Domain 2 - Asset Security

Question 1

Data Value Criteria

Answer 1

Value, age, useful life, personal association

Question 2

Government, military

Answer 2

Unclassified, Sensitive but unclassified, Confidential, Secret, Top Secret

Question 3

Private sector

Answer 3

Public, Company Confidential, Private, Confidential, Sensitive

Question 4

CIRTs

Answer 4

Cyber Incident Response Team

Question 5

Data System Owners

Answer 5

Select security controls

Question 6

Data Administrators

Answer 6

Assign permission to access and handle data

Question 7

Data Auditor

Answer 7

Examines security controls

Question 8

Quality Control (QC)

Answer 8

Assessment of quality based on internal standards

Question 9

Quality Assurance (QA)

Answer 9

Assessment of quality based on standards external to the process and
involves reviewing of the activities and quality control processes.

Question 10

Sanitizing

Answer 10

Series of processes that removes data, ensures data is unrecoverable by any means.
Removing a computer from service and disposed of. All storage media removed or destroyed.

Question 11

Erasing

Answer 11

Deletion of files or media, removes link to file, least effective

Question 12

Overwriting/wiping/shredding

Answer 12

Overwrites with pattern, may miss

Question 13

Zero fill

Answer 13

Wipe a drive and fill with zeros

Question 14

Clearing

Answer 14

Prepping media for reuse at same level. Removal of sensitive data from storage devices in
such a way that the data may not be reconstructed using normal system functions or utilities. May be
recoverable with special lab equipment. Data just overwritten.

Question 15

Purging

Answer 15

More intense than clearing. Media can be reused in lower systems. Removal of sensitive
data with the intent that the data cannot be reconstructed by any known technique

Question 16

Data mart

Answer 16

metadata is stored in a more secure container

Question 17

Scoping

Answer 17

Reviewing baseline security controls and selecting only those controls that apply to the IT
system you’re trying to protect.

Question 18

Tailoring

Answer 18

Modifying the list of security controls within a baseline so that they align with the mission
of the organization

Question 19

Supplementation

Answer 19

Adding assessment procedures or assessment details to adequately meet the risk
management needs of the organization

Question 20

Link

Answer 20

EVERYTHING ENCRYPTED

Question 21

End to End

Answer 21

You can see ALL BUT PAYLOAD, normally done by users

Question 22

S/MIME

Answer 22

secure email

Question 23

NIST

Answer 23

National Institute of Standards and Technology

Question 24

NIST SP 800 series

Answer 24

Address computer security in a variety of areas

Question 25

800-14 NIST SP

Answer 25

GAPP for securing information technology systems

Question 26

800-18 NIST

Answer 26

How to develop security plans

Question 27

800-27 NIST SP

Answer 27

``` Baseline for achieving security, five lifecycle planning phases (defined in 800-14), 33 IT security principles • Initiation • Development/Acquisition • Implementation • Operation/Maintenance • Disposal ```

Question 28

800-88 NIST

Answer 28

NIST guidelines for sanitation and disposition, prevents data remanence

Question 29

800-122 NIST

Answer 29

NIST Special Publication – defines PII as any information that can be used to trace a person identity such as SSN, name, DOB, place of birth, mother’s maiden name

Question 30

800-137 NIST

Answer 30

build/implement info security continuous monitoring program: define, establish, implement, analyze and report,

Question 31

800-145 NIST

Answer 31

Cloud computing

Question 32

FIPS – Federal Information Processing Standards

Answer 32

Official series of publications relating to standards | and guidelines adopted under the FISMA, Federal Information Security Management Act of 2002

Question 33

FIPS 199

Answer 33

Standards for categorizing information and information systems.

Question 34

FIPS 200

Answer 34

Minimum security requirements for Federal information and information systems

Question 35

ISO 15288

Answer 35

``` International systems engineering standard covering processes and life cycle stages • Agreement • Organization Project • enabling • Technical Management • Technical ```