Untitled Deck Flashcards

Question 1

Q

Information Security

Answer

A

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Question 2

Q

Information Systems Security

Answer

A

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data

Question 3

Q

CIA Triad

Answer

A

Confidentiality, Integrity, Availability

Question 4

Q

Confidentiality

Answer

A

Ensures information is accessible only to authorized personnel (e.g., encryption)

Question 5

Q

Integrity

Answer

A

Ensures data remains accurate and unaltered (e.g., checksums)

Question 6

Q

Availability

Answer

A

Ensures information and resources are accessible when needed (e.g., redundancy measures)

Question 7

Q

Non-Repudiation

Answer

A

Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)

Question 8

Q

CIANA Pentagon

Answer

A

An extension of the CIA triad with the addition of non-repudiation and authentication

Question 9

Q

Triple A’s of Security

Answer

A

Authentication, Authorization, Accounting

Question 10

Q

Authentication

Answer

A

Verifying the identity of a user or system (e.g., password checks)

Question 11

Q

Authorization

Answer

A

Determining actions or resources an authenticated user can access (e.g., permissions)

Question 12

Q

Accounting

Answer

A

Tracking user activities and resource usage for audit or billing purposes

Question 13

Q

Security Control Categories

Answer

A

Technical, Managerial, Operational, Physical

Question 14

Q

Security Control Types

Answer

A

Preventative, Deterrent, Detective, Corrective, Compensating, Directive

Question 15

Q

Zero Trust Model

Answer

A

Operates on the principle that no one should be trusted by default

Question 16

Q

Control Plane (Zero Trust)

Answer

A

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones

Question 17

Q

Data Plane (Zero Trust)

Answer

A

Subject/system, policy engine, policy administrator, and establishing policy enforcement points

Question 18

Q

Threat

Answer

A

Anything that could cause harm, loss, damage, or compromise to our information technology systems

Question 19

Q

Threat Sources

Answer

A

Natural disasters, Cyber-attacks, Data integrity breaches, Disclosure of confidential information

Question 20

Q

Vulnerability

Answer

A

Any weakness in the system design or implementation

Question 21

Q

Vulnerability Sources

Answer

A

Software bugs, Misconfigured software, Improperly protected network devices, Missing security patches, Lack of physical security

Question 22

Q

Risk

Answer

A

The intersection of a threat and a vulnerability

Question 23

Q

Reasons Confidentiality is important

Answer

A

To protect personal privacy, To maintain a business advantage, To achieve regulatory compliance

Question 24

Q

Methods to ensure Confidentiality

Answer

A

Encryption, Access Controls, Data Masking, Physical Security Measures, Training and Awareness

Question 25

Q

Encryption

Answer

A

Process of converting data into a code to prevent unauthorized access

Question 26

Q

Access Controls (Confidentiality)

Answer

A

Setting up strong user permissions to ensure only authorized personnel can access certain data

Question 27

Q

Data Masking

Answer

A

Obscuring specific data within a database for unauthorized users while retaining its use for authorized users

Question 28

Q

Physical Security Measures (Confidentiality)

Answer

A

Ensuring confidentiality for both physical and digital information

Question 29

Q

Training and Awareness (Confidentiality)

Answer

A

Regular training on security awareness best practices

Question 30

Q

Reasons Integrity is important

Answer

A

To ensure data accuracy, To maintain trust, To ensure system operability

Question 31

Q

Methods to maintain Integrity

Answer

A

Hashing, Digital Signatures, Checksums, Access Controls, Regular Audits

Question 32

Q

Hashing

Answer

A

Process of converting data into a fixed-size value

Question 33

Q

Digital Signatures

Answer

A

Ensure both integrity and authenticity

Question 34

Q

Checksums

Answer

A

Method to verify the integrity of data during transmission

Question 35

Q

Access Controls (Integrity)

Answer

A

Ensure only authorized individuals can modify data

Question 36

Q

Regular Audits

Answer

A

Systematically reviewing logs and operations to ensure only authorized changes have been made

Question 37

Q

Reasons Availability is important

Answer

A

Ensuring Business Continuity, Maintaining Customer Trust, Upholding an Organization’s Reputation

Question 38

Q

How to maintain Availability

Answer

A

Using redundancy in systems and network designs

Question 39

Q

Redundancy

Answer

A

Duplication of critical components or functions of a system to enhance reliability

