Domain 2

Question 1

Data Destruction Methods

Answer 1

Erasing

Clearing (overwriting)

Purging

Degaussing

Destruction

Question 2

Erasing

Answer 2

performing a delete operation against a file, files, or media. data is typically recoverable

Question 3

Clearing (overwriting)

Answer 3

preparing media for reuse and ensuring data cannot be recovered using traditional recovery tools

Question 4

Purging

Answer 4

a more intense form of clearing that prepares media for reuse in less secure environments.

Question 5

Degaussing

Answer 5

creates a strong magnetic field that erases data on some media.

Question 6

Destruction

Answer 6

the final stage in the lifecycle of media and is the most secure method of sanitizing media.

Question 7

Government Data Classifications

Answer 7

Top Secret - Exceptionally grave damage
Secret - serious damage
Confidential - damage
(sensitive but unclassified - SBU)
Unclassified - no damage

Question 8

Non-Government Data Classifications

Answer 8

Confidential/Proprietary - Exceptionally grave damage
Private - serious damage
Sensitive - damage
Public - no damage

Question 9

Data Owner

Answer 9

Usually a member of senior management. Can delegate some day to day duties. Cannot delegate total responsibility.

Question 10

Data Custodian

Answer 10

Usually someone in the IT department. Does not decide what controls are
needed, but does implement controls for data owner.

If the questions mentions day-to-day it’s custodian

Question 11

Data Administrators

Answer 11

Responsible for granting appropriate

access to personnel (often via RBAC).

Question 12

User

Answer 12

any person who accesses data via a computing system to accomplish work tasks.

Question 13

Business/Mission Owners

Answer 13

Can overlap with the responsibilities of the system owner or be same role

Question 14

Asset Owners

Answer 14

Owns asset or system that processes

sensitive data and associated security plans

Question 15

GDPR Term: Data Processor

Answer 15

A natural or legal person, public authority,

agency, or other body, which processes personal data solely on behalf of the data controller.

Question 16

GDPR Term: Data Controller

Answer 16

The person or entity that controls

processing of the data.

Question 17

GDPR Term: Data Transfer

Answer 17

GDPR restricts data transfers to countries

outside the EU.

Question 18

GDPR Term: Anonymization

Answer 18

The process of removing all relevant data
so that it is impossible to identify original subject or person.

If done effectively, the GDPR is no longer relevant for the

Used if you don’t need the data.

Question 19

GDPR Term: Pseudonymization

Answer 19

The process of using pseudonyms
(aliases) to represent other data.

Can result in less stringent requirements than would otherwise apply under the GDPR.

Use if you need data and want to reduce exposure.