Cloud Data Security Coursera Quiz Answers

Get Cloud Data Security Coursera Quiz Answers

This course gives learners an opportunity to explore data security in the cloud. In this course, learners will:

* Dive into the data services offered by cloud providers and compare their security features. * Analyze a data breach and trace it back to the vulnerability that made it possible. * Learn about database injection and aggregation attacks. * Follow the life cycle of a data item and its relationship to privacy and integrity. * Associate modern privacy requirements with US and European laws.

Enroll on Coursera

Week 1: Organizing and Protecting Data

Quiz 1: Data Concepts

Q1. Which of the following are true statements about a relational database? Select all that apply.

  • Every data item is individually labeled
  • Every entry in a data table contains the same collection of individual data items.
  • It is easy to add or remove individual data items from a particular database entry.
  • The number of entries in a database is only limited by the available mass storage space.

Q2. Which of the following are true statements about a key-value database? Select all that apply.

  • Every data item is individually labeled
  • Every entry in a data table must contain the same collection of individual data items.
  • It is easy to add or remove individual data items from a particular database entry.
  • The number of entries in a database is only limited by the available mass storage space.

Q3. The Contact List example allows users to add multiple phone numbers to a single contact’s entry. What is the most flexible and effective way to do this in a relational database?

  • Add a separate “Phone” table to contain the the phone numbers. Use a key field to link the phone numbers back to the appropriate entry in the Contact table.
  • Add another field to the Contact table for each phone number needed.
  • Add a key-value pair where the key’s name identifies the item as a particular phone number.
  • Replace the Phone entry with an array of zero or more objects, each containing the phone type and phone number.

Q4. The Contact List example allows users to add multiple phone numbers to a single contact’s entry. What is the most flexible and effective way to do this in key-value database?

  • Add a separate “Phone” table to contain the the phone numbers. Use a key field to link the phone numbers back to the appropriate entry in the Contact table.
  • Add a key-value pair to the contact’s object where the new key’s name identifies the item as a particular phone number.
  • Create a separate key-value list for contacts and for phone numbers. Provide links to cross reference between individual phone numbers and objects in the contact list.

Q5. Which of the following SQL database access controls may be implemented outside of the database server?

  • Permit/deny connection to the server
  • Permit/deny connection to a particular database
  • Permit/deny access to particular tables in a database
  • Permit/deny modifications to tables in a database

Q6. Which of the following are true of relational databases? Select all that apply.

  • The API transfers text between the requesting service and the database.
  • The API uses the Structured Query Language (SQL).
  • The API is based on Javascript Object Notation (JSON)
  • The API is designed around Javascript objects as they are denoted in Javascript code.

Q7. You are contacting third party service providers to provide cloud services to host customer-facing applications for your company. Which of the SOC reports would you want to review?

  • SOC 1
  • SOC 2
  • SOC 3

Q8. You currently use third party service providers to support your company’s financial operations. Which SOC report is needed to perform a financial audit?

  • SOC 3
  • SOC 1
  • SOC 2

Q9. In an embezzlement example, a benefits manager at a labor union’s local office stole 42 million dollars from benefits accounts over a 7 year period. She handled all the money and reporting with no oversight whatsoever. This represents a failure of which of the following:

  • Separation of duty
  • Physical security
  • Employee privacy

Q10. What is “insider trading” in the context of publicly held companies?

  • A person uses non-public information about the company to make a beneficial stock transaction.
  • A person leaks non-public information about a company’s financial performance.
  • The CEO sells stock right after a quarterly report of the company’s financial performance.

Quiz 2: States and Classifications

Q1. Which of the following security mechanisms is used for encryption in both data at rest and data in motion?

  • Advanced Encryption Standard (AES)
  • Transport Level Security (TLS)
  • Secure Sockets Layer (SSL)
  • Cloud ciphertext

Q2. Which of the following represent Data in Motion? Select all that apply.