Question 40

Q

Server Redundancy

Answer

A

Using multiple servers in a load-balanced or failover configuration

Question 41

Q

Data Redundancy

Answer

A

Storing data in multiple places

Question 42

Q

Network Redundancy

Answer

A

Ensures that if one network path fails, the data can travel through another route

Question 43

Q

Power Redundancy

Answer

A

Using backup power sources, like generators and UPS systems

Question 44

Q

Reasons Non-repudiation is important

Answer

A

To confirm the authenticity of digital transactions, To ensure the integrity of critical communications, To provide accountability in digital processes

Question 45

Q

5 Commonly used Authentication Methods

Answer

A

Something you know (Knowledge Factor), Something you have (Possession Factor), Something you are (Inherence Factor), Something you do (Action Factor), Somewhere you are (Location Factor)

Question 46

Q

Something you know (Authentication)

Answer

A

Relies on information a user can recall

Question 47

Q

Something you have (Authentication)

Answer

A

Relies on the user presenting a physical item

Question 48

Q

Something you are (Authentication)

Answer

A

Relies on a unique physical or behavioral characteristic

Question 49

Q

Something you do (Authentication)

Answer

A

Relies on a unique action

Question 50

Q

Somewhere you are (Authentication)

Answer

A

Relies on the user being in a certain geographic location

Question 51

Q

Multi-Factor Authentication (MFA)

Answer

A

Requires multiple methods of identification

Question 52

Q

Reasons Authentication is critical

Answer

A

To prevent unauthorized access, To protect user data and privacy, To ensure resources are accessed by valid users only

Question 53

Q

Authorization

Answer

A

Permissions and privileges granted after authentication

Question 54

Q

Reasons Authorization mechanisms are important?

Answer

A

To protect sensitive data, To maintain system integrity, To create a streamlined user experience

Question 55

Q

Accounting

Answer

A

Ensures all user activities are tracked and recorded

Question 56

Q

Reasons a robust Accounting system is important?

Answer

A

Create an audit trail, Maintain regulatory compliance, Conduct forensic analysis, Perform resource optimization, Achieve user accountability

Question 57

Q

Technologies used for Accounting

Answer

A

Syslog Servers, Network Analysis Tools, SIEM Systems

Question 58

Q

Syslog Servers

Answer

A

Aggregate logs from various devices for analysis

Question 59

Q

Network Analysis Tools

Answer

A

Capture and analyze network traffic

Question 60

Q

SIEM Systems

Answer

A

Real-time analysis of security alerts

Question 61

Q

Security Control Categories (4)

Answer

A

Technical, Managerial, Operational, Physical

Question 62

Q

Technical Controls

Answer

A

Technologies, hardware, and software to manage and reduce risks

Question 63

Q

Managerial Controls

Answer

A

Strategic planning and governance of security

Question 64

Q

Operational Controls

Answer

A

Procedures and measures for day-to-day data protection

Answer 65

A

Tangible measures to protect assets

Answer 66

A

Preventive, Deterrent, Detective, Corrective, Compensating, Directive

Answer 67

A

Proactive measures to thwart threats

Answer 68

A

Discourage attackers by making attacks less appealing

Answer 69

A

Monitor and alert to malicious activities

Answer 70

A

Mitigate damage and restore systems

Answer 71

A

Alternative measures when primary controls are not feasible

Answer 72

A

Guide, inform, or mandate actions (often policy-based)

Answer 73

A

Evaluating the differences between current and desired performance

Answer 74

A

Define the scope, Gather data on the current state, Analyze the data, Develop a plan to bridge the gap

Answer 75

A

Technical Gap Analysis, Business Gap Analysis

Answer 76

A

Evaluating technical infrastructure

Answer 77

A

Evaluating business processes

Answer 78

A

Outlines measures to address vulnerabilities, allocate resources, and set timelines

Answer 79

A

Demands verification for every device, user, and transaction

Answer 80

A

Control Plane, Data Plane

Answer 81

A

Framework for defining, managing, and enforcing access policies

Answer 82

A

Adaptive Identity, Threat Scope Reduction, Policy-Driven Access Control, Secured Zones

Answer 83

A

Real-time validation based on user behavior, device, location, etc.

