Back to CompTIA Data+ V2 (Data+)

Data Governance

Implement data management practices, compliance requirements, privacy protections, and quality assurance measures.

Covers explaining data management practices including documentation, versioning, and data lineage tracking. Includes summarizing compliance requirements such as data retention policies, audits, and regulatory requirements. Also covers comparing privacy and protection strategies including access control, encryption, and data masking. Additionally includes implementing quality assurance through data profiling, monitoring, and testing to ensure data quality and integrity.
5 minutes 5 Questions

In the context of the CompTIA Data+ V2 certification, Data Governance represents the overarching framework of authority, control, and decision-making exercised over the management of data assets. It is the strategic system ensuring that data is accurate, consistent, secure, and usable across an org…

Concepts covered: Data documentation standards, Metadata management, Data versioning and change tracking, Data lineage and provenance, Data catalogs and inventories, Master data management, Data retention policies, Audit requirements and procedures, Regulatory compliance (GDPR, CCPA, HIPAA), Industry-specific data regulations, Data sovereignty and localization, Access control and authentication, Role-based access control (RBAC), Data encryption methods, Data masking and anonymization, Data classification and sensitivity levels, Secure data transfer protocols, Data profiling techniques, Data quality monitoring, Data quality testing and validation, Data quality metrics and KPIs, Continuous data quality improvement, Data stewardship roles

Test mode:
Start practice test
Data+ - Data Governance Example Questions

Test your knowledge of Data Governance

Question 1

A bank stores customer financial records including account numbers, transaction histories, and social security numbers. Which type of data would these customer records be classified as under financial industry regulations?

Correct Answer: Personally Identifiable Information (PII) and financial data subject to GLBA

The correct answer is Personally Identifiable Information (PII) and financial data subject to GLBA.

The Gramm-Leach-Bliley Act (GLBA) is the primary federal regulation that governs how financial institutions must protect customer financial information. It specifically applies to banks, credit unions, securities firms, and insurance companies. Customer records containing account numbers, transaction histories, and social security numbers fall squarely under GLBA's requirements for protecting nonpublic personal information (NPI).

The other answers are incorrect for these reasons:

  • HIPAA (Health Insurance Portability and Accountability Act) applies to healthcare organizations, health plans, and healthcare clearinghouses. It governs Protected Health Information (PHI), not banking or financial records. A bank is not a covered entity under HIPAA.

  • Protected Health Information (PHI) specifically refers to health-related data, not financial records. SOX (Sarbanes-Oxley Act) relates to corporate financial reporting and accounting accuracy for publicly traded companies, not the protection of individual customer financial data.

  • PCI DSS (Payment Card Industry Data Security Standard) specifically applies to organizations that handle credit card transactions and cardholder data. While a bank may need to comply with PCI DSS for credit card operations, the broader customer financial records described (account numbers, transaction histories, and social security numbers) are governed by GLBA, which is the comprehensive regulatory framework for financial institution customer data protection.

Question 2

A financial institution is conducting a post-incident analysis after discovering that derivative pricing calculations contained errors traced to corrupted bond yield data. The investigation team must reconstruct the exact sequence of data states and identify which automated processes and human actors interacted with the yield data between ingestion and the erroneous calculations. When designing queries against their metadata catalog to support this forensic analysis, which combination of lineage and provenance attributes would provide the most complete reconstruction of the incident timeline?

Correct Answer: Transformation lineage showing data flow paths combined with provenance records capturing actor identities, timestamps, and data state changes at each processing node

The correct answer involves transformation lineage showing data flow paths combined with provenance records capturing actor identities, timestamps, and data state changes at each processing node.

For forensic analysis of corrupted data in a financial incident, investigators need two critical elements:

  1. Transformation Lineage (Data Flow Paths): This shows exactly how data moved through the system - from the original bond yield data ingestion through all transformations until it reached the derivative pricing calculations. This allows the team to trace the exact path where corruption occurred.

  2. Provenance Records with Actor Identities, Timestamps, and Data State Changes: This provides the 'who, when, and what changed' information essential for incident reconstruction. Knowing which automated processes and human actors touched the data, at what times, and what the data looked like at each stage allows for precise timeline reconstruction and identification of when corruption was introduced.

The other options fall short:

  • Schema lineage with performance metrics focuses on structural changes and system performance, not on actual data values or who modified them. Performance metrics don't help identify data corruption sources.

  • Transformation lineage with data quality scores provides flow information and quality assessments, but lacks the critical 'who' component (actor identities) and specific timestamps needed to reconstruct an incident timeline involving both automated processes and human actors.

  • Business lineage with approval workflows operates at a conceptual level rather than technical detail. While it captures actor identities and approvals, it doesn't show the granular technical data flow paths necessary to trace exactly where in the processing pipeline the corruption occurred.

Question 3

A data engineer at an e-commerce company is building a metadata repository to support compliance inquiries. Auditors frequently ask questions like 'Who modified this customer record and when?' and 'What was the original value before transformation?' The engineer must choose the appropriate metadata focus to answer these audit questions efficiently. Which metadata emphasis would best address these specific types of compliance inquiries?

Correct Answer: Provenance metadata capturing modification timestamps, user identities, and historical data states

The correct answer is provenance metadata capturing modification timestamps, user identities, and historical data states.

Provenance metadata specifically tracks the history and origin of data, including WHO made changes, WHEN changes were made, and WHAT the data looked like before and after modifications. This directly addresses both audit questions posed in the scenario:

  1. 'Who modified this customer record and when?' - Provenance metadata captures user identities and modification timestamps.
  2. 'What was the original value before transformation?' - Provenance metadata maintains historical data states, allowing auditors to see previous values.

The other options are incorrect for the following reasons:

Lineage metadata documenting forward flow through transformation pipelines focuses on tracking how data moves from source to destination systems and what transformations occur along the way. While useful for understanding data flow, it doesn't specifically capture WHO made changes or preserve historical values at the record level.

Provenance metadata recording only the original source location and initial creation timestamp is too limited. While this captures some provenance information, it only tracks the initial state and origin. It would not capture subsequent modifications, user identities for changes, or the historical states between the original and current values.

Lineage metadata emphasizing technical dependencies between database tables and reporting views focuses on structural relationships and technical architecture rather than audit trail information. This helps understand system design but doesn't answer questions about who changed specific records or what values existed previously.

More Data Governance questions
463 questions (total)
Start 100 question test