Chapter 94 · Quiz

Monitoring Data — Quiz

Six multiple-choice questions and four matching questions. Submit for instant scoring and explanations.

Question 1 of 6
A Windows administrator suspects that a critical system binary may have been replaced by malware after a recent compromise. They want to scan all protected operating system files and automatically restore any that have been modified. Which built-in Windows tool performs this function?
Question 2 of 6
A Linux security engineer wants to implement file integrity monitoring that creates cryptographic baselines of important system files and provides real-time alerts when any monitored file is modified. Which tool is BEST suited for this purpose?
Question 3 of 6
A DLP solution is deployed inline on the corporate network and inspects packets in real time. It detects and blocks a file transfer containing Social Security numbers being sent to an external server. Which data state and DLP type is this?
Question 4 of 6
An employee on a remote laptop, not connected to the corporate network, attempts to copy a file containing credit card numbers to a personal USB drive. A DLP agent on the laptop blocks the transfer. Which data state and DLP type prevented this, and why can this enforcement occur without a network connection?
Question 5 of 6
In November 2008, a worm spread across the US Department of Defense’s classified and unclassified networks by replicating itself through removable storage devices. The DoD responded by banning all USB storage media and deploying local DLP agents on every device. What was the name of the worm, and what DLP capability did the DoD deploy to prevent future infections?
Question 6 of 6
In November 2016, a Boeing employee accidentally emailed personal information for 36,000 employees to a personal address. The data was in hidden spreadsheet columns and included Social Security numbers. Which security control would have BEST prevented this incident?

Matching

Match each description to the correct monitoring or DLP concept.

1. A security process that establishes cryptographic baselines of important system files and generates alerts when any monitored file is modified, added, or deleted
2. The DLP data state covering information actively traversing a network; inspected inline by a network appliance, NGFW integration, or cloud service
3. The DLP data state covering information stored on file servers, databases, or backup media; scanned to identify misplaced sensitive files and verify encryption
4. An agent-based DLP solution installed on individual endpoint devices; monitors user activity locally and enforces policy even when the device is offline
A. File Integrity Monitoring (FIM)
B. Data in Motion
C. Data at Rest
D. Endpoint DLP