M7 Practice Quiz

#data_protection #data_types

Question 1

  1. Which of the following data classifications is typically accessible by anyone and is not harmful if disclosed?

    Options:

    • Confidential
    • Sensitive
    • Public
    • Unrestricted

    Overall explanation:

    • Public data is information that is intended for anyone to access and does not pose a risk if disclosed.
    • It is not confidential, sensitive, or restricted. Examples of public data may include information shared on a company's public website, such as company news, press releases, or published reports.
    • Sensitive is a data classification that usually indicates the data is personal. People can be harmed if their personal data is revealed.
    • Confidential data is highly sensitive and should be seen only by authorized individuals.
    • Unrestricted is not a classification of data.

    Tags: Data Classification

Question 2

  1. A healthcare company, MedHealth, collects patient data for treatment purposes. They use a third-party cloud service called CloudSafe to store and manage this data. The data is then analyzed by an in-house team of data scientists to improve patient care. In this context, identify the roles of data owner, data controller, data processor, and data custodian.

    Options:

    • The data scientists are the data owners, MedHealth is the data controller, CloudSafe is the data processor, and the data scientists are the data custodians.
    • MedHealth is the data owner, the data scientists are the data controllers, CloudSafe is the data processor, and MedHealth is the data custodian.
    • MedHealth is the data owner, CloudSafe is the data controller, the data scientists are the data processors, and CloudSafe is the data custodian.
    • CloudSafe is the data owner, MedHealth is the data controller, the data scientists are the data processors, and CloudSafe is the data custodian.

    Overall explanation:

    • MedHealth is the data owner as they are the entity that has collected the data and has legal rights and complete control over the data.
    • CloudSafe is the data controller because it determines how and why the patient data is processed (stored and managed in this case).
    • The data scientists are the data processors as they are analyzing the data on behalf of MedHealth, following the instructions of the data controller.
    • CloudSafe is also the data custodian because it is responsible for the safe custody, transport, storage of the data and the implementation of business rules.

    Tags: Data Ownership

Question 3

  1. Which of the following is NOT a recognized state of data in the context of data security?

    Options:

    • Data in flux
    • Data in use
    • Data in transit
    • Data at rest

    Overall explanation:

    • The three recognized states of data in the context of data security are data at rest (data that is stored), data in use (data that is currently being processed), and data in transit (data that is being transferred from one location to another).
    • "Data in flux" is not a recognized state of data.

    Tags: Data States

Question 4

  1. Which type of data refers to any information about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual?

    Options:

    • Trade Secret
    • Intellectual Property
    • Personal Identifiable Information (PII)
    • Protected Health Information (PHI)

    Overall explanation:

    • Protected Health Information (PHI) is any information about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual.
    • This is interpreted rather broadly and includes any part of a patient's medical record or payment history.
    • PHI is protected under the Health Insurance Portability and Accountability Act (HIPAA) in the United States.

    Tags: Data Types

Question 5

  1. Dion Training is exploring Data Loss Prevention (DLP) systems. They want a system that will protect data while it's at rest on their on-premises server, using encryption or a watermark?

    Options:

    • Network DLP
    • Cloud-based DLP
    • Endpoint DLP
    • Storage DLP

    Overall explanation:

    • A Storage DLP system is specifically designed to protect data while it's at rest on a server. Often the data is encrypted or watermarked. The system ensures that unauthorized access to the data is prevented, especially at times when such access would be against the company's policies. For instance, if someone starts downloading large amounts of data at unusual hours, the DLP system could detect and prevent this action.
    • Endpoint DLPs are used for data in use, not data at rest.
    • Network DLP systems are designed to protect data in transit.
    • Cloud-based DLPs protect data at rest, but they are specific to the cloud, on premises devices.

    Tags: Data Loss Prevention (DLP)