Bash, the Crucial Exams Chat Bot
AI Bot
Data Security and Compliance (DataSys+ DS0-001) Flashcards
CompTIA DataSys+ DS0-001 Flashcards
| Front | Back |
| Define insider threat | A security risk posed by employees or other trusted individuals within an organization |
| Define Personally Identifiable Financial Information (PIFI) | Financial data that can identify an individual, such as account numbers or transaction history |
| Define phishing | An attempt to deceive individuals into revealing sensitive data via fraudulent communication |
| Define PII (Personally Identifiable Information) | Any data that can be used to identify a specific individual |
| Define the CIA Triad | The core principles of data security: Confidentiality, Integrity, and Availability |
| Describe the principle of least privilege | Users and systems should have only the minimum privileges necessary to perform their functions |
| How does a firewall enhance security | By filtering and blocking unauthorized network traffic |
| List one key principle of the GDPR | Data Minimization |
| Name one common method for ensuring the integrity of data | Hashing |
| Name one method to secure data at rest | Encrypt files or databases using strong encryption standards |
| Name one potential penalty for non-compliance with GDPR | Fines up to €20 million or 4% of annual global turnover, whichever is higher |
| What does HIPAA regulate | The protection and confidentiality of health-related information in the U.S. |
| What does SSL/TLS ensure in a data pipeline | Secure and encrypted communication between endpoints |
| What is a common method for preventing man-in-the-middle attacks | Using end-to-end encryption and secure communication protocols like HTTPS |
| What is a common use of multi-factor authentication (MFA) | To enhance security by requiring multiple forms of verification (e.g., password + mobile code) |
| What is a Data Breach | An incident where sensitive or protected data is accessed, disclosed, or stolen without authorization |
| What is a data retention policy | A set of guidelines that determines how long data should be stored before being deleted |
| What is a zero-trust security model | A framework where all users, inside or outside the network, are verified and authenticated continuously |
| What is an access control list (ACL) | A set of rules defining which users or systems can access particular resources |
| What is data anonymization | A process that removes personally identifiable information from data to protect individuals' privacy |
| What is role-based access control (RBAC) | A methodology for granting permissions based on a user's role within an organization |
| What is the main requirement of the CCPA (California Consumer Privacy Act) | To give California residents more control over their personal information, including the right to know, delete, and opt-out of data sales |
| What is the primary goal of data encryption | To protect data confidentiality by converting it into unreadable formats for unauthorized users |
| What is the principle of data sovereignty | Data is subject to the laws and regulations of the country where it is stored |
| What is the purpose of a VPN (Virtual Private Network) | To create a secure, encrypted connection over a less-secure network, such as the Internet |
| What is the purpose of compliance audits | To ensure that data security practices meet regulatory requirements and standards |
| What is the purpose of tokenization | To replace sensitive data with unique, non-sensitive identifiers to protect it during storage or transmission |
| What is the role of a Data Protection Officer (DPO) | To monitor compliance with data protection laws and practices within an organization |
| What is the role of a Security Operations Center (SOC) | To monitor, detect, and respond to security incidents in real-time |
| Why is regular software patching important | To fix vulnerabilities that could be exploited by attackers |
This deck emphasizes data security best practices and compliance regulations, including securing data pipelines and understanding legal frameworks.