Domain 1 set 1

Question 1

Electronic Discovery Reference Model

Answer 1

EDRM

Question 2

gives specifies to policy’s?

Answer 2

Standards

Question 3

Who creates and manage sensitive Data

Answer 3

Data Controllers

AKA: HR Personal

Question 4

What policy assigns responsibility

Answer 4

Organizational security Policy

Question 5

Errors in Data Entry is what part of the CIA

Answer 5

Integrity

Question 6

SLE X ARO =?

Answer 6

ALE Annual loss Expectancy

Question 7

Who actually store and process Data?

Answer 7

Data Custodians

Question 8

Who is responsible for approval of disclosure Request?

Answer 8

Data owners

Question 9

organizations goals in mind standard?

Answer 9

COSO

Question 10

An policy that covers Email use, privacy and employee personal use issues?

Answer 10

Issue Specific Policy

Question 11

What sets the direction thru prioritization?

Answer 11

Governance

Question 12

What are the 7 steps to implement a Classification Scheme?

Answer 12

1. Identity Custodian
2. Specify Evaluation Criteria
3. Classify and Label each Resource
4. Document Exceptions
5. Select Security Controls
6. Specify declassification Procedures
7. create Awareness Program

Question 13

BIA

Answer 13

Business Impact Analysis

Question 14

What are the 3 Data states?

Answer 14

1. At Rest
2. in motion
3. In Use

Question 15

Operationally Critical Threat Asset and Vulnerability Evaluation

Answer 15

OCTAVE

Question 16

BCP

Answer 16

Business Continuity Planning

Question 17

Ricks are?

Answer 17

The Combination of a Vulnerability and a corresponding threat.

Question 18

ITADA

Answer 18

Identity Theft and Assumption Deterrence Act

Question 19

The Key items in privacy protection for DATA Processors are?

Answer 19

Training and Auditing

Question 20

Governance

Answer 20

Ensures that the state holders needs conditions and options are evaluated.

Question 21

How long is the Tactical plan made for?

Answer 21

1 year

Question 22

A Risk Methodologies that focuses on IT Systems not the Organizational Strategy

Answer 22

NIST SP 800-30

Question 23

A Risk assessment that use Qualitative analysis to calculate An Risk value

Answer 23

FRAP?

Question 24

BCP / DRP Address what part of the CIA?

Answer 24

Availability

Question 25

A system meets the requirements of the Data Owner is called?

Answer 25

Certification

Question 26

MitM stands for?

Answer 26

Man - in- the - middle

Question 27

Instance of a compromise

Answer 27

Exploit

Question 28

Total Risk X Controls Gap = ?

Answer 28

Residual Risk

Question 29

What are the 4 codes of Ethics?

Answer 29

1. Protect the Society, commonwealth and infrastructure
2. Act Honorably
3. Provide Diligent and competent Service
4. Advance and protect

Question 30

System specific policy

Answer 30

Is Geared towards use of networks, systems, and approved software lists

Question 31

Import Restrictions

Answer 31

US Safe Harbor Laws

The cypto key need to be provided to law enforcement

Question 32

The specific methods that threats use to exploit a vulnerability

Answer 32

Threat Vectors

Question 33

The HIPAA Update

Answer 33

HITECH Act