Answer 84

A

Limits user access to reduce the attack surface

Answer 85

A

Managing access based on roles and responsibilities

Answer 86

A

Isolated environments for sensitive data

Answer 87

A

Policy Engine, Policy Administrator

Answer 88

A

Cross-references access requests with predefined policies

Answer 89

A

Establishes and manages access policies

Answer 90

A

Consists of the Subject/System and Policy Enforcement Point

Answer 91

A

The entity attempting to gain access

Answer 92

A

Where access decisions are executed

Answer 93

A

Summarize security concepts, Compare threat actors and motivations, Explain threat vectors and attack surfaces

Answer 94

A

Data Exfiltration, Blackmail, Espionage, Service Disruption, Financial Gain, Philosophical/Political Beliefs, Ethical Reasons, Revenge, Disruption/Chaos, War

Answer 95

A

Internal vs. External, Differences in resources and funding, Level of sophistication

Answer 96

A

Unskilled Attackers, Hacktivists, Organized Crime, Nation-state Actors, Insider Threats

Answer 97

A

Individuals with limited technical expertise who use readily available tools

Answer 98

A

Individuals or groups driven by political, social, or environmental ideologies

Answer 99

A

Groups that execute cyberattacks for financial gain (e.g., ransomware, identity theft)

Answer 100

A

Highly skilled attackers sponsored by governments for cyber espionage or warfare

Answer 101

A

Security threats originating from within the organization

Answer 102

A

IT systems, devices, software, or services managed without explicit organizational approval

Answer 103

A

The means or pathway by which an attacker gains unauthorized access

Answer 104

A

Use of information technology systems, devices, software, applications, and services without explicit organizational approval; IT-related projects managed outside of the IT department.

Answer 105

A

An organization’s security posture is set too high or too complex, negatively affecting business operations.

Answer 106

A

Involves the use of personal devices for work purposes.

Answer 107

A

The means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload.

Answer 108

A

Encompasses all the various points where an unauthorized user can try to enter or extract data from an environment. Can be minimized by restricting access, removing unnecessary software, and disabling unused protocols.

Answer 109

A

Threats delivered via email, SMS text messaging, or other forms of instant messaging.

Phishing campaigns are commonly used.

Answer 110

A

When an attacker impersonates a trusted entity to trick victims into revealing sensitive information.

Answer 111

A

Embedding malicious code inside an image file.

Answer 112

A

Files, often disguised as legitimate documents or software, transferred as email attachments, through file-sharing services, or hosted on malicious websites.

Answer 113

A

Vhishing: Use of voice calls to trick victims into revealing sensitive information.

Answer 114

A

Use of voice calls to trick victims into revealing sensitive information.

Answer 115

A

One common technique is baiting: leaving a malware-infected USB drive in a public location.

Answer 116

A

An attacker leaves a malware-infected USB drive in a location where a target might find it.

Answer 117

A

Wireless, wired, and Bluetooth networks that lack appropriate security measures. Unauthorized access can intercept communications or gain network access.

Answer 118

A

An attack that can occur with physical access to network infrastructure.

Answer 119

A

An attack that can occur with physical access to network infrastructure.

Answer 120

A

A set of vulnerabilities in Bluetooth technology that allows attackers to take over devices, spread malware, or establish on-path attacks.

Answer 121

A

A type of Denial of Service attack targeting Bluetooth devices by sending a specially crafted packet.

Answer 122

A

Technologies designed to mislead, confuse, and divert attackers while detecting and neutralizing threats.

Answer 123

A

Specific methods and patterns of activities associated with a particular threat actor.

Answer 124

A

Decoy systems or networks set up to attract potential hackers.

Answer 125

A

A network of honeypots designed to mimic an entire network of systems (servers, routers, switches).

Answer 126

A

Decoy files placed within a system to lure attackers.

Answer 127

A

Pieces of data or resources with no legitimate value but are monitored for access or use.

Answer 128

A

Fake Domain Name System entries introduced into a system’s DNS server.

Answer 129

A

Fake folders and files placed within a system’s storage.

Answer 130

A

Effective against automated scraping tools or bots trying to index or steal content.

Answer 131

A

Security mechanism where services/ports remain closed until a specific outbound traffic pattern is detected.

Answer 132

A

When a system detects a network scan, it can be configured to respond with fake network data.

Answer 133

A

Measures to protect tangible assets (buildings, equipment, people) from harm or unauthorized access.

Answer 134

A

Physical security controls. Fences are barriers made of posts and wire or boards. Bollards are short, sturdy vertical posts preventing vehicle access.

Answer 135

A

Barriers made of posts and wire or boards to enclose or separate areas; provide visual deterrent, physical barrier, and delay intruders.

Answer 136

A

Robust, short vertical posts (steel or concrete) designed to manage or redirect vehicular traffic.

Answer 137

A

Forcible entry, tampering with security devices, confronting security personnel, or ramming barriers with vehicles.

