Examen

Examen:

CISSP - (ISC)2 Certified Information Systems Security Professional - Chapter 05

1.-Which of the following provides the best protection against the loss of confidentiality for sensitive data?
A. Data labels
B. Data classifications
C. Data handling
D. Data degaussing methods

Administrators regularly back up data on all the servers within your organization. They annotate an archive copy with the server it came from and the date it was created, and transfer it to an unstaffed storage warehouse. Later, they discover that someone leaked sensitive emails sent between executives on the internet. Security personnel discovered some archive tapes are missing, and these tapes probably included the leaked emails.

2.-Of the following choices, what would have prevented this loss without sacrificing security?
A. Mark the media kept off site.
B. Dont store data off site.
C. Destroy the backups off site.
D. Use a secure off-site storage facility.

Administrators have been using tapes to back up servers in your organization. However, the organization is converting to a different backup system, storing backups on disk drives.

3.-What is the final stage in the lifecycle of tapes used as backup media?
A. Degaussing
B. Destruction
C. Declassification
D. Retention

You are updating your organizations data policy, and you want to identify the responsibilities of various roles.

4.-Which one of the following data roles is responsible for classifying data?
A. Controller
B. Custodian
C. Owner
D. User

You are tasked with updating your organizations data policy, and you need to identify the responsibilities of different roles.

5.-Which data role is responsible for implementing the protections defined by the security policy?
A. Data custodian
B. Data user
C. Data processor
D. Data controller

A company maintains an e-commerce server used to sell digital products via the internet. When a customer makes a purchase, the server stores the following information on the buyer: name, physical address, email address, and credit card data. Youre hired as an outside consultant and advise them to change their practices.

6.-Which of the following can the company implement to avoid an apparent vulnerability?
A. Anonymization
B. Pseudonymization
C. Move the company location
D. Collection limitation

You are performing an annual review of your companys data policy, and you come across some confusing statements related to security labeling.

7.-Which of the following could you insert to describe security labeling accurately?
A. Security labeling is only required on digital media.
B. Security labeling identifies the classification of data.
C. Security labeling is only required for hardware assets.
D. Security labeling is never used for nonsensitive data.

A database file includes personally identifiable information (PII) on several individuals, including Karen C. Park.

8.-Which of the following is the best identifier for the record on Karen C. Park?
A. Data controller
B. Data subject
C. Data processor
D. Data subject

Administrators regularly back up all the email servers within your company, and they routinely purge on-site emails older than six months to comply with the organizations security policy. They keep a copy of the backups on site and send a copy to one of the company warehouses for long-term storage. Later, they discover that someone leaked sensitive emails sent between executives over three years ago.

9.-Of the following choices, what policy was ignored and allowed this data breach?
A. Media destruction
B. Record retention
C. Configuration management
D. Versioning

An executive is reviewing governance and compliance issues and ensuring the security or data policy addresses them.

10.-Which of the following security controls is most likely driven by a legal requirement?
A. Data remanence
B. Record destruction
C. Data user role
D. Data retention

Your organization is donating several computers to a local school. Some of these computers include solid-state drives (SSDs).

11.-Which of the following choices is the most reliable method of destroying data on these SSDs?
A. Erasing
B. Degaussing
C. Deleting
D. Purging

A technician is about to remove disk drives from several computers. His supervisor told him to ensure that the disk drives do not hold any sensitive data.

12.-Which of the following methods will meet the supervisors requirements?
A. Overwriting the disks multiple times
B. Formatting the disks
C. Degaussing the disks
D. Defragmenting the disks

The IT department is updating the budget for the following year, and they want to include enough money for a hardware refresh for some older systems. Unfortunately, there is a limited budget.

13.-Which of the following should be a top priority?
A. Systems with an end-of-life (EOL) date that occurs in the following year
B. Systems used for data loss prevention
C. Systems used to process sensitive data
D. Systems with an end-of-support (EOS) date that occurs in the following year

Developers created an application that routinely processes sensitive data. The data is encrypted and stored in a database. When the application processes the data, it retrieves it from the databases, decrypts it for use, and stores it in memory.

14.-Which of the following methods can protect the data in memory after the application uses it?
A. Encrypt it with asymmetric encryption.
B. Encrypt it in the database.
C. Implement data loss prevention.
D. Purge memory buffers.

Your organizations security policy mandates the use of symmetric encryption for sensitive data stored on servers.

15.-Which one of the following guidelines are they implementing?
A. Protecting data at rest
B. Protecting data in transit
C. Protecting data in use
D. Protecting the data lifecycle

An administrator is planning to deploy a database server and wants to ensure it is secure. She reviews a list of baseline security controls and identifies the security controls that apply to this database server.

16.-What is this called?
A. Tokenization
B. Scoping
C. Standards selection
D. Imaging

An organization is planning to deploy an e-commerce site hosted on a web farm. IT administrators have identified a list of security controls they say will provide the best protection for this project. Management is now reviewing the list and removing any security controls that do not align with the organizations mission.

17.-What is this called?
A. Tailoring
B. Sanitizing
C. Asset classification
D. Minimization

An organization is planning to use a cloud provider to store some data. Management wants to ensure that all data-based security policies implemented in the organizations internal network can also be implemented in the cloud.

18.-Which of the following will support this goal?
A. CASB
B. DLP
C. DRM
D. EOL

Management is concerned that users may be inadvertently transmitting sensitive data outside the organization. They want to implement a method to detect and prevent this from happening.

19.-Which of the following can detect outgoing, sensitive data based on specific data patterns and is the best choice to meet these requirements?
A. Antimalware software
B. Data loss prevention systems
C. Security information and event management systems
D. Intrusion prevention systems

20. A software developer created an application and wants to protect it with DRM technologies.

20.-Which of the following is she most likely to include? (Choose three.)
A. Virtual licensing
B. Persistent online authentication
C. Automatic expiration
D. Continuous audit trail