INTRODUCTION – Data Loss Prevention and Mobile Endpoint Protection

DATA SECURITY AND PROTECTION KNOWLEDGE CHECK

1. A student’s grades should be visible to that student when she logs in to her university account. Her ability to see her grades is an example of which aspect of the CIA Triad?

2. A university has implemented practices that ensure all student data are encrypted while stored on university servers. Which aspect of the CIA Triad does this practice support?

3. The Student Portal of a university issues a confirmation code with a hash value each time a student submits an assignment using the portal. This is an example of which aspect of the CIA Triad?

4. True or False. An organization has “air gapped” its small network of critical data servers so they are accessible internally but not to any external system. These systems are now safe from a deliberate attack.

5. C-level executives face 4 challenges when assuring their organizations maintain a comprehensive, workable data security solution. The proliferation of smartphones used for work would impact which two (2) of these concerns the most? (Select 2)

6. True or False. An organization is subject to both GDPR and PCI-DSS data security regulations and has dedicated all of its efforts in remaining in compliance with these 2 sets of regulations. They are correct in believing that their data is safe.

7. True or False. A newly hired CISO made the right choice when he moved the Known Vulnerabilities list to a high priority for his team to resolve even though none of these had ever been exploited on the company’s network to-date.

8. All industries have their own unique data security challenges. Which of these industries has a particular concern with HIPAA compliance and the highest cost per breached record?

9. All industries have their own unique data security challenges. Which of these industries has a particular concern with being targeted more than any other by cybercriminals “because that is where the money is”?

10. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

11. Parsing discovered data against known patterns or key words is a process known as what?

12. Which data protection process takes data activity monitoring output and uses it to generate insights about threats?

13. True or False. The IBM Guardium administrator needs to be someone with the highest level of access to the data being protected?

MOBILE ENDPOINT PROTECTION KNOWLEDGE CHECK

1. Which mobile operating system runs the majority of smartphones today?

2. Which mobile operating system runs approximately 60% of tablet computers worldwide?

3. True or False. Security is enhanced on iOS mobile devices because users typically cannot interact directly with the operating system.

4. Which statement best describes the use of anti-virus software on mobile devices?

5. Which type of threat is Jailbreaking?

DATA LOSS PREVENTION AND MOBILE ENDPOINT PROTECTION GRADED ASSESSMENT

1. Which mobile operating system was originally based on the Linux kernel?

2. Which two (2) mobile operating combined dominate the vast majority of the smartphone market? (Select 2)

3. True or False. Security is enhanced on Android mobile devices because users interact directly with the operating system.

4. What is one limitation to the operation of anti-virus software running on mobile devices?

5. On a mobile device, which type of threat is a phishing scam?

6. A university uses clustered servers to make sure students will always be able to submit their assignments even if one server is down for maintenance. Server clustering enables which aspect of the CIA Triad?

7. A university has enabled WPA2 encryption on its WiFi systems throughout the campus. Which aspect of the CIA Triad is directly supported by this action?

8. A student can see her grades via her school’s Student Portal but is unable to change them. This restriction is in support of which aspect of the CIA Triad?

9. True or False. An operator who corrupts data by mistake is considered an “inadvertent attack” that should be considered when developing data protection plans.

10. C-level executives face 4 challenges when assuring their organizations maintain a comprehensive and workable data security solution. GDPR, CCPA, and PCC-DSS are concerned with which one of these challenges?

11. True of False. A biotech research company with a very profitable product line has grown so rapidly it has acquired a marketing company, a small IT services company and a company that specializes in pharmaceutical manufacturing and distribution.  The CEO of the parent company made a good decision when he decided not to consolidate all data security under a single CISO, believing that each of the new divisions understands its own data security needs better than the parent company possibly could.

12. Which three (3) of these are among the 5 common pitfalls of data security? (Select 3)

13. All industries have their own unique data security challenges. Which of these industries has a particular concern with a widely distributed IT infrastructure that must provide services across a multiple government jurisdictions while not violating the privacy concerns of its users?

14. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

15. Which is the data protection process that addresses inappropriate privileges, insecure authentication methods, account sharing, configuration files and missing security patches?

16. Which data protection process substitutes key data with a token that is issued by a trusted third-party where the token can be accessed but not redeemed by an untrusted party?

17. IBM Guardium provides heterogeneous data source support. This support results in which capability?

CONCLUSION – Data Loss Prevention and Mobile Endpoint Protection