Cyber Security online test on “Security Phases – Data Leakage and Prevention”.
1. ______________ is the unauthorized movement of data.
a) Data exfiltration
b) Data infiltration
c) Data cracking
d) Database hacking
Answer: a
Clarification: Data exfiltration is the unauthorized movement of data. It comprises data exportation, data extrusion, data leakage, and data theft and all of them come under data hacking.
2. Which of them is an example of physical data leakage?
a) Dumpster diving
b) MiTM
c) DDoS
d) Phishing
Answer: a
Clarification: Physical data leakage can be done intentionally by criminal-minded people who can fetch data from dumpster diving, shoulder surfing, data mentioned in printed papers or taken out of photocopiers.
3. Which of them is not an example of data leakage done using electronic communication with malicious intent?
a) Phishing
b) Spoofed Email
c) Attacks using malware
d) Dumpster diving
Answer: d
Clarification: Many organizations provide employees right to use the internet, emails as well as instant messaging as part of their role. But these are prior targets of hackers for data leaking using techniques such as phishing, spoofing and attacking target victim using malware.
4. The three steps of data loss prevention are – Identify, Discover and______________
a) Classify
b) Clarify
c) Deletion
d) Detection
Answer: a
Clarification: The three steps of data loss prevention are – Identify, Discover and Classify. First, you have to identify the systems of records. Then you’ve to classify what comprises of sensitive data on those systems & discover the data elements which are sensitive depending on those classifications.
5. Which of the following is not a step of data-loss prevention?
a) Identify
b) Manage
c) Classify
d) Discover
Answer: b
Clarification: The three steps of data loss prevention are – Identify, Discover and Classify. First, you have to identify the systems of records. Then you’ve to classify what comprises of sensitive data on those systems & discover the data elements which are sensitive depending on those classifications.
6. Mapping of data-flow in an organization is very useful in understanding the risk better due to actual & potential data leakage.
a) True
b) False
Answer: a
Clarification: Mapping of data-flow in an organization from different systems (to record the downstream and upstream sources) is very useful in understanding the risk better due to actual & potential data leakage.
7. Data leakage prevention is based on factors like access controls, persistent, encryption, alerting, tokenization, blocking dynamic data masking, etc.
a) True
b) False
Answer: a
Clarification: Data leakage prevention is based on factors like access controls, persistent, encryption, alerting, tokenization, blocking dynamic data masking, etc. Like data loss prevention, data leakage also needs concern and care for data safety.
8. Data leakage threats are done by internal agents. Which of them is not an example of an internal data leakage threat?
a) Data leak by 3rd Party apps
b) Data leak by partners
c) Data leak by employees
d) Data leak from stolen credentials from the desk
Answer: a
Clarification: Data leak by 3rd Party apps is an example of malicious outsider threat that falsely gained access by masquerading itself. Data leak by business partners, employees or from stolen credentials are insider’s data-leakage threats.
9. _____________ on the detection & prevention of sensitive data exfiltration and lost data.
a) Data loss prevention
b) Data loss measurement
c) Data stolen software
d) Data leak prevention
Answer: a
Clarification: Data loss prevention on the detection & prevention of sensitive data exfiltration and lost data. It also deals with lost & stolen thumb drive or data blocked by ransomware attacks.