Скачать книгу

tapes used for the project for other purposes. When Selah reviews the company's internal processes, she finds that she can't reuse the tapes and that the manual says they should be destroyed. Why isn't Selah allowed to degauss and then reuse the tapes to save her employer money?Data permanence may be an issue.Data remanence is a concern.The tapes may suffer from bitrot.Data from tapes can't be erased by degaussing.

      28 Information maintained about an individual that can be used to distinguish or trace their identity is known as what type of information?Personally identifiable information (PII)Personal health information (PHI)Social Security number (SSN)Secure identity information (SII)

      29 Which of the following information security risks to data at rest would result in the greatest reputational impact on an organization?Improper classificationData breachDecryptionAn intentional insider threat

      30 Full disk encryption like Microsoft's BitLocker is used to protect data in what state?Data in transitData at restUnlabeled dataLabeled data

      31 The company that Katie works for provides its staff with mobile phones for employee use, with new phones issued every two years. What scenario best describes this type of practice when the phones themselves are still usable and receiving operating system updates?EOLPlanned obsolescenceEOSDevice risk management

      32 What is the primary purpose of data classification?It quantifies the cost of a data breach.It prioritizes IT expenditures.It allows compliance with breach notification laws.It identifies the value of the data to the organization.

      33 Fred's organization allows downgrading of systems for reuse after projects have been finished and the systems have been purged. What concern should Fred raise about the reuse of the systems from his Top Secret classified project for a future project classified as Secret?The Top Secret data may be commingled with the Secret data, resulting in a need to relabel the system.The cost of the sanitization process may exceed the cost of new equipment.The data may be exposed as part of the sanitization process.The organization's DLP system may flag the new system due to the difference in data labels.

      34 Which of the following concerns should not be part of the decision when classifying data?The cost to classify the dataThe sensitivity of the dataThe amount of harm that exposure of the data could causeThe value of the data to the organization

      35 Which of the following is the least effective method of removing data from media?DegaussingPurgingErasingClearingFor questions 36–38, please refer to the following scenario:The healthcare company that Amanda works for handles HIPAA data as well as internal business data, protected health information, and day-to-day business communications. Its internal policy uses the following requirements for securing HIPAA data at rest and in transit.ClassificationHandling RequirementsConfidential (HIPAA)Encrypt at rest and in transit.Full disk encryption is required for all workstations.Files can only be sent in encrypted form, and passwords must be transferred under separate cover.Printed documents must be labeled with “HIPAA handling required.”Private (PHI)Encrypt at rest and in transit.PHI must be stored on secure servers, and copies should not be kept on local workstations.Printed documents must be labeled with “Private.”Sensitive (business confidential)Encryption is recommended but not required.PublicInformation can be sent unencrypted.

      36 What encryption technology would be appropriate for HIPAA documents in transit?BitLockerDESTLSSSL

      37 Amanda's employer asks Amanda to classify patient X-ray data that has an internal patient identifier associated with it but does not have any way to directly identify a patient. The company's data owner believes that exposure of the data could cause damage (but not exceptional damage) to the organization. How should Amanda classify the data?PublicSensitivePrivateConfidential

      38 What technology could Amanda's employer implement to help prevent confidential data from being emailed out of the organization?DLPIDSA firewallUDP

      39 Jacob's organization uses the US government's data classification system, which includes Top Secret, Secret, Confidential, and Unclassified ratings (from most sensitive to least). Jacob encounters a system that contains Secret, Confidential, and Top Secret data. How should it be classified?Top SecretConfidentialSecretMixed classification

      40 Elle is planning her organization's asset retention efforts and wants to establish when the company will remove assets from use. Which of the following is typically the last event in a manufacturer or software provider's lifecycle?End of lifeEnd of supportEnd of salesGeneral availability

      41 Amanda has been asked to ensure that her organization's controls assessment procedures match the specific systems that the company uses. What activity best matches this task?Asset managementComplianceScopingTailoring

      42 Chris is responsible for his organization's security standards and has guided the selection and implementation of a security baseline for Windows PCs in his organization. How can Chris most effectively make sure that the workstations he is responsible for are being checked for compliance and that settings are being applied as necessary?Assign users to spot-check baseline compliance.Use Microsoft Group Policy.Create startup scripts to apply policy at system start.Periodically review the baselines with the data owner and system owners.

      43 Frank is reviewing his company's data lifecycle and wants to place appropriate controls around the data collection phase. Which of the following ensures that data subjects agree to the processing of their data?RetentionConsentCertificationRemanence

      44 As a DBA, Amy's data role in her organization includes technical implementations of the data policies and standards, as well as managing the data structures that the data is stored in. What data role best fits what Amy does?Data custodianData ownerData processorData user

      45 The company Jim works for suffered from a major data breach in the past year and now wants to ensure that it knows where data is located and if it is being transferred, is being copied to a thumb drive, or is in a network file share where it should not be. Which of the following solutions is best suited to tagging, monitoring, and limiting where files are transferred to?DRMDLPA network IPSAntivirus

      46 What security measure can provide an additional security control in the event that backup tapes are stolen or lost?Keep multiple copies of the tapes.Replace tape media with hard drives.Use appropriate security labels.Use AES-256 encryption.

      47 Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the US Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement?It ensures that someone has reviewed the data.It provides confidentiality.It ensures that the data has been changed.It validates who approved the data.

      48 Susan wants to manage her data's lifecycle based on retention rules. What technique can she use to ensure that data that has reached the end of its lifecycle can be identified and disposed of based on her organization's disposal processes?RotationDRMDLPTagging

      49 Ben has been asked to scrub data to remove data that is no longer needed by his organization. What phase of the data lifecycle is Ben most likely operating in?Data retentionData maintenanceData remanenceData collection

      50 Steve is concerned about the fact that employees leaving his organization were often privy to proprietary information. Which one of the following controls is most effective against this threat?SanitizationNDAsClearingEncryption

      51 Alex works for a government agency that is required to meet US federal government requirements for data security. To meet these requirements, Alex has been tasked with making sure data is identifiable by its classification level when it is created. What should Alex do to the data?Classify the data.Encrypt the data.Label the data.Apply DRM to the data.

      52 Ben is following the National Institute of Standards and Technology (NIST) Special Publication 800-88 guidelines for sanitization and disposition as shown here. He is handling information that his organization classified as sensitive, which is a moderate security categorization in the NIST model. If the media is going to be sold as surplus, what process does Ben need to follow?Source: NIST SP 800-88.Destroy, validate, documentClear, purge, documentPurge, document, validatePurge, validate, document

      53 What

Скачать книгу