Asset Security (Domain 2) Flashcards

1
Q

The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization

A

Categorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities

A

Clearing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The critical point where a materials intrinsic magnetic alignment changes direction

A

Cure Temperature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category

A

Data Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Ensure important data-sets are developed, maintained, and accessible within their defined specifications

A

Data Custodians

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The methodology that identifies the path to meet user requirement

A

Data modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The residual physical physical representation of data that has been in some way erased

A

Data Remenence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations

A

Data Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The official series of publications relating to standards and guidelines adopted

A

Federal Information Processing Standards (FIPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Allows greater flexibility in applying encryption to specific file(s)

A

File Encryption Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A set of cyber-security activities, desired outcomes, and applicable references that are common across critical infrastructure sectors

A

Framework Core

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Provide context on how an organization views cyber security risk and the processes in place to manage that risk

A

Framework Implementation Tiers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories

A

Framework Profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders

A

IT Asset Management (ITAM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB devices, or laptop hard drives

A

Media Encryption Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In the event of a security incident, one of the primary objectives of the operations staff is to ensure that:
A. The attackers are detected and stopped
B. There is minimal disruption to the organizations mission
C. Appropriate documentation about the event is maintained as chain of evidence
D. The affected systems are immediately shut off to limit to the impact

A

B

17
Q

Good Data management practices include:
A. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
B. Data quality procedures at some stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
C. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to discussed data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
D. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, intermittent data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.

A

A

18
Q

Issues to be considered by the security practitioner when establishing a data policy include:
A. Cost, Due Care and Due Diligence, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
B. Cost Ownership and Custodianship, Privacy, Liability, Sensitivity, future Law & Policy Requirements, Policy and Process
C. Cost Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Procedure
D. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process

A

D

19
Q

This information owner typically has the following responsibilities:
A. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be archived.
B. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed
C. Determine the impact the information has on the policies of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should not be released, know when the information is inaccurate or no longer needed and should be destroyed
D. Determine the impact the information has on the mission of the organization, understand the creation cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed

A

B

20
Q

Benefits of data standards include:
A. More efficient data management, decreased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
B. More efficient data management, increased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
C. More efficient data management, increased data sharing, medium quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
D. More efficient data management, increased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information metadata

A

B

21
Q

When classifying data, the security practitioner needs to determine the following aspects of the policy: (Choose ALL that apply)
A. Who has access to the data
B. What methods should be used to dispose of the data
C. how the data is secured
D. Whether the data needs to be encrypted

A

A/B/C/D (All of the above)

22
Q

The major benefit of information classification is to:
A. Map out the computing ecosystem
B. Identify the threats and vulnerabilities
C. determine the software baseline
D. identify the appropriate level of protection needs

A

D

23
Q
When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST:
A. Destroyed
B. Re-Categorized
C. Degaussed
D. Released
A

B

24
Q

What are the four phases of the equipment life cycle?
A. Defining requirements acquiring and implementing operations and maintenance disposal and decommission
B. Acquiring requirement, defining and implementing operations and maintenance, disposal and decommission
C. Defining requirements, acquiring and maintaining implementing and operating, disposal and decommission
D. Defining requirements, acquiring and implementing operations and decommission, maintenance and disposal.

A

A

25
Q
Which of the following BEST determines the employment suitability of an individual?
A. Job Rank or title
B. Partnership with the security team
C. Role
D. Background investigation
A

D

26
Q
The best way to ensure that there is no data remanance of sensitive information that was once stored on a DVD-R media is by:
A. Deletion
B. Degaussing
C. Destruction
D. Overwriting
A

C

27
Q
Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?
A. incident management
B. Problem management
C. Change Management
D. Configuration Management
A

B

28
Q

Before applying a software update to production systems, it is MOST important that:
A. Full disclosure information about the threat that the patch addresses is available
B. The patching process is documented
C. The production systems are backed up
D. An independent third party attests the validity of the patch

A

C

29
Q
A DOS (Denial of Service Attack) is an example of what?
A. Authentication
B. Availability
C. Authorization
D. Integrty
A

Answer is: B
Denial-of-Service (DoS) attack, would be an example of attack on availability which seeks to deny service (or availability) of a system.

.