Chapter 70 · Quiz

Protecting Data Quiz

10 questions covering geographic restrictions, geofencing, encryption, hashing, obfuscation, masking, tokenization, segmentation, and permission restrictions.

Question 1 of 6
A web application stores user passwords in a database. A security engineer wants to ensure that even if the database is stolen, the attacker cannot recover the original passwords. Which technique should be used to store passwords?
Question 2 of 6
A call center application displays customer credit card information to agents. To reduce exposure, the application shows only the last four digits: **** **** **** 4532. The full card number is still stored in the database and retrieved by the payment processing subsystem when needed. Which data protection technique is being used?
Question 3 of 6
A mobile payment system replaces actual credit card numbers with substitute values throughout all merchant systems. The substitutes have no mathematical relationship to the original card numbers. The original values are stored only in a secure, separate server used to authorize transactions. Which technique is this?
Question 4 of 6
A retail company stores all customer data — names, addresses, Social Security numbers, payment card tokens, and order history — in a single database. A security architect recommends distributing this data across multiple separate databases, with the most sensitive data receiving the highest-level security controls. What is the primary security benefit of this approach?
Question 5 of 6
A security analyst receives two files and their SHA-256 hashes from a vendor. The analyst downloads the first file and computes its hash: it matches exactly. Then the analyst downloads the second file — the hash does not match the vendor's published value. What does this mismatch indicate?
Question 6 of 6
A cryptographic property describes that a good encryption algorithm produces ciphertext that is dramatically different from the plaintext — changing one character of input produces a completely unrecognizable output with no visible relationship to the original. What property of encryption does this describe?

Matching

Match each scenario to the data protection technique it BEST represents.

1. A developer distributes a commercial software library. To prevent competitors from reading the proprietary algorithm, the developer runs the compiled code through a tool that renames variables to meaningless identifiers, flattens control flow, and restructures the code — the resulting file runs identically to the original but is extremely difficult for a human to read and understand
2. An organization converts plaintext data into ciphertext using an AES-256 key; the only way to read the original data is to apply the same key to reverse the transformation — the output bears no resemblance to the input and is completely unreadable without the key
3. A company finds that its single customer database is a constant compliance and security concern — customer PII, payment data, and order history all reside together. The security team splits the data into three separate databases, each on its own server with its own access controls, proportional to the sensitivity of the data it holds
4. A healthcare portal allows nurses to see full patient records, while administrative staff sees the same record but with clinical diagnosis fields replaced by asterisks — the underlying database record is unchanged; only the presentation layer differs based on the authenticated role
A. Obfuscation
B. Encryption
C. Data Segmentation
D. Data Masking