Bash, the Crucial Exams Chat Bot
AI Bot
Security, Privacy, and Compliance in Data Flashcards
CompTIA DataX DY0-001 (V1) Flashcards
| Front | Back |
| Define data anonymization | The process of removing or encrypting identifiable information from datasets |
| Define data masking | A technique to obscure data, making it inaccessible to unauthorized users |
| Define endpoint security | Measures taken to secure devices connected to a network, such as laptops or mobile phones |
| Define security patches | Updates to software fixing vulnerabilities or improving security |
| Name one common privacy law | GDPR or CCPA |
| What are cookies in the context of privacy | Small text files that websites store on users' devices to track browsing activity |
| What are the penalties for violating GDPR | Fines up to €20 million or 4% of annual global turnover |
| What does "data retention policy" mean | Guidelines for how long data should be stored before deletion |
| What does GDPR stand for | General Data Protection Regulation |
| What does HIPAA regulate | Health Insurance Portability and Accountability Act, focused on securing healthcare data |
| What is a data breach | An incident where sensitive data is accessed or disclosed without authorization |
| What is an intrusion detection system (IDS) | A tool or software designed to detect unauthorized access or threats to a network |
| What is backup and recovery in data security | Storing copies of data to restore it after accidental loss or breaches |
| What is CCPA | California Consumer Privacy Act, a privacy law in California to protect consumer data |
| What is compliance in context of data security | Adhering to laws, regulations, and standards governing data use and protection |
| What is data encryption | The process of converting data into a coded format to prevent unauthorized access |
| What is multi-factor authentication (MFA) | Using two or more verification methods to enhance login security |
| What is phishing | A fraudulent attempt to obtain sensitive information by impersonating a trustworthy entity |
| What is PII | Personally Identifiable Information used to identify an individual |
| What is ransomware | Malicious software that locks or encrypts data until a ransom is paid |
| What is the CIA triad in data security | Confidentiality, Integrity, Availability |
| What is the function of role-based access control | Assigning user permissions based on their role in an organization |
| What is the principle of least privilege | Giving users the minimum access necessary to perform their tasks |
| What is the purpose of audit logs | Tracking and recording user activities for accountability and review |
| What is the purpose of firewalls | To block unauthorized access to networks while permitting legitimate communication |
| What is the role of a Data Protection Officer (DPO) | Ensuring compliance with data privacy laws within an organization |
| What is two-factor authentication (2FA) | A security process requiring users to verify their identity using two different methods |
| Why is data classification important | To categorize data based on its sensitivity and set appropriate protection levels |
Front
What does HIPAA regulate
Click the card to flip
Back
Health Insurance Portability and Accountability Act, focused on securing healthcare data
Front
What is ransomware
Back
Malicious software that locks or encrypts data until a ransom is paid
Front
Define data anonymization
Back
The process of removing or encrypting identifiable information from datasets
Front
What is a data breach
Back
An incident where sensitive data is accessed or disclosed without authorization
Front
What is backup and recovery in data security
Back
Storing copies of data to restore it after accidental loss or breaches
Front
What is CCPA
Back
California Consumer Privacy Act, a privacy law in California to protect consumer data
Front
Define data masking
Back
A technique to obscure data, making it inaccessible to unauthorized users
Front
Define endpoint security
Back
Measures taken to secure devices connected to a network, such as laptops or mobile phones
Front
What does GDPR stand for
Back
General Data Protection Regulation
Front
What is the purpose of audit logs
Back
Tracking and recording user activities for accountability and review
Front
Why is data classification important
Back
To categorize data based on its sensitivity and set appropriate protection levels
Front
What is phishing
Back
A fraudulent attempt to obtain sensitive information by impersonating a trustworthy entity
Front
What is an intrusion detection system (IDS)
Back
A tool or software designed to detect unauthorized access or threats to a network
Front
What is PII
Back
Personally Identifiable Information used to identify an individual
Front
Name one common privacy law
Back
GDPR or CCPA
Front
What is multi-factor authentication (MFA)
Back
Using two or more verification methods to enhance login security
Front
What are cookies in the context of privacy
Back
Small text files that websites store on users' devices to track browsing activity
Front
What are the penalties for violating GDPR
Back
Fines up to €20 million or 4% of annual global turnover
Front
What is compliance in context of data security
Back
Adhering to laws, regulations, and standards governing data use and protection
Front
What is two-factor authentication (2FA)
Back
A security process requiring users to verify their identity using two different methods
Front
What is data encryption
Back
The process of converting data into a coded format to prevent unauthorized access
Front
What is the role of a Data Protection Officer (DPO)
Back
Ensuring compliance with data privacy laws within an organization
Front
What is the purpose of firewalls
Back
To block unauthorized access to networks while permitting legitimate communication
Front
What is the function of role-based access control
Back
Assigning user permissions based on their role in an organization
Front
Define security patches
Back
Updates to software fixing vulnerabilities or improving security
Front
What does "data retention policy" mean
Back
Guidelines for how long data should be stored before deletion
Front
What is the principle of least privilege
Back
Giving users the minimum access necessary to perform their tasks
Front
What is the CIA triad in data security
Back
Confidentiality, Integrity, Availability
1/28
This deck addresses data security concepts, privacy laws, and compliance requirements key to managing sensitive data responsibly.