Data Management and Access Rights

Questions and Answers

Who is responsible for managing access rights to a large database of customer information?

• Data custodian (correct)
• Data processor
• Data owner
• Data subject

What is the most likely reason for adding a new classification type of 'Private' to a content management system?

• Expanded privacy compliance (correct)
• Simplified categorization
• Minimized attack surface
• Decreased search time

What is the best way to securely store private keys across multiple web servers?

• Upgrade the web servers to use a UEFI BIOS
• Use a TPM
• Integrate an HSM (correct)
• Implement full disk encryption on the web servers

What is the primary goal of multi-factor authentication?

To provide an additional layer of security (C)

What is the primary function of a firewall?

To control incoming and outgoing network traffic (B)

What is the primary benefit of using a Virtual Private Network (VPN)?

Secure data transfer over the internet (D)

What is the primary goal of network infrastructure design?

To ensure scalability and reliability (C)

What is the primary function of a Trusted Platform Module (TPM)?

To secure hardware components (B)

Which type of data is being processed in the memory of a system, such as system RAM, CPU registers, or CPU cache?

Data in use (D)

What is the purpose of obfuscation in data security?

To make data more difficult to understand (A)

What is the primary goal of the security team's requirements in the insurance company's policy?

To restrict access to data (D)

Why is it necessary to save and archive access records from all devices?

To identify unauthorized access (B)

What is the purpose of requiring data access to occur inside the country?

To comply with government regulations (C)

What is the benefit of consolidating all logs on a SIEM?

To centralize log management and monitoring (D)

What is the purpose of conducting monthly permission auditing?

To ensure access control and authorization (B)

What is the benefit of restricting login access by IP address and GPS location?

To add an additional layer of security to the authentication process (B)

What security mechanism would most likely detect the transmission of customer information in a manufacturing company?

DLP (A)

What is the primary purpose of configuring a honeypot server in a screened subnet?

To attract and detect potential attackers (B)

What is the main purpose of implementing a SPF record in a DNS server?

To list all servers authorized to send emails (C)

What technology would allow a company to securely deploy applications without the overhead of installing a virtual machine for each system?

Containerization (B)

What security mechanism would ensure the secure transmission of customer information over a network?

IPsec (A)

What is the primary purpose of configuring a RADIUS server in a network infrastructure?

To authenticate and authorize network access (D)

What is the main benefit of implementing a VPN (Virtual Private Network) connection?

To secure data transmission over a public network (A)

What security mechanism would prevent unauthorized access to a network by requiring multiple forms of authentication?

Multi-factor authentication (D)

Flashcards

Data Owner

The person responsible for managing access rights to customer information.

Data Custodian

Individual who oversees the management of data assets, focusing on security and integrity.

Data in Use

Information actively being processed in a system's memory like RAM or CPU cache.

Private Classification Type

A category in content management to ensure compliance with privacy regulations.

Data Obfuscation

The process of modifying data to make it hard to understand.

Trade Secrets

Private business details not shared with other organizations.

Security Policies

Rules and guidelines governing how data is managed and protected.

Access Records

Logs that track who accessed data and when, for auditing purposes.

Data Access Restrictions

Rules that limit when and how users can access certain data.

SIEM (Security Information and Event Management)

A system used to consolidate logs from various data sources for analysis.

Honeypot

A server designed to attract and trap potential cyber attackers.

Screened Subnet

A network segment isolated from the Internet for security purposes.

SPF Record

A type of DNS record that specifies which mail servers are authorized to send email for a domain.

HSM (Hardware Security Module)

A physical device that securely stores cryptographic keys.

Full Disk Encryption

A method of encrypting all data on a disk to protect information.

TPM (Trusted Platform Module)

A hardware chip that provides security functions like encryption and the management of cryptographic keys.

UEFI BIOS

Firmware interface that initializes hardware at startup, providing secure boot capabilities.

Monthly Permission Auditing

Regular checks to ensure only authorized users have access to data.

Access Logs

Records that document user access and activities on a system.

Audit Reports

Documents detailing the outcome of security audits performed on assets and processes.

Time-of-Day Restrictions

Policies that limit access to systems based on the time of day.

Consolidating Logs

The process of gathering and integrating logs from multiple sources into a single system.

Normal Working Hours

Typical hours during which employees are expected to work and access data.

Compliance Requirements

Regulations that organizations must follow regarding data protection and privacy.

Guest Login Account

An unsecured account created to provide access to visitors or unauthorized users.

Study Notes

Data Management and Security

• In an organization, the person responsible for managing access rights to customer information is the Data Owner or Data Custodian.
• Data in use refers to information actively being processed in a system's memory, such as system RAM, CPU registers, or CPU cache.

Data Classification and Security

• A Private classification type may be added to a content management system to expand privacy compliance.
• Data Obfuscation involves modifying data to make it difficult to understand, but government reports are not considered obfuscated data.
• Trade secrets are private details used by a company in their normal business processes and are not shared with other organizations.

Security Policies and Compliance

• An insurance company's security policies may require:
  • Saving and archiving access records from all devices
  • Reporting any data access outside of normal working hours
  • Restricting data access to within the country
  • Creating access logs and audit reports from a single database
• To meet these requirements, the security team may need to:
  • Implement time-of-day restrictions on the authentication server
  • Consolidate all logs on a SIEM
  • Conduct monthly permission auditing
• A SIEM (Security Information and Event Management) is used to consolidate logs.

Network Security

• A Honeypot is a server configured to attract potential attackers, often with a guest login account and no password.
• A Screened subnet is a network segment that is isolated from the Internet and other networks.
• SPF (Sender Policy Framework) records are used to list all servers authorized to send emails on behalf of a domain.

Network Architecture

• A HSM (Hardware Security Module) is a secure storage solution for private keys across web servers.
• Full disk encryption can be used to protect private keys on web servers, but it is not the best way to securely store private keys.
• TPM (Trusted Platform Module) is a hardware component that provides secure storage and encryption capabilities.
• UEFI BIOS is a firmware interface that provides secure boot capabilities.