  • Storing data on a removable drive, and taking the drive away.
  • Transmitting data across a network.
  • The Store state.
  • Processing data after it has been retrieved from storage.

Q3. Why can potential attackers cross a cloud provider’s trust boundary and access our unprotected data stored there?

  • Cloud providers open their computer centers to the general public to advertise their services.
  • Cloud providers offer services to almost any customer willing to pay for them.
  • Cloud providers store unprotected backup data off-site.
  • Underlying software used by cloud providers will often contain unpatched flaws that attackers exploit to gain access.

Q4. Cloud providers often use different cryptographic mechanisms to protect Data in Motion and Data at Rest. Which of the following reflect this difference?

  • Using different algorithms to encrypt the data.
  • Using different crypto keys when encrypting data.
  • Using SSL for one and TLS for the other.
  • Using a standard, well-known protocol for one but not for the other.

Q5. The following techniques can protect data intended for our cloud deployment. Which of these provide continuous protection to stored data, even if our own cloud application software is not running? Select all that apply.

  • TLS (aka SSL).
  • Access controls implemented by our cloud application software.
  • Access controls implemented by the cloud provider.
  • Encryption applied to Data at Rest.

Q6. Which of the following are true statements about business data classification? Select all that apply.

  • Data classification is a type of access control.
  • In these discussions, unclassified business data may be public knowledge.
  • Business data classification relies on hierarchical data classification.
  • An information “silo” may correspond to a data classification.

Q7. Most large companies organize their management as a hierarchy. How do we assign classifications to best achieve least privilege?

  • Use hierarchical data classifications
  • Assign separate data classifications to separate departments and management teams
  • Assign access control groups to separate departments and management teams
  • Assign separate classifications to department employees and managers

Q8. The example company that has divisions and departments must issue quarterly reports. Which of the following groups of people need access to quarterly performance data used to produce the company quarterly financial reports? Select all that apply.

  • The company’s CEO
  • Individual members of the corporate staff specifically assigned to create the quarterly performance report
  • The company’s division heads
  • The company’s department heads
  • Individual members of division staff assigned to create the quarterly performance report

Q9. Which of the following are true about proprietary information? Select all that apply.

  • All proprietary information should be marked as such.
  • Proprietary information is not to be distributed outside of the company.
  • Everything produced by company employees is proprietary information
  • Marked proprietary information may be subject to legal protection if it falls into the wrong hands

Q10. In the example of performance classification, should we or shouldn’t we classify department-level performance data, and why?

  • No. It’s probably too hard for an attacker to collect the unclassified sales figures from every salesperson and estimate company sales without getting caught
  • No. It’s impossible to estimate company-wide sales by collecting individual sales figures. Feedback: An attacker can use an aggregation attack
  • Yes. The aggregation risk is big enough in this example to justify the extra security costs. Feedback: The example says it’s not worth it to set up the department-level security classifications
  • Yes. We use the same security classifications for departmental proprietary information and for departmental performance data

Week 2: SQL and Data Breaches

Quiz: SQL

Q1. Which of the following are true statements about a relational database? Select all that apply.

  • Every data item is individually labeled
  • Every entry in a data table must contain the same collection of individual data items
  • Each data item tends to have a fixed size

Q2. Which of the following access controls may be applied to typical relational databases? Select all that apply

  • Allow/restrict access to the server across the network
  • Allow/restrict access to specific databases on the server by a user
  • Allow/restrict the use of specific SQL statements by a user
  • Restrict a user to Select operations only

Q3. What happens when we add a column to a database table?

  • A blank field is added to every record in the database table.
  • The new field is added to each record the next time that record is modified.
  • The field is added to a record when the new field is modified in that record.

Q4. How does a SELECT statement return its result? Select all that apply.

  • It returns a table containing columns for the selected fields.
  • It returns a table containing every record for which the WHERE clause returns true
  • It returns a table containing every record for which any expression in the WHERE clause returns true
  • If the WHERE clause matches no records in the table, it returns an error

Q5. The SQL injection attack illustrated in the video, and in the separate diagram, both rely on which of the following? Select all that apply.