Answer 138

A

Gaining unauthorized access by physically breaking or bypassing barriers (windows, doors, fences).

Answer 139

A

Manipulating security devices to create exploitable vulnerabilities.

Answer 140

A

Direct confrontation or attack of an organization’s security personnel.

Answer 141

A

Using a vehicle to ram into physical security barriers.

Answer 142

A

An organized strategy to observe and report activities. Components include video surveillance, security guards, lighting, and sensors.

Answer 143

A

Can include motion detection, night vision, facial recognition, and remote access.

Answer 144

A

Flexible and adaptable forms of surveillance.

Answer 145

A

Crucial for effective surveillance; deters criminals, reduces hiding spots, and enhances video quality.

Answer 146

A

Devices that detect and respond to external stimuli. Categories include infrared, pressure, microwave, and ultrasonic.

Answer 147

A

Detect changes in infrared radiation (emitted by warm bodies).

Answer 148

A

Activated when a specified weight is detected.

Answer 149

A

Detect movement by emitting microwave pulses and measuring reflections.

Answer 150

A

Measure the reflection of ultrasonic waves off moving objects.

Answer 151

A

Visual obstruction, blinding sensors/cameras, interfering with acoustics or electromagnetics, or attacking the physical environment.

Answer 152

A

Blocking a camera’s line of sight (e.g., paint, stickers, objects).

Answer 153

A

Overwhelming a sensor or camera with a sudden burst of light.

Answer 154

A

Jamming or playing loud music to disrupt microphones.

Answer 155

A

Jamming the signals that surveillance systems rely on.

Answer 156

A

Physically tampering with surveillance equipment (e.g., cutting wires).

Answer 157

A

Double-door systems electronically controlled so only one door is open at a time; prevents piggybacking and tailgating.

Answer 158

A

Two people working together; one with access allows another without access to enter.

Answer 159

A

An unauthorized person closely follows someone with access into a secure area without their knowledge.

Answer 160

A

Restrict and regulate access to spaces. Types include padlocks, pin and tumbler locks, numeric locks, wireless locks, biometric locks, and cipher locks.

Answer 161

A

Easily defeated, offer minimal protection.

Answer 162

A

Vulnerable to simple techniques like lock picking.

Answer 163

A

Utilize various authentication methods (identification numbers, wireless signals, biometrics).

Answer 164

A

False Acceptance Rate (FAR), False Rejection Rate (FRR), Crossover Error Rate (CER).

Answer 165

A

System erroneously authenticates an unauthorized user.

Answer 166

A

System denies access to an authorized user.

Answer 167

A

Balance between FAR and FRR for optimal authentication.

Answer 168

A

Mechanical locks with numbered push buttons requiring a correct combination.

Answer 169

A

Copying data from an RFID or NFC card onto another device. Steps: Scanning, Data Extraction, Writing, Using.

Answer 170

A

A technology used for contactless authentication.

Answer 171

A

A technology used for contactless authentication.

Answer 172

A

Manipulative strategy exploiting human psychology for unauthorized access.

Answer 173

A

Familiarity/Likability, Consensus/Social Proof, Authority/Intimidation, Scarcity/Urgency, Fear.

Answer 174

A

People comply if they believe the request comes from someone in authority.

Answer 175

A

Creating a sense of immediacy to drive quick action.

Answer 176

A

Looking to others’ behaviors to determine one’s own actions.

Answer 177

A

Psychological pressure when a resource is perceived as limited.

Answer 178

A

People want to interact with those they like.

Answer 179

A

Threatening negative consequences if instructions aren’t followed.

Answer 180

A

Pretending to be someone else. Includes brand impersonation, typosquatting, and watering hole attacks.

Answer 181

A

Pretending to represent a legitimate company or brand.

Answer 182

A

Registering domain names similar to popular websites with typographical errors.

Answer 183

A

Compromising a website or service that a target is known to use.

Answer 184

A

Creating a fabricated scenario to manipulate targets.

Answer 185

A

Sending fraudulent emails to obtain personal information.

Answer 186

A

Targeted phishing focused on a specific group or organization.

Answer 187

A

Targets high-profile individuals (CEOs, CFOs).

Answer 188

A

Using a compromised business email account to trick other employees.

Answer 189

A

Tricking victims into sharing information over the phone.

Answer 190

A

Using text messages to trick individuals into providing information.

Answer 191

A

Urgency, unusual requests, mismatched URLs, strange email addresses, poor spelling/grammar.

