Encryption Key Management

Questions and Answers

Why is it necessary to maintain multiple, timestamped versions of encryption keys?

• To enable decryption of system backups and archives (correct)
• To ensure compliance with data protection laws
• To reduce the risk of data breaches
• To protect against unauthorized access to personal information

What is a major factor influencing individuals' views on privacy?

• Type of social network used
• Level of income earned
• Age and cultural background (correct)
• Type of personal information shared

What is a potential online privacy risk?

• Not regularly changing encryption keys
• Sharing personal information on social networks (correct)
• Storing archival data with a different encryption key
• Not using encryption for data protection

What is a key aspect of the concept of privacy?

Collection and dissemination of personal information (D)

What is a potential consequence of not maintaining multiple, timestamped versions of encryption keys?

System backups and archives cannot be decrypted (C)

Why is it important to change encryption keys regularly?

To reduce the risk of data breaches (B)

What may happen to a business that fails to conform to privacy regulations?

Legal action by product buyers or data regulators (C)

Why do business customers require privacy safeguards?

To prevent privacy violations and legal action by users (B)

What is the primary purpose of data protection laws?

To protect individual privacy (D)

Under what circumstances can a travel insurance company collect health information?

When determining the level of risk (C)

What is a potential consequence of personal information being leaked or misused?

Serious reputational damage (A)

Why may countries with stronger data protection regulations restrict the sale of certain products?

To ensure products conform to their privacy regulations (C)

What is one way an attacker can obtain a session cookie value?

By using cross-site scripting (B)

What is the main purpose of traffic encryption in preventing session hijacking?

To make it harder to monitor and find session cookies (A)

What is an example of a multifactor authentication method mentioned in the text?

Inputting a code sent to the user's phone before a new action (A)

What is the purpose of using short timeouts on sessions?

To reduce the risk of session hijacking by limiting the time an attacker can use a stolen session cookie (C)

What is the primary goal of actions to reduce the likelihood of hacking?

To prevent unauthorized access to user data (A)

What is the benefit of using https instead of http for setting up sessions?

It makes it harder to monitor and find session cookies (A)

Flashcards are hidden until you start studying