  • The attacker types in a specially-crafted SQL expression
  • The web site uses password hashing to obscure its stored passwords
  • The web site does not use TLS (aka SSL) to protect its traffic
  • The web server embeds the password text directly in the WHERE expression of a SELECT statement

Week 3: What Vendors Provide

Quiz: Data for Service Models

Q1. Do computer-based access control mechanisms protect data or storage?

  • Access controls protect data because the controls travel with the data when it is copied to other locations
  • Access controls protect storage because they grant or deny access to blocks of storage

Q2. Which of the following are examples of metadata? Select all that apply.

  • A file’s access restrictions
  • Relational database column names
  • The text in a file
  • Relational database fields

Q3. Choose the best description for “bucket” or “blob” storage as discussed in this lesson.

  • Storage for a relational database
  • Storage for a collection of uniquely-named objects
  • Storage for files
  • Storage for a key-value database

Q4. Which of the following are considered “NoSQL” databases? Select all that apply.

  • Key-Value
  • Hadoop/Mapreduce
  • Relational databases

Q5. The following is a list of components in a web server. Which might not be provided by a PaaS service? Select all that apply.

  • Operating system
  • Database management system
  • Web implementation language
  • Content management system

Q6.Does the “user context problem” appear in typical SaaS systems? Why or why not?

  • No, because the service provider typically handles user authentication.
  • Yes, because the consumer is responsible for configuring the operating systems
  • Yes, because service provider logins are used to administer the site and manage service deployment. End users may require different access restrictions within cloud services depending on their identity

Q7. A vendor offers a “keyed partition” data service in which storage is broken into variable-sized data stores, each with a unique name. Which of the “big six” data services does this match most closely?

  • Block storage
  • File storage
  • Bucket storage
  • Relational data
  • Key-value documents
  • Hadoop/Mapreduce data

Q8. Does the “user context problem” appear in typical IaaS systems? Why or why not?

  • No, because the service provider typically handles user authentication
  • Yes, because service provider logins are used to administer the site and manage service deployment. End users may require different access restrictions within cloud services depending on their identity
  • Yes, because the consumer is responsible for configuring the operating systems

Q9. A local disaster has required the local cloud service to shut down and evacuate all personnel. What security measures continue to protect the data?

  • Access controls implemented by the cloud provider
  • Access controls implemented by the cloud consumer
  • Encryption of all hard drives
  • Physical security of the building
  • TLS/SSL encryption of data in transit

Q10. Which of the following represent “fine grained” security control?

  • Access control to a file volume
  • Access control of objects in a bucket
  • Access control of an individual bucket
  • Encryption applied on a per-file basis

Week 4: Data Privacy and the Cloud

Quiz 1: Privacy and PCI-DSS

Q1. How was the right of privacy established in the United States?

  • Through rights granted by the original US Constitution
  • Through Supreme Court decisions interpreting constitutional amendments
  • Through amendments to the US Constitution
  • Through rights granted by the Bill of Rights

Q2. We have a retail sales application on the web. What components of the application reside within the Cardholder Data Environment? Select all that apply

  • Customer contact information required to complete an order
  • Customer shopping cart logic
  • All logic that processes the Primary Account Number
  • Logic that handles or processes PINs and CVVs

Q3. Which of the following best reflects the differences between file systems and buckets?

  • Different objects in a bucket must all have unique names while different files on a volume may share the same path name.
  • File systems contain extra complexity to support a broader range of applications, while buckets use a simpler design to achieve higher performance
  • Individual objects in a bucket have more storage capacity than individual files stored on a similar-sized volume
  • Objects in buckets support simultaneous creation, access, and updates more efficiently than files in a file system

Q4. The Accounts Receivable department wants to accept payments by credit card. The company established separate classifications for data used in Accounts Receivable (AR), Accounts Payable (AP), and the Cardholder Data Environment (CDE). This provides for Least Privilege and Separation of Duty. Which of the following is most accurate?