Answer 192

A

Wrongful or criminal deception for financial or personal gain.

Answer 193

A

Using another person’s information without authorization.

Answer 194

A

Fraudulent or deceptive acts or operations.

Answer 195

A

A scam in which a person is tricked into paying for a fake invoice for a product or service they did not order.

Answer 196

A

Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group. They foster misinformation and disinformation.

Answer 197

A

False or inaccurate information shared without harmful intent.

Answer 198

A

The deliberate creation and sharing of false information with the intent to deceive or mislead.

Answer 199

A

Involves manipulating a situation or creating a distraction to steal valuable items or information.

Answer 200

A

Malicious deceptions often spread through social media, email, or other communication channels, often paired with phishing and impersonation. Prevention requires fact-checking and critical thinking.

Answer 201

A

Involves looking over someone’s shoulder to gather personal information, sometimes using cameras. Prevention requires awareness of surroundings.

Answer 202

A

Searching through trash to find valuable information, often discarded documents. Prevention involves clean desk and clean desktop policies.

Answer 203

A

Secretly listening to private conversations, intercepting communications without knowledge. Prevention involves data encryption in transit.

Answer 204

A

Leaving a malware-infected physical device (e.g., USB drive) in a place where it will be found by a victim. Prevention requires user training not to use found devices.

Answer 205

A

An attacker follows an employee through an access control point without their knowledge.

Answer 206

A

An attacker convinces an authorized employee to let them into a facility by having them swipe their access badge.

Answer 207

A

Malicious software designed to infiltrate and potentially damage computer systems without user consent. Categories include viruses, worms, Trojans, ransomware, spyware, rootkits, and spam.

Answer 208

A

The method used to infiltrate a victim’s machine (e.g., unpatched software, USB drives, phishing).

Answer 209

A

The means by which the attacker gains access and infects the system, combining infiltration method and infection process.

Answer 210

A

Attach to clean files, spread, and corrupt host files.

Answer 211

A

Standalone programs replicating and spreading to other computers without user interaction.

Answer 212

A

Disguise as legitimate software, granting unauthorized access.

Answer 213

A

Encrypts user data and demands ransom for decryption.

Answer 214

A

Compromised computers (zombies) remotely controlled in a network (botnet) for malicious purposes.

Answer 215

A

Hide presence and activities on a computer, operating at the OS level.

Answer 216

A

Bypass normal security and authentication functions, often placed by designers/programmers or threat actors.

Answer 217

A

Malicious code that executes only when specific conditions are met.

Answer 218

A

Record every keystroke made on a computer or mobile device.

Answer 219

A

Monitors and gathers user/system information without knowledge.

Answer 220

A

Unnecessary software pre-installed on devices, consuming resources and potentially introducing vulnerabilities.

Answer 221

A

Malicious code that runs on a machine without the user’s knowledge, infecting the computer when executed.

Answer 222

A

Stored in the first sector of a hard drive, loaded into memory upon boot-up.

Answer 223

A

Code embedded inside a document, executing when the document is opened.

Answer 224

A

Infects executable or application files.

Answer 225

A

Combines boot sector and program virus characteristics.

Answer 226

A

Hides from detection by encrypting its code/payloads.

Answer 227

A

Changes its code each time it executes to evade detection.

Answer 228

A

Rewrites itself entirely before infecting a file.

Answer 229

A

Uses techniques to prevent detection by antivirus software.

Answer 230

A

Has a layer of protection to confuse analysis.

Answer 231

A

A form of technical social engineering that scares users into undesirable actions.

Answer 232

A

Self-replicating malicious software that spreads without user interaction, disrupting network traffic.

Answer 233

A

Malicious software disguised as harmless or desirable software.

Answer 234

A

Provides an attacker with remote control of a victim’s machine.

Answer 235

A

Malware that blocks access to a system or data by encrypting it until a ransom is paid.

Answer 236

A

A network of compromised computers or devices controlled remotely.

Answer 237

A

A compromised computer or device within a botnet.

Answer 238

A

The computer managing and coordinating botnet activities.

Answer 239

A

Many machines target a single victim simultaneously.

Answer 240

A

Designed to gain administrative-level control over a system without detection.

Answer 241

A

Account with the highest level of permissions.

Answer 242

A

Operating at Ring 0, controlling access to device drivers and other core system functions.

Answer 243

A

Technique to run arbitrary code within another process by forcing it to load a dynamic-link library.

Answer 244

A

A collection of code and data used by multiple programs.

