Chapter 5 Protecting Security of Assets

Question 1

“applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.”

Top Secret
Secret
Confidential
Unclassified

Answer 1

Secret

Question 2

available to anyone, though it often requires individuals to request the information using procedures identified in the Freedom of Information Act (FOIA).

Top Secret
Secret
Confidential
Unclassified

Answer 2

Unclassified

Question 3

“applied to information, the unauthorized t disclosure of
which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.”

Top Secret
Secret
Confidential
Unclassified

Answer 3

Top Secret

Question 4

“applied to information, the unauthorized disclosure
of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.”

Top Secret
Secret
Confidential
Unclassified

Answer 4

Confidential

Question 5

information posted in websites, brochures, or any other public source.

Confidential or Proprietary
Private
Sensitive
Public

Answer 5

Public

Question 6

a data breach would cause serious damage to the mission of the organization.

Confidential or Proprietary
Private
Sensitive
Public

Answer 6

Private

Question 7

a data breach would cause exceptionally grave damage
to the mission of the organization.

Confidential or Proprietary
Private
Sensitive
Public

Answer 7

Confidential or Proprietary

Question 8

a data breach
would cause damage to the mission of the organization.

Confidential or Proprietary
Private
Sensitive
Public

Answer 8

Sensitive

Question 9

________ is the data that remains on a hard drive as residual magnetic flux.

Answer 9

Data remanence

Question 10

What realigns the magnetic fields in magnetic media such as traditional hard drives, magnetic tape, and floppy disk drives.

Answer 10

Degausser

Question 11

any process that purges media or a system in
preparation for reuse in an unclassified environment

Erasing
Clearing
Purging
Declassification
Sanitization
Degaussing

Answer 11

Declassification

Question 12

combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means.

Erasing
Clearing
Purging
Declassification
Sanitization
Degaussing

Answer 12

Sanitization

Question 13

creates a strong magnetic field that erases data on some media and used to remove data
from magnetic tapes

Erasing
Clearing
Purging
Declassification
Sanitization
Degaussing

Answer 13

Degaussing

Question 14

writes a single character over the entire media, writes the character’s complement over the entire media, and finishes by writing random bits over the entire media. It repeats this in three separate passes,

Erasing
Clearing
Purging
Declassification
Sanitization
Degaussing

Answer 14

Clearing

Question 15

clearing that prepares media for reuse in less secure environments. Repeats the clearing process multiple
times and may combine it with another method

Erasing
Clearing
Purging
Declassification
Sanitization
Degaussing

Answer 15

Purging

Question 16

It can use key sizes of 32 bits to 448 bits and is a strong encryption protocol.

Advanced Encryption Standard
Triple DES
Blowfish

Answer 16

Blowfish

Question 17

NIST selected it as a standard replacement
for the older Data Encryption Standard (DES) in 2001

Advanced Encryption Standard
Triple DES
Blowfish

Answer 17

Advanced Encryption Standard

Question 18

The fi rst implementation used 56-bit keys but newer implementations use 112-bit or 168-bit
keys.

Advanced Encryption Standard
Triple DES
Blowfish

Answer 18

Triple DES

Question 19

Almost all HTTPS transmissions use ____ as the underlying encryption protocol

Answer 19

Transport Layer Security (TLS)

Question 20

L2TP/IPsec encrypts data and sends it over the Internet using _________
mode to protect it while in transit.

Answer 20

Tunnel

Question 21

_____ assign permissions based on the principles of least privilege and the need to know, granting users access to only what they need for their job.

Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 21

Administrators

Question 22

______ helps protect the
integrity and security of data by ensuring it is properly stored and protected.

Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 22

Custodians

Question 23

“a natural or legal person which processes personal data solely on behalf of the data controller.”

Data Owners
Data Processors
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 23

Data Processors

Question 24

They also ensure it has adequate security controls based on the classification and the organization’s security policy
requirements.

Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 24

Data Owners

Question 25

Maintains the system security plan and ensures that the system is deployed and operated according to the agreed-upon security requirements

Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 25

System Owners

Question 26

The US Department of Commerce runs the ______
program, which is a regulatory mechanism that includes a set of Safe Harbor
Principles.

Answer 26

Safe Harbor

Question 27

Degaussing does not affect optical \_\_\_\_\_
CDs
DVDs
hard disks
magnetic tapes
SSDs.

Answer 27

CDs, DVDs, or SSDs.

Question 28

_______ is a delete operation against a file, a selection of files, or the entire media.

Erasing
Clearing
Purging
Declassification
Sanitization
Degaussing

Answer 28

Erasing

Question 29

__________ is a process of preparing media for reuse and assuring that the cleared data cannot be recovered using traditional recovery tools.

Erasing
Clearing
Purging
Declassification
Sanitization
Degaussing

Answer 29

Clearing

Question 30

IPsec is often combined with ______ for VPNs.

Answer 30

Layer 2 Tunneling Protocol (L2TP)

Question 31

________ identify the classification of data and ensure that it is labeled properly.

Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 31

Data Owners

Question 32

Establishes the rules for appropriate use and protection of the subject
data/information (rules of behavior)

Provides input to information system owners regarding the security requirements
and security controls for the information system(s) where the information resides

Decides who has access to the information system and with what types of privileges
or access rights

Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 32

Data Owners

Question 33

Develops a system security plan in coordination with information owners, the system administrator, and functional end users

Maintains the system security plan and ensures that the system is deployed and
operated according to the agreed-upon security requirements

Ensures that system users and support personnel receive appropriate security
training, such as instruction on rules of behavior (or an AUP)

Updates the system security plan whenever a significant change occurs
Assists in the identification, implementation, and assessment of the common security controls.

Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians

Answer 33

System Owners