CISSP Domain 2

Question 1

Information lifecycle

Answer 1

Creation
Classification
Storage
Usage
Archive
Destruction

Question 2

Data classification and damage level

Answer 2

Value of data by labeling

Top secret: Gracve damage

Secret: Serious damage

Confidential: Damage

Unclassified : No damage

Question 3

Data classification non governmental

Answer 3

Confidential or Proprietary - Grave damage

Private - Serious damage - PII or PHI

Sensitive - Damage - IP address, OS, software

Public - No damage

Question 4

Data States

Answer 4

Data at rest - Strong symmetric encryption

Data in transit - combo

Data in use -

Question 5

Steps in Data management

Answer 5

Define data

Asset classification

Define security requirements

Identify security controls to implement

Question 6

Establishing information and asset handling requirements

Answer 6

Data maintenance

DLP: Network and Endpoint

Marking sensitive data and assets: Tags and meta tags

Handling assets and data

Data collection limitation

Data location: Data center and redundancy

Storing sensitive data

Data destruction

Eliminating data remnanence

Ensuring appropriate data and assets retention

Data destruction

Question 7

Data remnanence

Answer 7

Left over data after supposedly erased

Question 8

Slack space

Answer 8

Unused space within disk cluster

Question 9

Degausser and SSD

Answer 9

Heavy magnetic field and effective only in magnetic media

Does not effect cd, dvd and SSD

SSD include built in earse command

Question 10

Erasing

Answer 10

Delete operations in file but actual data remains on drive

Question 11

Clearing

Answer 11

Overwrite for reuse and ensure clear data cannot be recovered and three separate phases

First character

Complement

Seperate bits

Question 12

Purging

Answer 12

A level of assurance that data is not recoverable

Repeat clearing process several times

But not always trusted

Question 13

Destruction

Answer 13

Most Secure method for sanitizing

Question 14

Cryptographic erasures

Answer 14

If data is encrypted then crypto shed to destroy

They only destroy encryption key and decryption keys but data remains encrypted

Better overwrite the data just in case if encryption isn’t strong

Especially cloud destroy cryptography keys

Question 15

Retention policies (lawsuit)

Answer 15

Cannot delete potential evidence after a lawsuit is filed however if retention policy dictates it’s legal to delete

Question 16

Data protection methods - DRM solutions methods

Answer 16

DRM liscencing : Grants access to product

Persistent online authentication: System to be connected to internet to use product

Continus audit trail

Automatic expiration

They use steganography to detect person who pirated

Question 17

Cloud access security broker

Answer 17

Monitors all activities and enforces admin defined security policies

Software placed logically between users and cloud based resources

Can be on premise or cloud

Effective detection of shadow IT- By collecting and analysis of network logs

Question 18

Psudonymization

Answer 18

Replace data with artificial identifiers

Question 19

Tokenization

Answer 19

Use of random string of characters to replace other data..

Credit card transactions

Question 20

Anonymization

Answer 20

Removing all relevant data

Randomised masking

Anonymization cannot be reversed unlike psudonymization and tokenization

Question 21

Data owners

Answer 21

Identify classification of data and label

Question 22

Asset owners

Answer 22

Owns asset

Devlop security plan
Maintain and devlop
Aup
Updates

Question 23

Business owners/ Mission owners

Answer 23

Own processes - like sales department

System provides value to organization

Question 24

Data processor

Answer 24

Natural or legal person processes data on behalf of data controller

Question 25

Dara controller

Answer 25

Person or entity that controls data

Question 26

Data custodian

Answer 26

Helps protect cia

Question 27

Admins

Answer 27

Elevated previliges

Question 28

4 types of baseline

Answer 28

Low impact baseline: Loss of CIA will have low impact

Moderate impact

High impact

Privacy control baseline: PII

Question 29

Tailoring

Answer 29

Modify list of security controls within a baseline to align with organization mission

Question 30

Scoping

Answer 30

Part of tailoring process and review the baseline security controls and selecting those which are applicable

Question 31

homomorphic encryption

Answer 31

Data in use - some cases, it’s possible for an application to work on encrypted data using homomorphic encryption (in cipher text format itself . This limits the risk because memory doesn’t hold unencrypted data.

Question 32

Air gap

Answer 32

One network processes unclassified data only. Another network processes classified data. Techniques such as air gaps ensure the two networks never physically touch each other. An air gap is a physical security control and means that systems and cables from the classified network never physically touch systems and cables from the unclassified network.

Question 33

DLP discovery

Answer 33

Most DLP solutions also include discovery capabilities. The goal is to discover the loca- tion of valuable data within an internal network. When security administrators know where the data is, they can take additional steps to protect it. As an example, a database server may include unencrypted credit card numbers. When the DLP discovers and reports this, database administrators can ensure the numbers are encrypted. As another example, company policy may dictate that employee laptops do not contain any PII data. A DLP content discovery system can search these and discover any unauthorized data. Additionally, many content dis- covery systems can search cloud resources used by an organization.

Question 34

What are the criteria to be considered (esp. csp) when data location of backups ?

Answer 34

Some organizations maintain data in large data centers. It’s common to replicate this data to one or more other data centers to maintain the availability of the critical data. These data centers are typically located in separate geographical locations. When using cloud storage for backups, some organizations may need to verify the location of the cloud storage to ensure it is in a separate geographical location.

Question 35

What is sanitisation ?

Answer 35

Sanitization can refer to the destruction of media or using a trusted method to purge clas- sified data from the media without destroying it.

Question 36

pseudonymization and tokenization, anonymization

Answer 36

Unlike pseudonymization and tokenization, anonymization cannot be reversed. After the data is randomized using an anonymization process, it cannot be returned to the original state.

Randomized masking can be an effective method of anonymizing data.

Pseudo aka Artificial identifiers and token needs db and vault to maintain original data