Answer 245

A

Software code placed between two components to intercept and redirect calls.

Answer 246

A

Bypasses normal security and authentication functions.

Answer 247

A

A hidden feature or novelty within a program.

Answer 248

A

Malicious code that executes when specific conditions are met.

Answer 249

A

Software or hardware that records every keystroke.

Answer 250

A

Malicious software designed to gather and send user/organization information without knowledge.

Answer 251

A

Unnecessary software pre-installed on devices.

Answer 252

A

Malware that retrieves additional malware code and tricks the user into activating it.

Answer 253

A

Malware designed to initiate or run other malware forms within a payload.

Answer 254

A

Retrieves additional tools post-initial infection.

Answer 255

A

Lightweight code meant to execute an exploit.

Answer 256

A

Downloads and installs a remote access Trojan.

Answer 257

A

Threat actors execute primary objectives (e.g., data exfiltration, file encryption).

Answer 258

A

Hiding tracks and erasing logs to prolong unauthorized access.

Answer 259

A

Exploiting standard system tools for intrusions.

Answer 260

A

Multiple failed login attempts.

Answer 261

A

Multiple simultaneous sessions from a single account.

Answer 262

A

Increased alerts from security tools.

Answer 263

A

Account access from geographically separated locations in an impossibly short time.

Answer 264

A

Unusual spikes in CPU, memory, or network bandwidth.

Answer 265

A

Files or systems suddenly become inaccessible.

Answer 266

A

Logs generated at odd hours.

Answer 267

A

Gaps in logs or cleared logs without authorization.

Answer 268

A

Reports of network infection.

Answer 269

A

Safeguarding information from corruption, compromise, or loss.

Answer 270

A

Categorizing data based on value and sensitivity (e.g., Sensitive, Confidential, Public).

Answer 271

A

Senior executives responsible for labeling and protecting information assets.

Answer 272

A

Entities responsible for determining data storage, collection, and usage purposes.

Answer 273

A

Entities hired by data controllers to assist with data tasks.

Answer 274

A

Focus on data quality and metadata, ensuring proper labeling and classification.

Answer 275

A

Responsible for managing data storage systems and enforcing access controls.

Answer 276

A

Data at rest, data in transit, and data in use.

Answer 277

A

Inactive data on storage devices.

Answer 278

A

Data actively moving from one location to another.

Answer 279

A

Data actively being created, retrieved, updated, or deleted.

Answer 280

A

Encrypts the entire hard drive.

Answer 281

A

Encrypts specific partitions.

Answer 282

A

Encrypts individual files.

Answer 283

A

Encrypts selected files or directories.

Answer 284

A

Encrypts data within a database.

Answer 285

A

Encrypts specific fields within a database record.

Answer 286

A

Secure communication over networks.

Answer 287

A

Creates secure connections over less secure networks.

Answer 288

A

Secures IP communications by authenticating and encrypting IP packets.

Answer 289

A

Encrypts data during processing.

Answer 290

A

Restricts access to data during processing.

Answer 291

A

Isolated environments for processing sensitive data.

Answer 292

A

Controlled by laws, regulations, or industry standards.

Answer 293

A

Information used to identify an individual.

Answer 294

A

Information about health status, healthcare provision, or payment.

Answer 295

A

Confidential business information giving a competitive edge.

Answer 296

A

Creations of the mind (e.g., inventions, literary works).

Answer 297

A

Data related to legal proceedings, contracts, or regulatory compliance.

Answer 298

A

Data related to financial transactions.

Answer 299

A

Understandable directly by humans.

Answer 300

A

Requires a machine or software to interpret.

Answer 301

A

Digital information is subject to the laws of the country where it is located.

Answer 302

A

Protects EU citizens’ data.

Answer 303

A

Virtual boundaries to restrict data access based on location.

Answer 304

A

Transforms plaintext into ciphertext.

Answer 305

A

Converts data into fixed-size hash values.

Answer 306

A

Replaces data with placeholders.

Answer 307

A

Replaces sensitive data with non-sensitive tokens.

Answer 308

A

Makes data unclear or unintelligible.

Answer 309

A

Divides a network into separate segments.

Answer 310

A

Defining data access and actions through ACLs or RBAC.

Answer 311

A

A strategy to prevent sensitive information from leaving an organization.

Answer 312

A

Installed on workstations/laptops, monitors data in use.

Answer 313

A

Monitors data in transit across the network.

Brainscape's Knowledge GenomeTM

Untitled Deck Flashcards

Brainscape's Knowledge Genome^TM