Skip to content

Session 8 Module D - Test Solutions

Security & Compliance - Answer Key

Question 1: Zero-Trust Security Principle

Correct Answer: B) Never trust, always verify every request regardless of source

Explanation: Zero-trust security architecture operates on the fundamental principle of "never trust, always verify." This means that every request, whether from internal or external sources, must be authenticated, authorized, and validated before access is granted. This approach eliminates the traditional network perimeter-based security model and treats every access attempt as potentially hostile.

Question 2: GDPR Right to Erasure Article

Correct Answer: C) Article 17 - Right to Erasure

Explanation: GDPR Article 17 specifically governs the "Right to Erasure" or "right to be forgotten," allowing data subjects to request deletion of their personal data under certain circumstances. The implementation includes legal feasibility assessment, comprehensive data removal, and third-party notification requirements as demonstrated in the compliance framework code.

Question 3: Differential Privacy Mechanism

Correct Answer: B) Calibrated mathematical noise using Laplace mechanism

Explanation: Differential privacy protects individual privacy by adding carefully calibrated mathematical noise to query results using mechanisms like Laplace noise. The noise scale is determined by the sensitivity of the query and the privacy budget (epsilon), providing formal mathematical guarantees about privacy protection while maintaining statistical utility.

Question 4: High-Risk Threat Response Actions

Correct Answer: C) block_temporarily, alert_security_team

Explanation: According to the threat detection system configuration, high-risk threats trigger response actions including temporary blocking of the threat source and alerting the security team. This balanced approach prevents immediate damage while allowing human expertise to assess and respond appropriately, avoiding the more severe permanent blocking reserved for critical threats.

Question 5: K-Anonymity Privacy Technique

Correct Answer: C) Generalization and suppression of quasi-identifiers

Explanation: K-anonymity is achieved through generalization (replacing specific values with broader categories) and suppression (removing identifying information) of quasi-identifiers. The anonymization process includes age group generalization, location region mapping, and direct identifier removal or pseudonymization to ensure each record is indistinguishable from at least k-1 other records.

Key Concepts Summary

Zero-Trust Security Architecture

  • Authentication verification for every request regardless of source or location
  • Multi-factor authentication with comprehensive credential validation
  • Session management with secure token generation and timeout controls

Compliance Framework Implementation

  • GDPR compliance with automated data subject request processing
  • HIPAA safeguards for healthcare information protection
  • SOC2 controls for service organization security and availability

Privacy Protection Techniques

  • Differential privacy provides mathematical privacy guarantees through noise addition
  • K-anonymity protects against re-identification through generalization and suppression
  • Data retention policies ensure automated compliance with regulatory timelines

Threat Detection and Response

  • Multi-vector analysis including brute force, prompt injection, and behavioral anomalies
  • Risk-based response with escalating actions from monitoring to emergency procedures
  • Audit trail management with tamper-evident logging and integrity protection

Enterprise Security Integration

  • Encryption frameworks for data at rest and in transit protection
  • Compliance reporting with automated violation detection and remediation guidance
  • Privacy-by-design implementation with comprehensive data lifecycle management

← Back to Module D