Data Security Technologies Quiz

Questions and Answers

What are the three basic states of data according to the text?

• Data at halt, Data in movement, Data in function
• Data at rest, Data in transit, Data in use (correct)
• Data in storage, Data in motion, Data in progress
• Data stationary, Data flowing, Data operating

Which technology is used to protect information by making it unreadable?

• Data Encryption (correct)
• Account restrictions
• Group policies
• Data Access Control

How does the browser verify the server's certificate when making a secure HTTP connection using a digital certificate?

• By checking whether it is valid and has been signed by a certificate authority (CA) (correct)
• By requesting a new certificate from the server
• By sending its own certificate
• By verifying the expiry date of the certificate

What method is used to logically implement access control models?

Access control lists (ACLs) (C)

Which technology enables authentication and authorization for data access?

Data Access Control (B)

Explain the process of creating a secure HTTP connection using a digital certificate and the role of the server's private key in this process.

The process involves the browser requesting a secure session, the server sending its root certificate and public key, the browser verifying the certificate's validity and expiry date, creating and sending a one-time session key, and the server using its private key to decrypt the session key to begin an encrypted session.

What are the four types of data encryption mentioned in the text? Briefly explain each type.

The four types of data encryption are disk encryption, file-level encryption, removable media encryption, and database encryption. Disk encryption involves encrypting the entire disk, file-level encryption encrypts individual files, removable media encryption encrypts data on external storage devices, and database encryption protects data within databases.

Describe the role of access control lists (ACLs) in data access control and provide an example of their use.

Access control lists (ACLs) are used to specify which users or system processes are granted access to objects, as well as what operations are allowed on given objects. An example of their use is granting read and write access to specific files to certain user groups while restricting access for others.

What are the potential consequences of not implementing data security measures in an organization?

Potential consequences include market share loss, competitive advantage loss, loss of customers, and the risk of unauthorized access to sensitive data leading to data breaches and legal liabilities.

Explain the concept of 'Data at rest' and provide an example of a data security technology used to protect data in this state.

'Data at rest' refers to inactive data stored physically in any digital form. An example of a data security technology used to protect data at rest is data encryption, which ensures that the information stored becomes unreadable to unauthorized users.