Asset Security (Domain 2)

Question 1

The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization

Answer 1

Categorization

Question 2

The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities

Answer 2

Clearing

Question 3

The critical point where a materials intrinsic magnetic alignment changes direction

Answer 3

Cure Temperature

Question 4

Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category

Answer 4

Data Classification

Question 5

Ensure important data-sets are developed, maintained, and accessible within their defined specifications

Answer 5

Data Custodians

Question 6

The methodology that identifies the path to meet user requirement

Answer 6

Data modeling

Question 7

The residual physical physical representation of data that has been in some way erased

Answer 7

Data Remenence

Question 8

Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations

Answer 8

Data Standards

Question 9

The official series of publications relating to standards and guidelines adopted

Answer 9

Federal Information Processing Standards (FIPS)

Question 10

Allows greater flexibility in applying encryption to specific file(s)

Answer 10

File Encryption Software

Question 11

A set of cyber-security activities, desired outcomes, and applicable references that are common across critical infrastructure sectors

Answer 11

Framework Core

Question 12

Provide context on how an organization views cyber security risk and the processes in place to manage that risk

Answer 12

Framework Implementation Tiers

Question 13

Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories

Answer 13

Framework Profile

Question 14

ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders

Answer 14

IT Asset Management (ITAM)

Question 15

Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB devices, or laptop hard drives

Answer 15

Media Encryption Software

Question 16

In the event of a security incident, one of the primary objectives of the operations staff is to ensure that:
A. The attackers are detected and stopped
B. There is minimal disruption to the organizations mission
C. Appropriate documentation about the event is maintained as chain of evidence
D. The affected systems are immediately shut off to limit to the impact

Answer 16

B

Question 17

Good Data management practices include:
A. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
B. Data quality procedures at some stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
C. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to discussed data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
D. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, intermittent data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.

Answer 17

A

Question 18

Issues to be considered by the security practitioner when establishing a data policy include:
A. Cost, Due Care and Due Diligence, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
B. Cost Ownership and Custodianship, Privacy, Liability, Sensitivity, future Law & Policy Requirements, Policy and Process
C. Cost Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Procedure
D. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process

Answer 18

D

Question 19

This information owner typically has the following responsibilities:
A. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be archived.
B. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed
C. Determine the impact the information has on the policies of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should not be released, know when the information is inaccurate or no longer needed and should be destroyed
D. Determine the impact the information has on the mission of the organization, understand the creation cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed

Answer 19

B

Question 20

Benefits of data standards include:
A. More efficient data management, decreased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
B. More efficient data management, increased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
C. More efficient data management, increased data sharing, medium quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources
D. More efficient data management, increased data sharing higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information metadata

Answer 20

B

Question 21

When classifying data, the security practitioner needs to determine the following aspects of the policy: (Choose ALL that apply)
A. Who has access to the data
B. What methods should be used to dispose of the data
C. how the data is secured
D. Whether the data needs to be encrypted

Answer 21

A/B/C/D (All of the above)

Question 22

The major benefit of information classification is to:
A. Map out the computing ecosystem
B. Identify the threats and vulnerabilities
C. determine the software baseline
D. identify the appropriate level of protection needs

Answer 22

D

Question 23

When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST:
A. Destroyed
B. Re-Categorized
C. Degaussed
D. Released

Answer 23

B

Question 24

What are the four phases of the equipment life cycle?
A. Defining requirements acquiring and implementing operations and maintenance disposal and decommission
B. Acquiring requirement, defining and implementing operations and maintenance, disposal and decommission
C. Defining requirements, acquiring and maintaining implementing and operating, disposal and decommission
D. Defining requirements, acquiring and implementing operations and decommission, maintenance and disposal.

Answer 24

A

Question 25

Which of the following BEST determines the employment suitability of an individual?
A. Job Rank or title
B. Partnership with the security team
C. Role
D. Background investigation

Answer 25

D

Question 26

The best way to ensure that there is no data remanance of sensitive information that was once stored on a DVD-R media is by:
A. Deletion
B. Degaussing
C. Destruction
D. Overwriting

Answer 26

C

Question 27

Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?
A. incident management
B. Problem management
C. Change Management
D. Configuration Management

Answer 27

B

Question 28

Before applying a software update to production systems, it is MOST important that:
A. Full disclosure information about the threat that the patch addresses is available
B. The patching process is documented
C. The production systems are backed up
D. An independent third party attests the validity of the patch

Answer 28

C

Question 29

A DOS (Denial of Service Attack) is an example of what?
A. Authentication
B. Availability
C. Authorization
D. Integrty

Answer 29

Answer is: B
Denial-of-Service (DoS) attack, would be an example of attack on availability which seeks to deny service (or availability) of a system.

.