Chapter 68 · Quiz

Data Types and Classifications Quiz

10 questions covering data type categories, PII, PHI, classification levels, regulated data, trade secrets, and format types.

Question 1 of 6
A hospital's database contains patient names, diagnoses, treatment records, and payment records for healthcare services. A security analyst exports this data to a CSV file for analysis. Which data classifications apply to this CSV file? (Select the BEST answer.)
Question 2 of 6
An organization's authentication server — used by all employees to log in — experiences a hardware failure, causing 4 hours of downtime. Employees cannot access any internal systems during this period. Which data classification level is MOST relevant to the authentication database, and why?
Question 3 of 6
A technology company has developed a proprietary algorithm for its AI product. The company has decided NOT to file a patent because doing so would require public disclosure of the algorithm's implementation. Instead, the company keeps the implementation details strictly confidential. How should this algorithm be classified?
Question 4 of 6
A security analyst is reviewing a JSON file intercepted on the network. The file contains: user_id, email, date_of_birth, and zip_code fields for 50,000 customers. The analyst notes that the individual fields appear benign. Which data security concept explains why this JSON file still requires strong protection?
Question 5 of 6
An executive at a publicly traded company emails a document containing preliminary merger acquisition plans to a colleague. The document is marked "For Internal Use Only." A security auditor flags this as a classification concern. Which classification level is MOST appropriate for pre-announcement merger plans?
Question 6 of 6
Which of the following is the BEST example of data that is classified as both PHI and regulated data?

Matching

Match each description to the data classification level it best represents.

1. Company marketing brochures, public website content, and published press releases — freely distributable with no viewing restrictions; integrity controls still apply to prevent unauthorized modification
2. The real-time transaction database that processes every customer payment — if unavailable for even 60 seconds, all transactions fail; availability is the primary security driver
3. Pre-announcement merger acquisition documents — accessible only to the executive team and legal counsel; requires explicit individual authorization; premature disclosure could violate securities law
4. Government intelligence reports requiring formal security clearance; unauthorized disclosure carries criminal penalties; access limited by formal legal vetting process; non-disclosure agreements required
A. Public / Unclassified
B. Critical
C. Confidential
D. Private / Classified / Restricted