Skip to content

Graded Quiz: Database Security and Data Protection Strategies :Database Essentials and Vulnerabilities (IBM Cybersecurity Analyst Professional Certificate) Answers 2025

1. Question 1

How should organizations manage data sovereignty requirements?

  • ❌ Using generic data protection measures

  • ❌ Ignoring cross-border rules

  • ❌ Transferring all data to one location

  • Ensuring compliance with local data protection laws

Explanation:
Data sovereignty requires following each country’s local data privacy and storage regulations.

2. Question 2

How should intellectual property (IP) data be protected?

  • ❌ Broad access for all users

  • Implementing RBAC and encryption

  • ❌ Basic security without updates

  • ❌ General encryption only

Explanation:
IP data must be restricted with role-based access control and encrypted for confidentiality.

3. Question 3

Which encryption uses the same key for encryption & decryption?

  • ❌ Hashing

  • ❌ Data masking

  • Symmetric encryption

  • ❌ Asymmetric encryption

Explanation:
Symmetric encryption uses one shared secret key.

4. Question 4

Primary benefit of tokenization?

  • ❌ Improving access speed

  • ❌ Making data unreadable via keys

  • ❌ Enhancing encryption speed

  • Reducing risk of breaches by isolating sensitive data

Explanation:
Tokenization replaces sensitive data with tokens, keeping real data in a secure vault.

5. Question 5

Key benefit of data segmentation?

  • ❌ Token management

  • ❌ Encryption

  • ❌ Hard-to-interpret data

  • Reducing attack surface by isolating sensitive data

Explanation:
Segmentation limits how much data an attacker can reach, improving security.

6. Question 6

Key element of a strong password policy?

  • ❌ Disable expiration

  • Enforce mix of uppercase, lowercase, numbers, special characters

  • ❌ Allow short passwords

  • ❌ Permit reuse

Explanation:
Complexity helps prevent brute-force and dictionary attacks.

7. Question 7

What must be considered when identifying auditing requirements?

  • ❌ Number of users

  • ❌ Database version

  • Regulatory compliance

  • ❌ Storage capacity

Explanation:
Regulations (GDPR, HIPAA, PCI-DSS) define what must be logged and monitored.

8. Question 8

Fundamental principle of database application security?

  • ❌ Regular updates (important but not fundamental)

  • Verifying the identity of users (authentication)

  • ❌ Automating backups

  • ❌ Storing data on multiple servers

Explanation:
Security begins with confirming who is accessing the system.

9. Question 9

Key benefit of application data auditing?

  • ❌ Simplifying schema

  • ❌ Improving performance

  • Detecting unauthorized access and potential breaches

  • ❌ Reducing storage

Explanation:
Auditing tracks who accessed what data and when.

10. Question 10

Component of auditing policies?

  • The level of detail required in audit logs

  • ❌ Choice of DBMS

  • ❌ Application front-end design

  • ❌ Backup frequency

Explanation:
Audit policies define what to log, how detailed logs should be, and when to alert.

🧾 Summary Table

Q No. Correct Answer Key Concept
1 Compliance with local laws Data sovereignty
2 RBAC + Encryption IP data protection
3 Symmetric encryption Single-key encryption
4 Reduce breach risk Tokenization
5 Reduce attack surface Data segmentation
6 Strong password complexity Security policy
7 Regulatory compliance Auditing requirements
8 Verify user identity Application security
9 Detect unauthorized access Data auditing
10 Audit log detail level Auditing policy