Domain 2 - Asset Security Flashcards
- In the event of a security incident, one of the primary objectives of the operations staff is to ensure that: A. the attackers are detected and stopped. B. there is minimal disruption to the organization’s mission. C. appropriate documentation about the event is maintained as chain of evidence. D. the affected systems are immediately shut off to limit the impact.
B
- Good data management practices include: A. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data. B. Data quality procedures at some stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and asses effectiveness of management practices and the integrity of existing data. C. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to discussed data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data. D. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, intermittent data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.
A
- Issues to be considered by the security practitioner when establishing a data policy include:
A. Cost, Due Care and Due Diligence, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process.
B. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Future Law & Policy Requirements, Policy and Process.
C. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Procedure.
D. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process.
D
- The information owner typically has the following responsibilities:
A. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be archived.
B. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.
C. Determine the impact the information has on the policies of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should not be released, know when the information is inaccurate or no longer needed and should be destroyed.
D. Determine the impact the information has on the mission of the organization, understand the creation cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.
B
- QA/QC mechanisms are designed to prevent data contamination, which occurs when a process or event introduces either of which two fundamental types of errors into a dataset: (choose TWO)
A. Errors of commission
B. Errors of insertion
C. Errors of omission
D. Errors of creation
A, C
- Some typical responsibilities of a data custodian may include: (Choose ALL that apply)
A. Adherence to appropriate and relevant data policy and data ownership guidelines.
B. Ensuring accessibility to appropriate users, maintaining appropriate levels of dataset security.
C. Fundamental dataset maintenance, including but not limited to data storage and archiving.
D. Assurance of quality and validation of any additions to a dataset, including periodic audits to assure ongoing data integrity.
A, B, C, and D
- The objectives of data documentation are to : (Choose ALL that apply)
A. Ensure the longevity of data and their re-use for multiple purposes
B. Ensure that data users understand the content context and limitations of datasets
C. Facilitate the confidentiality of datasets
D. Facilitate the interoperability of datasets and data exchange
A, B, and D
- Benefits of data standards include:
A. more efficient data management, decreased data sharing, higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources.
B. more efficient data management, increased data sharing, higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources.
C. more efficient data management, increased data sharing, medium quality data, improved data consistency, decreased data integration, better understanding of data, improved documentation of information resources.
D. more efficient data management, increased data sharing, highest quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information metadata.
B
- When classifying data, the security practitioner needs to determine the following aspects of the policy: (Choose ALL that apply)
A. who has access to the data
B. What methods should be used to dispose of the data
C. how the data is secured
D. whether the data needs to be encrypted
A, B, C, and D
- The major benefit of information classification is to:
A. map out the computing ecosystem
B. identify the threats and vulnerabilities
C. determine the software baseline
D. identify the appropriate level of protection needs
D
- When sensitive information is no longer critical but still within the scope of a record retention policy , that information is BEST:
A. Destroyed
B. Re-categorized
C. Degaussed
D. Released
B
- What are the FOUR phases of the equipment lifecycle?
A. Defining requirements, acquiring and implementing, operations and maintenance, disposal and decommission.
B. Acquiring requirements, defining and implementing, operations and maintenance, disposal and decommission.
C. Defining requirements, acquiring and maintaining, implementing and operating, disposal and decommission.
D. Defining requirements, acquiring and implementing, operations and decommission, maintenance and disposal.
A
- Which of the following BEST determines the employment suitability of an individual?
A. Job rank or title
B. Partnership with the security team
C. Role
D. Background investigation
D
- The best way to ensure that there is no data remnants of sensitive information that was once stored on a DVD-R media is by
A. Deletion
B. Degaussing
C. Destruction
D. overwriting
C
- Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?
A. Incident management
B. Problem management
C. Change management
D. Configuration management
B
