(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike Chapple
Читать онлайн.| Название | (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests |
|---|---|
| Автор произведения | Mike Chapple |
| Жанр | Зарубежная компьютерная литература |
| Серия | |
| Издательство | Зарубежная компьютерная литература |
| Год выпуска | 0 |
| isbn | 9781119787648 |
2.3 Provision resources securely
2.4 Manage data lifecycle
2.5 Ensure appropriate asset retention (e.g. End-of-Life (EOL), End-of-Support (EOS))
2.6 Determine data security controls and compliance requirements
1 Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she most likely using to protect against it?Man-in-the-middle, VPNPacket injection, encryptionSniffing, encryptionSniffing, TEMPEST
2 Control Objectives for Information and Related Technology (COBIT) is a framework for information technology (IT) management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements?Business ownersData processorsData ownersData stewards
3 Nadia's company is operating a hybrid cloud environment with some on-site systems and some cloud-based systems. She has satisfactory monitoring on-site, but needs to apply security policies to both the activities her users engage in and to report on exceptions with her growing number of cloud services. What type of tool is best suited to this purpose?A NGFWA CASBAn IDSA SOAR
4 When media is labeled based on the classification of the data it contains, what rule is typically applied regarding labels?The data is labeled based on its integrity requirements.The media is labeled based on the highest classification level of the data it contains.The media is labeled with all levels of classification of the data it contains.The media is labeled with the lowest level of classification of the data it contains.
5 Which one of the following administrative processes assists organizations in assigning appropriate levels of security control to sensitive information?Data classificationRemanenceTransmitting dataClearing
6 How can a data retention policy help to reduce liabilities?By ensuring that unneeded data isn't retainedBy ensuring that incriminating data is destroyedBy ensuring that data is securely wiped so it cannot be restored for legal discoveryBy reducing the cost of data storage required by law
7 Staff in an information technology (IT) department who are delegated responsibility for day-to-day tasks hold what data role?Business ownerUserData processorCustodian
8 Helen's company uses a simple data lifecycle as shown in the figure here. What stage should come first in their data lifecycle?Data policy creationData labelingData collectionData analysis
9 Ben has been tasked with identifying security controls for systems covered by his organization's information classification system. Why might Ben choose to use a security baseline?It applies in all circumstances, allowing consistent security controls.They are approved by industry standards bodies, preventing liability.They provide a good starting point that can be tailored to organizational needs.They ensure that systems are always in a secure state.
10 Megan wants to prepare media to allow for its reuse in an environment operating at the same sensitivity level. Which of the following is the best option to meet her needs?ClearingErasingPurgingSanitization
11 Mikayla wants to identify data that should be classified that already exists in her environment. What type of tool is best suited to identifying data like Social Security numbers, credit card numbers, and similar well-understood data formats?Manual searchingA sensitive data scanning toolAn asset metadata search toolA data loss prevention system (DLP)
12 What issue is common to spare sectors and bad sectors on hard drives as well as overprovisioned space on modern SSDs?They can be used to hide data.They can only be degaussed.They are not addressable, resulting in data remanence.They may not be cleared, resulting in data remanence.
13 Naomi knows that commercial data is typically classified based on different criteria than government data. Which of the following is not a common criterion for commercial data classification?Useful lifespanData valueImpact to national securityRegulatory or legal requirementsFor questions 14–16, please refer to the following scenario:Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations.
14 What term best describes data that is resident in system memory?Data at restBuffered dataData in useData in motion
15 What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it?ClassificationSymmetric encryptionWatermarksMetadata
16 What type of encryption is best suited for use on the file servers for the proprietary data, and how might you secure the data when it is in motion?TLS at rest and AES in motionAES at rest and TLS in motionVPN at rest and TLS in motionDES at rest and AES in motion
17 What does labeling data allow a DLP system to do?The DLP system can detect labels and apply appropriate protections based on rules.The DLP system can adjust labels based on changes in the classification scheme.The DLP system can modify labels to permit requested actions.The DLP system can delete unlabeled data.
18 Why is it cost effective to purchase high-quality media to contain sensitive data?Expensive media is less likely to fail.The value of the data often far exceeds the cost of the media.Expensive media is easier to encrypt.More expensive media typically improves data integrity.
19 Chris is responsible for workstations throughout his company and knows that some of the company's workstations are used to handle both proprietary information and highly sensitive trade secrets. Which option best describes what should happen at the end of their life (EOL) for workstations he is responsible for?ErasingClearingSanitizationDestruction
20 Fred wants to classify his organization's data using common labels: private, sensitive, public, and proprietary. Which of the following should he apply to his highest classification level based on common industry practices?PrivateSensitivePublicProprietary
21 What scenario describes data at rest?Data in an IPsec tunnelData in an e-commerce transactionData stored on a hard driveData stored in RAM
22 If you are selecting a security standard for a Windows 10 system that processes credit cards, what security standard is your best choice?Microsoft's Windows 10 security baselineThe CIS Windows 10 baselinePCI DSSThe NSA Windows 10 Secure Host BaselineFor questions 23–25, please refer to the following scenario:The Center for Internet Security (CIS) works with subject matter experts from a variety of industries to create lists of security controls for operating systems, mobile devices, server software, and network devices. Your organization has decided to use the CIS benchmarks for your systems. Answer the following questions based on this decision.
23 The CIS benchmarks are an example of what practice?Conducting a risk assessmentImplementing data labelingProper system ownershipUsing security baselines
24 Adjusting the CIS benchmarks to your organization's mission and your specific IT systems would involve what two processes?Scoping and selectionScoping and tailoringBaselining and tailoringTailoring and selection
25 How should you determine which controls from the baseline should be applied to a given system or software package?Consult the custodians of the data.Select based on the data classification of the data it stores or handles.Apply the same controls to all systems.Consult the business owner of the process the system or data supports.
26 The company that Henry works for operates in the EU and collects data about their customers. They send that data to a third party to analyze and provide reports to help the company make better business decisions. What term best describes the third-party analysis company?The data controllerThe data ownerThe data subjectThe data processor
27 The government defense contractor that Selah works for has recently shut down a major research project and is planning on reusing the hundreds of thousands