Asset Security (Domain 2) Flashcards
The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization
Categorization
The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities
Clearing
The critical point where a materials intrinsic magnetic alignment changes direction
Cure Temperature
Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category
Data Classification
Ensure important data-sets are developed, maintained, and accessible within their defined specifications
Data Custodians
The methodology that identifies the path to meet user requirement
Data modeling
The residual physical physical representation of data that has been in some way erased
Data Remenence
Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations
Data Standards
The official series of publications relating to standards and guidelines adopted
Federal Information Processing Standards (FIPS)
Allows greater flexibility in applying encryption to specific file(s)
File Encryption Software
A set of cyber-security activities, desired outcomes, and applicable references that are common across critical infrastructure sectors
Framework Core
Provide context on how an organization views cyber security risk and the processes in place to manage that risk
Framework Implementation Tiers
Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories
Framework Profile
ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders
IT Asset Management (ITAM)
Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB devices, or laptop hard drives
Media Encryption Software
In the event of a security incident, one of the primary objectives of the operations staff is to ensure that:
A. The attackers are detected and stopped
B. There is minimal disruption to the organizations mission
C. Appropriate documentation about the event is maintained as chain of evidence
D. The affected systems are immediately shut off to limit to the impact
B
Good Data management practices include:
A. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
B. Data quality procedures at some stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
C. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to discussed data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
D. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, intermittent data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
A
Issues to be considered by the security practitioner when establishing a data policy include:
A. Cost, Due Care and Due Diligence, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
B. Cost Ownership and Custodianship, Privacy, Liability, Sensitivity, future Law & Policy Requirements, Policy and Process
C. Cost Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Procedure
D. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
D
This information owner typically has the following responsibilities:
A. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be archived.
B. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed
C. Determine the impact the information has on the policies of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should not be released, know when the information is inaccurate or no longer needed and should be destroyed
D. Determine the impact the information has on the mission of the organization, understand the creation cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed
B
Benefits of data standards include:
A. More efficient data management, decreased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
B. More efficient data management, increased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
C. More efficient data management, increased data sharing, medium quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
D. More efficient data management, increased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information metadata
B
When classifying data, the security practitioner needs to determine the following aspects of the policy: (Choose ALL that apply)
A. Who has access to the data
B. What methods should be used to dispose of the data
C. how the data is secured
D. Whether the data needs to be encrypted
A/B/C/D (All of the above)
The major benefit of information classification is to:
A. Map out the computing ecosystem
B. Identify the threats and vulnerabilities
C. determine the software baseline
D. identify the appropriate level of protection needs
D
When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST: A. Destroyed B. Re-Categorized C. Degaussed D. Released
B
What are the four phases of the equipment life cycle?
A. Defining requirements acquiring and implementing operations and maintenance disposal and decommission
B. Acquiring requirement, defining and implementing operations and maintenance, disposal and decommission
C. Defining requirements, acquiring and maintaining implementing and operating, disposal and decommission
D. Defining requirements, acquiring and implementing operations and decommission, maintenance and disposal.
A
Which of the following BEST determines the employment suitability of an individual? A. Job Rank or title B. Partnership with the security team C. Role D. Background investigation
D
The best way to ensure that there is no data remanance of sensitive information that was once stored on a DVD-R media is by: A. Deletion B. Degaussing C. Destruction D. Overwriting
C
Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue? A. incident management B. Problem management C. Change Management D. Configuration Management
B
Before applying a software update to production systems, it is MOST important that:
A. Full disclosure information about the threat that the patch addresses is available
B. The patching process is documented
C. The production systems are backed up
D. An independent third party attests the validity of the patch
C
A DOS (Denial of Service Attack) is an example of what? A. Authentication B. Availability C. Authorization D. Integrty
Answer is: B
Denial-of-Service (DoS) attack, would be an example of attack on availability which seeks to deny service (or availability) of a system.
.
