Chapter 69 · Quiz

States of Data Quiz

10 questions covering data at rest, data in transit, data in use, the Target breach, encryption controls for each state, data sovereignty, and geolocation access control.

Question 1 of 6
A security analyst discovers that a stolen laptop contained an unencrypted database of 50,000 customer records. The laptop was protected only by a Windows login password. The attacker removed the hard drive and connected it to a separate system. Which data state does this scenario primarily involve, and what control would have prevented the exposure?
Question 2 of 6
In November 2013, attackers stole 110 million credit card records from Target Corporation. Target had encrypted both stored cardholder data and payment network transmissions. Which data state did the attackers exploit, and how?
Question 3 of 6
A network administrator wants to encrypt all traffic transmitted between the headquarters office and three branch offices. The encryption should operate at the network layer and protect all IP traffic regardless of application. Which technology is MOST appropriate?
Question 4 of 6
A European company is evaluating a U.S. cloud provider for storing personal data about its EU customers. The legal team raises concerns about which laws will govern the stored data. Which concept BEST describes the core legal issue?
Question 5 of 6
An organization implements a policy where employees connecting from within the corporate building can access highly sensitive financial systems, while the same credentials from home provide read-only access only. Which security technology is enabling this location-based access differentiation?
Question 6 of 6
Why is data in RAM considered "data in use" and why is it almost always decrypted?

Matching

Match each scenario to the data state or concept it BEST represents.

1. Malware installed on a payment terminal reads the card processing application's memory and extracts credit card numbers during the brief transaction authorization window — the card data exists in plaintext here because the application must process it
2. A security team encrypts all hard drives on employee laptops using BitLocker with TPM + PIN; if a laptop is stolen while powered off, the drive contents cannot be read without the PIN
3. A web application uses HTTPS (TLS on TCP 443) to encrypt customer login credentials and session data between the user's browser and the web server — an interceptor on the network sees only ciphertext
4. An organization storing EU customer data on servers in Singapore discovers that Singapore's local data protection laws apply to that data — not just the EU regulations — because data is subject to the laws of the country where it is stored
A. Data in Use
B. Data at Rest
C. Data in Transit
D. Data Sovereignty