KAS

Question 1

NIST Special Publication – defines PII as any information that can be used to trace a person’s identity such as SSN, name, DOB, place of birth, mother’s maiden name

Answer 1

800-122

Question 2

build/implement info security continuous monitoring program: define, establish, implement, analyze and report

Answer 2

800-137

Question 3

GAPP for securing information technology systems

Answer 3

800-14

Question 4

cloud computing

Answer 4

800-145

Question 5

How to develop security plans

Answer 5

800-18 NIST

Question 6

Baseline for achieving security, five lifecycle planning phases (defined in 800-14), 33 IT security principles

Answer 6

800-27

Question 7

NIST guidelines for sanitation and disposition, prevents data remanence

Answer 7

800-88

Question 8

Assign permission to access and handle data

Answer 8

Administrators

Question 9

examines security controls

Answer 9

Auditor

Question 10

Starting point that can be tailored to an organization for a minimum security standard. Common security configurations, Use Group Policies to check and enforce compliance

Answer 10

Baseline

Question 11

value of data exceeds cost of media; Sanitation is business normal, not destruction for costs reasons

Answer 11

Buy high quality media

Question 12

a class of media on which data are recorded by optical means.

Answer 12

CD
Compact Disc

Question 13

creates list of security controls for OS, mobile, server, and network devices

Answer 13

CIS
Center for Internet Security

Question 14

costs are not a factor in classifying data but are in controls

Answer 14

Classifying Costs

Question 15

To use software or hardware products to overwrite storage space on the media with non- sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations.

Answer 15

Clear
See comments on clear/purge convergence.

Question 16

z-Prepping media for reuse at same level. Removal of sensitive data from storage devices in such a way that the data may not be reconstructed using normal system functions or utilities. May be recoverable with special lab equipment. Data just overwritten.

Answer 16

Clearing

Question 17

operators of commercial websites post a privacy policy if collecting personal information on CA residents

Answer 17

COPPA, California Online Privacy Protection Act

Question 18

Value, age, useful life, personal association

Answer 18

Criteria

Question 19

Critical point where a material’s intrinsic magnetic alignment changes direction.

Answer 19

Curie Temperature

Question 20

Pieces of information from which “understandable information” is derived

Answer 20

Data

Question 21

Dar; inactive data that is physically stored, not RAM, biggest threat is a data breach, full disk encryption protects it (Microsoft Bitlocker and Microsoft EFS, which use AES, are apps)

Answer 21

Data at rest

Question 22

Creation, use, destruction (subservient to security policy)

Answer 22

Data Life

Question 23

To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.

Answer 23

Degauss

Degaussing any current generation hard disk (including but not limited to IDE, EIDE, ATA, SCSI and Jaz) will render the drive permanently unusable since these drives store track location information on the hard drive in dedicated regions of the drive in between the data sectors.

Question 24

AC erasure; alternating magnetic fields , DC erasure; unidirectional magnetic field or permanent magnet, can erase tapes

Answer 24

Degaussing

Question 25

The result of actions taken to ensure that media cannot be reused as originally intended and that information is virtually impossible to recover or prohibitively expensive.

Answer 25

Destruction

Question 26

The binary coding scheme generally used in computer technology to represent data as binary bits (1s and 0s).

Answer 26

Digital

Question 27

A physically destructive method of sanitizing media; the act of separating into component parts.

Answer 27

Disintegration

Question 28

The act of discarding media with no other sanitization considerations. This is most often done by paper recycling containing non-confidential information but may also include other media.

Answer 28

Disposal

Question 29

use labels to determine the appropriate control to apply to data. Won’t modify labels in real-time.

Answer 29

DLP

Data Loss/Leakage Prevention

Question 30

establishes DIACAP

Answer 30

DOD 8510.01

Question 31

a disc the same shape and size as a CD; but the ? has a higher density and gives the option for data to be double-sided or double-layered.

