Data Security Quiz Set

Where do data security requirements come from?

Stakeholders
Government regulations
Proprietary business concerns
Legitimate access needs
All of the above

What is the definition of data security?

The exercise of authority, control, and shared decision-making (planning, monitoring, and enforcement) over the management of data assets
Definition, planning, development, and execution of security policies and procedures to provide proper authentication, authorization, access, and auditing of data and information assets
How to procure, store, manage, interpret, analyse / apply and dispose of data in ways that are aligned with ethical principles, including community responsibility
Ensuring that data is encrypted, hard to access, and protected from harm by implementing the toughest security standards possible
The planning, implementation, and control of activities that apply security management techniques to data, in order to assure it is fit for consumption and meets the needs of data consumers

Which of these options is NOT a step in identifying data that requires protection?

Locate sensitive data throughout the enterprise
Determine the data quality rules that should be applied to sensitive data assets
Identify and classify sensitive data assets
Determine how each asset needs to be protected
Identify how this information interacts with business processes

One of the main approaches to managing sensitive data is classifying them and enforcing a common standard. This process is also part of:

Metadata Management
Database Management
Master Data Management
Data standardisation
Reference Data Management

The 4 A’s are a common set of data security requirements. Which one of these is NOT part of the 4 A’s?

Audit
Authorisation
Access
Authentication
Account

When a word is being obfuscated into numbers that require a cipher to unlock, we call this:

Encryption
Substitution
Randomisation
Shuffling
Value variance

An area around the edge of an organisation with a firewall between it and the internet and/or between it and the organisation’s internal systems is known as?

ERP
VPN
Backdoor
Boundary
DMZ

Which is NOT a good method to ensure credential security when users are accessing a system?

Introduce 2 factor identification
Ensure passwords have sufficient complexity
Require users to change their password every 2 weeks to prevent brute force entry
Encourage user IDs to be unique
Implement Single Sign On to optimise logging to different applications and prevent users from having too many passwords to remember

Information that allows you to determine an individual is also known as:

PII
Financially sensitive data
PHI
SOX
FERPA records

Complete this sentence: “In granting access to data, …”

The principle of most privilege should be applied
The principle of least privilege should be applied
A user, process, or program should be allowed to access to all information first while DBAs define access controls
Users should receive generic access privileges regardless of entitlement
The Chief Data Officer should determine who has access to data

Which of these is NOT a potential source of Malware?

Spam
Social Network sites
Instant messaging
Mistake or error in source code
Facebook messenger

How should organisations go about creating data security policies?

Policies should be based on both the business and regulatory requirements
Policies should be determined by the IT team in charge of cyber security
The business should set the policies for the IT team
Policies should be determined by which industry the organisation is in
The legal team should decide what goes into the data security policies

Which of these methods to allocate access control privileges is most appropriate for a large organization?

As there are multiple versions of user data, allow for user data to be managed in a decentralised fashion
Implement a role based system to allow permissions to be granted to groups and therefore group members
Manage data access at an individual level to prevent any form of possible issue
Require users to constantly request for access on an ad hoc basis
Purchase Commercial Off The Shelf (COTS) access control packages

When implementing controls and procedures, which of these is NOT something to take into consideration?

How is data being classified
How are privilege levels monitored
How users are assigned/removed from their roles
How the data lifecycle is managed
How requests for access changes are handled and monitored

While the Information security team enforces and protects the network, which role is responsible for determining the right confidentiality levels?

IT team
Data Stewards
Data Quality Manager
Metadata Lead
Data Privacy Officer

Which of these risks is present when there is a lack of automated authentication and access monitoring?

Someone with administrative access could turn off the audit process
Some tools might lack proper audit mechanisms natively
Regulatory risk
Detection and recovery risk
All of the above

All these steps help to manage regulatory compliance except:

Making sure all data requirements can be measured and properly audited
Measure compliance with authorisation standards and procedures
Removing audit trails to prevent unauthorised access
Having escalation procedures and notification system in places
Making sure regulated data in storage and in motion are protected using standard tools and processes

When trying to identify the level of security awareness in an organisation, which type of metric is the most suitable?

Performance metrics of all security systems
Percentage of enterprise computers having the most recent security patches installed
Number of documented, accessible security standards
Measure how many of employees have completed security awareness training
Criticality ranking of specific data types and information systems

Organisations are turning increasingly into cloud based computing environments. What are some measures needed to adapt to this new emergence?

Tweaking or creating a new data security management policy centered on cloud computing
Data security policies must account for distribution of data across different service models
Internal cloud data-center architecture need to adhere to the same security policy as the rest of the organisation
In cloud computing, defining chain of custody of data and defining ownership and custodianship rights should be a priority
All of the above

Get CDMP Certified, Fast. The quickest route to certification and the only one that's guaranteed.

Neil Burge

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

Get CDMP certified, FAST. Click here for guaranteed results.

Would you like to get

FREE LESSONS?