Get ready for the SEC401 Final Exam with our updated 2024 questions and answers. Master essential cybersecurity concepts and test your knowledge with expert-reviewed solutions.
SEC401 Final Exam
Questions and Answers
1. 3 Valid options for Data Protection: 1. Content Discovery -
tools that help discover sensitive information in storage
2. Volume Storage Encryption - Protect volumes from being
snapshotted, cloned and exposure, protects volumes from being
explored by cloud provider, and prevents volumes from being
exposed by physical loss of drives.
3. Object Storage Encryption - Same as volume storage encryption
plus allows user to to implement VPS (Virtual Private Storage).
2. Volume Storage: This includes volumes attached to IaaS
instances, typically as a virtual hard drive. Volumes often use data
dispersion to support resilience and security.
3. Object Storage: Objects (files) are stored with additional
metadata (content type, redundancy required, creation date, etc.).
These objects are accessible through APIs and potentially
through a web user interface. (example: Dropbox).
4. Types of Object Storage encryption: File/Folder Encryption,
Client/Application
Encryption, Proxy Encryption.
,5. Data Loss Prevention (DLP): A product that, based on central
policies, identify, monitor, and protect data at rest, in motion, and
in use through deep content analysis.
Some ways DLP is handled:
1. Data can be blocked
2. it can be allowed to proceed after the data has been
appropriately encrypted
6. Data Migration to the Cloud (detection) - How do you
manage unapproved data being moved to cloud services?: 2
steps to help manage unapproved data moving to cloud services:
1. Monitor Large internal data migrations with Database Activity
Monitoring and File
Activity Monitoring.
2. Monitor data moving to the cloud with URL filters and Data Loss
Prevention tools. URL filtering allows you to monitor and prevent
users connecting to cloud services.
7. Database Activity Monitoring: Captures and record all SQL
activity in real time or near real time, including database
administrator activity, across multiple database platforms; and can
generate alerts on policy violations.
8. File Activity Monitoring: Monitor and record all activity within
designated file repositories at the user level, generate alerts on
policy violations.
,9. Data Dispersion: A technique that is commonly used to
improve data security but without the use of encryption
mechanisms. Capable of providing high availability and assurance
for data stored in the cloud by means of data fragmentation.
10. Data Fragmentation: a file is split into a specific number of
fragments; all of these are sign and then distributed to a number of
remote servers. The user then can reconstruct the file by
accessing a certain number of arbitrarily chosen fragments.
, 11. Barriers to developing full confidence in Security as a
Service: Compliance
Multi-tenancy
Vendor Lock-in
12. What measures do security as a service providers take to
earn the trust of their customers?: 1. Strong security controls
and system lockdown functions
2. Rigid physical security
3. Background checks on personnel
13. Business Continuity Recommendations for Customers
hiring Cloud Ser- vice Providers: 1. Review contract of third-
party commitments to maintain continu- ity o the provisioned
service.
2. Review the third-party BC process
3. Conduct on site assessment
4. Ensure that they receive confirmation of any BCP/DR tests
undertaken by the
CSP.
14. Disaster Recovery Recommendations for Customers
hiring Cloud Service Providers: 1. Do not depend on a single
provider of services and have a DR plan in place that facilitates
migration or failover should supplier fail.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller academicexpert. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.49. You're not tied to anything after your purchase.
