Scribd
Upload
11 views4 pages

Chapter 7 Basic Data Protection

Uploaded by

Navneet Jat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views4 pages

Chapter 7 Basic Data Protection

Uploaded by

Navneet Jat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Chapter 7: Basic Data Protection (16%)

Study online at https://quizlet.com/_ex5alm

1. The number one user's personal cloud storage, collaboration, and


data exfiltration cloud-based personal email applications.
channel is

2. The Zero Trust 1) Protect data in motion


Platform protects 2) Protect data at rest
what data? (3) 3) Secure BYOD data

3. When Zscaler - DLP


talks about data - CASB
protection, es-
sentially we are
talking about two
different seg-
ments:

4. CASB From a CASB perspective,CASB (Cloud Access Security


Broker) was designed to protect your crown jewels from
SaaS-based services.

This is a multi-mode CASB solution (known as SaaS


Security API), which is inline forward proxy-based CASB.

5. 4 use cases - Cloud application data loss


behind Zscaler's
Data Protection - BYOD and unmanaged assets
strategy:
- Data at rest

- Cloud misconfiguration

6. There are four ÏCloud Data Loss Prevention (DLP)


Data Protection Ï Endpoint DLP
capabilities that Ï Email DLP (primarily for corporate Exchange and Gmail)
Zscaler provides Ï DLP for Private Apps
through the Zero
Trust Exchange
to ensure data

1/4
Chapter 7: Basic Data Protection (16%)
Study online at https://quizlet.com/_ex5alm
security for Data
in Motion:

7. At the same time, CASB is running in inline forward proxy mode and with
from a Cloud Browser Isolation (Isolation Proxy).
Access Securi-
ty Broker (CASB)
perspective, Data
in Motion means
that:

8. Shadow IT Dis- quickly identifies unsanctioned applications and scruti-


covery nizes them across various risk attributes so you can re-
spond.

discover all these applications and tag every single one


with a risk score.

9. Cloud App Con- When you have visibility with a single policy, you can block
trol all these applications, bad applications. You can also block
specific activities within applications.

10. Tenancy Restric- Granular Policies Tenancy restrictions for sanctioned apps
tions Personal
vs. Corporate

11. Exact Data Match With Zscaler EDM, you can easily find and control any
(EDM) occurrence of specific data.

From employee records to customers' personal data and


credit card numbers, EDM lets you fingerprint sensitive
data and improve detection accuracy while reducing DLP
false positives.

12. Indexed Docu- With Zscaler IDM, you can secure high-value documents
ment Matching that typically carry sensitive data. Fingerprint tax, medical,
(IDM) manufacturing, or other important forms and detect docu-
ments that use those templates across all your cloud data
channels.

2/4
Chapter 7: Basic Data Protection (16%)
Study online at https://quizlet.com/_ex5alm
13. Optical Charac- Data doesn't only appear in plain text—so you need DLP
ter Recognition that secures visual data as well.
(OCR)
Zscaler OCR scans images to perform data classification
for files like PNGs and JPEGs, and for images embedded
in other file types (e.g., Microsoft Word documents). It even
works in tandem with EDM and IDM functions.

14. Azure Informa- Microsoft Information Protection (MIP) provides sensitivity


tion Protection labels, which you can use to identify and protect files with
(AIP) / Microsoft sensitive content.
Information Pro-
tection (MIP) La- These MIP labels are maintained by Microsoft and,
bels through the addition of an MIP Account in the ZIA Admin
Portal, these labels can be retrieved from Microsoft so that
they can be used when defining a Data Loss Prevention
(DLP) policy in the ZIA Admin Portal.

15. UEBA (user and Bulk upload/download, impossible travel, MFA


entity behavior
analytics) and UEBA and adaptive access is one of the critical compo-
Adaptive Access nents of data protection. This has a lot to do with contextu-
al DLP based on different anomalies, and different unusual
behavior.

You might want to enforce different types of actions. And


then once you do - all of that in forward proxy mode -
then you also have to think about BYOD and unmanaged
assets, data that is sitting on these unmanaged assets.
But the devices are completely unmanaged. How do you
protect your crown jewels from these unmanaged assets?

16. Data Security on Isolation Proxy


BYOD

17. The first featuee Policies based on file types


that is very popu-
lar within DLP is:

18.
3/4
Chapter 7: Basic Data Protection (16%)
Study online at https://quizlet.com/_ex5alm
3 levels of in- 1) look at some early bytes called Magic Bytes
spection:
2) look at the mime type

3) look at the file extension

19. 3 benefits of - secure high value sensitive data


EDM:
- reduce DLP false positives

- Vm-based index tool keeps things simple

20. 3 Out of Band - protect data inside cloud apps


Data Protection &
SSPM: - out of band protection

- security posture and data security

21. Top Out-of-Band - Data Discovery


Use Cases: (5)
- Prevent Data Exposure

- Secure Apps from Threats

- Secure Corporate Exchange and Gmail

- SaaS Security Posture Management (SSPM)

22. Secure Corpo- ÏInbound email = threat prevention


rate Exchange
and Gmail Ï Outbound email = data loss

23. User Notifica- - Browser-based


tions: - Application based
-Client connector Pop-Up

4/4

You might also like