Answer 31

DVD
Digital Video Disc

Question 32

ECM

Answer 32

Enterprise Content Management; centrally managed and controlled

Question 33

General term that refers to media on which data are recorded via an electrically based process.

Answer 33

Electronic Media

Question 34

a good way to secure files sent through the internet

Answer 34

Encrypt data

Question 35

You can see ALL BUT PAYLOAD, normally done by users

Answer 35

End to End

Question 36

Uses information as their job
Follows instructions in policies and guidelines
Due care (prevents open view by e.g. Clean desk)
Use corporation resources for corporation use

Answer 36

End user

Question 37

deletion of files or media, removes link to file, least effective

Answer 37

Erasing

Question 38

Process intended to render magnetically stored information irretrievable by normal means.

Answer 38

Erasure

Question 39

official series of publications relating to standards and guidelines adopted under the FISMA, Federal Information Security Management Act of 2002.

Answer 39

FIPS, Federal Information Processing Standards;

Question 40

Standards for categorizing information and information systems.

Answer 40

FIPS 199

Question 41

minimum security requirements for Federal information and information systems

Answer 41

FIPS 200

Question 42

Pre-established layout for data.

Answer 42

Format

Question 43

z-overseas compliance framework for organizations wishing to use personal data of EU citizens
Self-certify but Dpt. Of Transportation or ? can enforce
Gramm/Leach/Bailey Act delaying application to financial markets

Answer 43

FTC

Question 44

FTP and Telnet are unencrypted!

Answer 44

SFTP and SSH provide encryption to protect data and credentials that are used to log in

Question 45

A rigid magnetic disk fixed permanently within a drive unit and used for storing data.

Answer 45

Hard Disk

Question 46

A physically destructive method of sanitizing media; the act of burning completely to ashes.

Answer 46

Incineration

Question 47

Meaningful interpretation or expression of data.

Answer 47

Information

Question 48

classifications and defines level of access and method to store and transmit information

Answer 48

Information policy

Question 49

Metadata of subject (its classification) or object (its clearance) relating to the operational processes of mandatory access control systems .

Answer 49

Label

Question 50

to make sure data is identifiable by its classification level. Some label all media that contains data to prevent reuse of Public media for sensitive data.

Answer 50

Label Data

Question 51

z-is usually point to point EVERYTHING ENCRYPTED
“Black pipe, black oil, black ping pong balls” all data is encrypted, normally did by service providers

Answer 51

Link

Question 52

act of identifying that material is classified but not revealing the classification; no label is visible.

Answer 52

Marking

Question 53

Plural of medium.

Answer 53

Media

Question 54

A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

Answer 54

Media Sanitization

Question 55

Material on which data are or may be recorded, such as paper, punched cards, magnetic tape, magnetic disks, solid state devices, or optical discs.

Answer 55

Medium

Question 56

A physically destructive method of sanitizing media; to be changed from a solid to a liquid state generally by the application of heat.

Answer 56

Melting

Question 57

NIST

Answer 57

National Institute of Standards and Technology

Question 58

z-special publications address computer security in a variety of areas

Answer 58

NIST SP 800 series

Question 59

z-legal agreement that prevents employees from sharing proprietary information

Answer 59

Non-disclosure Agreement

Question 60

A plastic disk that is “written” (encoded) and “read” using an optical laser device.

Answer 60

Optical Disks

Question 61

Writing patterns of data on top of the data stored on a magnetic medium.

Answer 61

Overwrite

NSA has researched that one overwrite is good enough to sanitize most drives. See comments on clear/purge convergence.

Question 62

z-overwrites with pattern, may miss

Answer 62

Overwriting wiping shredding

Question 63

credit cards, provides a set of security controls /standards

Answer 63

PCI-DSS

Payment and Card Industry – Security Standards Council;

Question 64

Deals with the knowledge that employees gain while employed.

