Chapter 2 ■ Data Classification

User-Based

Which of the following is not a common method of data discovery?

Data Value

Sara is planning to implement data labeling for her organization. Which of the following is not a data label field that she should consider?

Language

Sarah is continuing her data labeling efforts and has received suggestions for appropriate data labels for data that will be used in multiple countries in which her company operates as part of ongoing security and data lifecycle efforts. Which of the following is not a label that would help with that usage?

Credentials

Asha wants to document the path that data takes from creation to storage in her institution’s database. As part of that effort, she creates a data flow diagram. Which of the following is not a common element of a data flow diagram?

Metadata

Mei wants to conduct data discovery activities in her organization. Which of the following types of data discovery is best suited for identifying all photos that were taken using a specific model of camera based on the original files generated by the camera?

Packet capture

Felix wants to monitor data transfers between two systems inside of his IaaS cloud–hosted data center. Which of the following audit mechanisms is unlikely to be available to him that is commonly available in on-­premises environments?

A data processor

Megan is documenting roles as part of the implementation of her organization’s data classification policy. Her organization uses a software as a service tool to accept applications from customers. What term best describes the SaaS vendor?

Legal hold

Jaime has been informed of legal action against his company and must now ensure that data relevant to the case is kept. What term describes this?

Transference

All policies within the organization should include a section that includes all of the following except ___________________.

Crypto-shredding

Melissa knows that many data destruction options are not available for data kept in thecloud due to how the services are architected using shared hardware and services. Which of the following is the best option for her organization to select for cloud-­hosted data that must be disposed of in a secure manner?

Copyrights

Which of the following is not a common data right controlled by an IRM system?

Structured data

Jason wants to properly describe the type of data his organization is using. He knows that the data is stored in a MySQL database. What type of data is Jason’s organization storing?

Data classification

Sensitivity, jurisdiction, and criticality might all be considered for what cloud data security activity?

Provisioning

Angela wants to provide users with access rights to files based on their roles. What capability of an IRM system most directly supports this requirement?

Data egress costs may be high

Nina’s company has stored unstructured data in an S3 bucket in AWS. She wants to perform data discovery on the data, but the discovery tool that she has requires the data to be local. What concern should Nina express about retrieving large volumes of data from a cloud service?

Jurisdiction and local laws may impact the ability to perform discovery

Tej wants to conduct data discovery across his organization’s databases; however, he knows that data is stored in multiple countries. What concern should he raise before the discovery process is conducted?

Periodic testing

Naomi has implemented a data archiving process as part of her organization’s cloud design. What important part of her archiving plan should she prioritize to ensure its long-­term success?

Certificate-based authentication and authorization

Yasine’s organization wants to enable systems to use data controlled by an IRM. What method is most commonly used to identify systems while allowing them to have their trust revoked if needed?

Semi-structured

Meena is conducting data discovery with data encoded in JSON. What type of data is she working with?

Crypto-shredding

Isaac wants to describe common information rights management (IRM) functions to his team. Which of the following is not a common IRM function?