization?

Answer 459

Legal action.

Question 460

What is legal information?

Answer 460

Data related to legal proceedings, contracts, regulatory compliance.

Question 461

What is the significance of protecting financial information?

Answer 461

Targeted by cybercriminals for fraud and identity theft

Question 462

What is PCI DSS?

Answer 462

Payment Card Industry Data Security Standard

Question 463

What is human-readable data?

Answer 463

Understandable directly by humans

Question 464

What is non-human-readable data?

Answer 464

Requires machine or software to interpret

Question 465

What is GDPR?

Answer 465

General Data Protection Regulation

Question 466

What does GDPR protect?

Answer 466

EU citizens’ data within EU and EEA borders

Question 467

What are the consequences of non-compliance with GDPR?

Answer 467

Significant fines

Question 468

What is one requirement of data sovereignty laws?

Answer 468

Data storage and processing within national borders