Answer 64

Personnel Retention

Question 65

A sanitization method for optical media, such as CDs.

Answer 65

Physical Destruction

Question 66

A physically destructive method of sanitizing media; the act of grinding to a powder or dust.

Answer 66

Pulverization

Question 67

Rendering sanitized data unrecoverable by laboratory attack methods. See comments on clear/purge convergence.

Answer 67

Purge

Question 68

More intense than clearing. Media can be reused in lower systems. Removal of sensitive data with the intent that the data cannot be reconstructed by any known technique.

Answer 68

Purging

Question 69

assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes.

Answer 69

QA

Question 70

assessment of quality based on internal standards

Answer 70

QC

Question 71

Fundamental process in an information system that results only in the flow of information from an object to a subject.

Answer 71

Read

Question 72

To write data on a medium, such as a magnetic tape, magnetic disk, or optical disc.

Answer 72

Record

Question 73

retaining and maintaining information for as long as it’s needed

Answer 73

Record Retention

Question 74

how long data retained and maintained

Answer 74

Record Retention Policies

Question 75

Action necessary to store data files of an information system and computational capability after a system failure.

Answer 75

Recovery Procedures

Question 76

Residual information remaining on storage media after clearing.

Answer 76

Remanence

Question 77

use strong encryption, like AES256, to ensure loss of media does not result in data breach

Answer 77

Removable Media

Question 78

Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place.

Answer 78

Residue

Question 79

Downgrading equipment for reuse will probably be more expensive than buying new

Answer 79

Reuse

Question 80

Generally a commercially available disc or solid state device on which the content was recorded during the manufacturing process.

Answer 80

ROM
Read Only Memory

Question 81

Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.

Answer 81

Sanitize

Question 82

Series of processes that removes data, ensures data is unrecoverable by any means. Removing a computer from service and disposed of. All storage media removed or destroyed.

Answer 82

Sanitizing

Question 83

reviewing baseline security controls and selecting only those controls that apply to the IT system you’re trying to protect.

Answer 83

Scoping

Question 84

An overwrite technology using firmware based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.

Answer 84

Secure Erase

Question 85

Strategic, develops policies and guidelines

Answer 85

Security Analyst

Question 86

involves security scope, providing security management responsibilities and testing security measures for effectiveness. Strategic 5 years Tactical shorter than strategic Operational day to day, short term

Answer 86

Security planning

Question 87

authenticates and defines technology used to control information access and distribution

Answer 87

Security policies

Question 88

ultimate responsibility

Answer 88

Senior Manager

Question 89

A method of sanitizing media; the act of cutting or tearing into small particles.

Answer 89

Shred

Question 90

Specify use of specific technologies in a uniform way

Answer 90

Standards

Question 91

Retrievable retention of data. Electronic, electrostatic, or electrical hardware or other elements (media) into which data may be entered, and from which data may be retrieved.

Answer 91

Storage

Question 92

adding assessment procedures or assessment details to adequately meet the risk management needs of the organization.

Answer 92

Supplementation

Question 93

Select security controls

Answer 93

System Owners

Question 94

lists hardware / software to be used and steps to undertake to protect infrastructure

Answer 94

SYSTEM security policy

Question 95

modifying the list of security controls within a baseline so that they align with the mission of the organization.

Answer 95

Tailoring

Question 96

WORM

Answer 96

Write-Once Read Many.

Question 97

wipe a drive and fill with zeros

Answer 97

Zero fill

Question 98

exculpatory

Answer 98

evidence that is favorable to defendant, tends to exonerate

Question 99

inculpatory

Answer 99

evidence that shows guilt

Question 100

colocation cloud

Answer 100

Colocation cloud combines the benefits of colocation and cloud computing to provide a comprehensive solution that addresses the limitations of traditional data management approaches.

Question 101

blue team

Answer 101

defends from attacks

Question 102

red team

Answer 102

attacks

Question 103

white team

Answer 103

handles security incidents