  • The AR department must arrange so that the CDE can process credit card payments on its behalf
  • The CDE must be expanded to include AR so that receivables can be paid by credit cards
  • The company must arrange through an outside third party vendor to handle credit card payments for AR

Q5. The company has decided to issue “role based” user identities for operations within the CDE. A user working in the CDE is assigned a role ID instead of a user ID. When the user’s role changes, the role password is changed and the role assigned to someone else. How does this align with the PCI-DSS requirements?

  • It violates Requirement 8
  • It violates Requirement 2.
  • It complies with Requirement 8
  • It complies with Requirement 9

Q6. How are CVSS scores used in assessing security of the CDE?

  • Vulnerability scanning must not find a vulnerability scoring a CVSS base score of 4.0 or higher
  • The CVSS score determines the impact on CIA properties of the CDE when a security breach occurs
  • A CVSS temporal score of 4.0 or higher determines whether routine vulnerability scans should take place yearly or quarterly

Q7. Which of the following PCI-DSS requirements mandate continuous online monitoring and logging?

  • Requirement 7
  • Requirement 9
  • Requirement 10
  • Requirement 11
  • Requirement 8
  • Requirement 5
  • Requirement 4

Q8. Which of the following cardholder data elements may be stored long-term in the CDE while in encrypted form?

  • CVV2 Code
  • Personal Identification Number (PIN)
  • Primary Account Number (PAN)
  • Card Expiration Date

Quiz 2: Data Privacy

Q1. We have a retail sales application on the web. What components of the application reside within the Cardholder Data Environment? Select all that apply.

  • All logic that processes the Primary Account Number
  • Logic that handles or processes PINs and CVVs
  • Customer shopping cart logic
  • Customer contact information required to complete an order

Q2. The company has decided to issue “role based” user identities for operations within the CDE. A user working in the CDE is assigned a role ID instead of a user ID. When the user’s role changes, the role password is changed and the role assigned to someone else. How does this align with the PCI-DSS requirements?

  • It violates Requirement 8
  • It complies with Requirement 8
  • It violates Requirement 2
  • It complies with Requirement 9

Q3. Which of the following PCI-DSS requirements mandate continuous online monitoring and logging?

  • Requirement 10
  • Requirement 8
  • Requirement 5
  • Requirement 4

Q4. Some security standards require specific measures while others “reasonable” methods or procedures. Which of the following require specific measures? Select all that apply.

  • PCI-DSS
  • FERPA
  • COPPA
  • HIPAA

Q5. Following his death, George Floyd’s medical records were retrieved by 18 individuals at the county hospital, all authorized health care workers. Thirteen did not have a medical need to access the records. This constituted a HIPAA violation for which they were fired. Which of the following HIPAA technical safeguards were used to address the HIPAA violation? Select all that apply.

  • Access control
  • Audit controls
  • Integrity (authenticate PHI)
  • User/Entity authentication
  • Transmission security

Q6. The HIPAA recommendations for “small providers” require that they establish policies for handling portable electronic media. Which type of HIPAA safeguard is this?

  • Administrative
  • Physical
  • Technical

Q7. The HIPAA recommendations for “small providers” require that they establish policies for handling passwords. Which type of HIPAA safeguard is this?

  • Administrative
  • Physical
  • Technical

Q8. Which of the following is most similar to the pseudonymisation process?

  • Data masking
  • Entropy
  • Purpose limitation

Q9. Below are a subset of GDPR principles. Indicate which principles are also reflected in the HIPAA regulations.

  • Data minimisation
  • Accuracy
  • Storage Limitation
  • Security
  • Accountability

Q10. Below are a subset of GDPR principles. Indicate which principles are also reflected in PCI-DSS requirements.

  • Data minimisation
  • Accuracy
  • Storage Limitation
  • Security
  • Accountability
Conclusion:

I hope this Cloud Data Security Coursera Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions

Leave a Reply

Your email address will not be published.