CISSP Chapter 6 - Protecting Security of Assets

13. Which one of the following data roles is most likely to assign permissions to grant users access to data? A. Administrator B. Custodian C. Owner D. User

A. Administrator

10. Which one of the following is based on Blowfish and helps protect against rainbow table attacks? A. 3DES B. AES C. Bcrypt D. SCP

C. Bcrypt

1. Which one of the following identifies the primary a purpose of information classification processes? A. Define the requirements for protecting sensitive data. B. Define the requirements for backing up data. C. Define the requirements for storing data. D. Define the requirements for transmitting data.

A. Define the requirements for protecting sensitive data.

19. Which of the following administrator actions might have prevented this incident? A. Mark the tapes before sending them to the warehouse. B. Purge the tapes before backing up data to them. C. Degauss the tapes before backing up data to them. D. Add the tapes to an asset management database.

A. Mark the tapes before sending them to the warehouse.

16. What do the principles of notice, choice, onward transfer, and access closely apply to? A. Privacy B. Identification C. Retention D. Classification

A. Privacy

15. Within the context of the European Union (EU) Data Protection law, what is a data processor? A. The entity that processes personal data on behalf of the data controller B. The entity that controls processing of data C. The computing system that processes data D. The network that processes data

A. The entity that processes personal data on behalf of the data controller

20. Of the following choices, what policy was not followed regarding the backup media? A. Media destruction B. Record retention C. Configuration management D. Versioning

B. Record retention

3. Which of the following answers would not be included as sensitive data? A. Personally identifiable information (PII) B. Protected health information (PHI) C. Proprietary data D. Data posted on a website

D. Data posted on a website

2. When determining the classification of data, which one of the following is the most important consideration? A. Processing system B. Value C. Storage media D. Accessibility

B. Value

8. Which of the following is the most secure method of deleting data on a DVD? A. Formatting B. Deleting C. Destruction D. Degaussing

C. Destruction

14. Which of the following best defines "rules of behavior" established by a data owner? A. Ensuring users are granted access to only what they need B. Determining who has access to a system C. Identifying appropriate use and protection of data D. Applying security controls to a system

C. Identifying appropriate use and protection of data

6. Which of the following statements correctly identifies a problem with sanitization methods? A. Methods are not available to remove data ensuring that unauthorized personnel cannot retrieve data. B. Even fully incinerated media can offer extractable data. C. Personnel can perform sanitization steps improperly. D. Stored data is physically etched into the media.

C. Personnel can perform sanitization steps improperly.

5. Which would an administrator do to classified media before reusing it in a less secure environment? A. Erasing B. Clearing C. Purging D. Overwriting

C. Purging

12. Which one of the following tasks would a custodian most likely perform? A. Access the data B. Classify the data C. Assign permissions to the data D. Back up data

D. Back up data

4. What is the most important aspect of marking media? A. Date labeling B. Content description C. Electronic labeling D. Classification

D. Classification

7. Which of the following choices is the most reliable method of destroying data on a solid state drive? A. Erasing B. Degaussing C. Deleting D. Purging

D. Purging

9. Which of the following does not erase data? A. Clearing B. Purging C. Overwriting D. Remanence

D. Remanence

11. Which one of the following would administrators use to connect to a remote server securely for administration? A. Telnet B. Secure File Transfer Protocol (SFTP) C. Secure Copy (SCP) D. Secure Shell (SSH)

D. Secure Shell (SSH)

17. An organization is implementing a preselected baseline of security controls, but finds not all of the controls apply. What should they do? A. Implement all of the controls anyway. B. Identify another baseline. C. Re-create a baseline. D. Tailor the baseline to their needs.

D. Tailor the baseline to their needs.

18. Of the following choices, what would have prevented this loss without sacrificing security? A. Mark the media kept offsite. B. Don't store data offsite. C. Destroy the backups offsite. D. Use a secure offsite storage facility.

D. Use a secure offsite storage facility.