Domain 2: Asset Security Flashcards
s3.40 What is the information life cycle?
acquistion, use, arcival and disposal .
s3.41 What is cryptaanlysis and eavesdroppping’s affect on data security?
they threaten data security, and usually in tranist (evesdroping or at rest (cryptanlsysis), but not in use.
s3.44 What does a data custodian do? elephant
they hold the top responsibility for data security, ensuring data availability, integrity, and enforcing security protocols from owns or management. they do backups , patches, and system configuraiton. They are techinical people. not managerial and they don’t make poliices or standards.
s3.44 what do data /information owners do?
they assign sensitivity labels and backup frequency. they can be hr, payroll, and other departments.
s3.44 what do data controllers and data processors do?
contorllers create and manage sensitive data in the organizaiton HR payroll. processors mange the data for controllers like outsourced payroll.
s3.44 what do system owners do?
management level employees. like data center manager or infrastrcutre manager.
s3.44 exam tip look out for key words. 5.41min.
who assigns account…key works. that is securty adminsitrators.
s3.45 exam tip. words in exam. flash or volatile … what does data remanence mean? what is PLD? what is rom? and name 3 types of it?
most likely you wont have memory remance questions but key words do come up.
dat remancene is data left over after noraml removal and deletion. PLD is programmable logic devices like eprom, eeprom, and flash. but not prom. rom is nonvalitle retains memory after power loss. bios use. prom=programmable read only memory, eprom, erasable programmable read only usling light, eeprom, elecrically erasable programmable read only.
s3.45 What is RAM? what are the 2 types?
RAM is volatile . lose power.SRAM static ram is fast and expensive. embedded in cpu. other is DRAM. slower and cheaper. must be refresed. a subset of dram is sdram. this is the ddr with slots for memory sticks.
s3.45 what is cached memory?
L1 is cache on the cpu and very fast. L2 is connected to the cpu but outside of it.
s3.46 name 5 digital dispoal. elephant
deleting..removed from table. formating..does the same. overwriting or clearing is done by wirting 0s over data. sanization is the process of rendering data. purge is removing sensitive data where no longer feasible even in lab environment.
s3.47 What is scoping? What is tailoring?
determining which portion of a standard we ill deploy in our organizatino. Tailoring is customizing a stanrd to your organization.
s3.47 What is accreditation vs certfication?
accreditation is management decision to authorize the operation of an information sytem and to accept risk based on securiyt controls. Certifcation is about meeting hte security requiremnts set by the data owner or laws.
s3.48 What is CASB Cloud Access Security Broker?
On premise or cloud software between our users and our cloud apps. Montiors users activity, warns admins , prevents, protects and enforces secuirty policy.
T What does data Remanance mean?
residenaul representation of data that remains even after attempts hae been made otremove data.
