Quix5 - D2 - 50Q

Charles has been asked to downgrade the media used for storage of private data for his organization. What process should Charles follow?

Which of the following tasks are not performed by a system owner per NIST SP 800-18?

NIST SP 800-60 provides a process shown in the following diagram to assess information systems. What process does this diagram show?

Which letters on this diagram are locations where you might find data at rest?

What would be the best way to secure data at points B, D, and F?

What is the best way to secure files that are sent from workstation A via the internet service (C) to remote server E?

Susan needs to provide a set of minimum security requirements for email. What steps should she recommend for her organization to ensure that the email remains secure?

What term describes the process of reviewing baseline security controls and selecting only the controls that are appropriate for the IT system you are trying to protect?

What data role does a system that is used to process data have?

Which one of the following is not considered PII under U.S. federal government regulations?

What type of health information is the Health Insurance Portability and Accountability Act required to protect?

What encryption algorithm would provide strong protection for data stored on a USB thumb drive?

Lauren’s multinational company wants to ensure compliance with the EU GDPR. Which principle of the GDPR states that the individual should have the right to receive personal information concerning himself or herself and share it with another data controller?

What is the best method to sanitize a solid-state drive (SSD)?

As shown in the following security lifecycle diagram (loosely based on the NIST reference architecture), NIST uses a five-step process for risk management. What data role will own responsibility for step 1, the categorization of information systems; to whom will they delegate step 2; and what data role will be responsible for step 3?

As shown in the following security lifecycle diagram (loosely based on the NIST reference architecture), NIST uses a five-step process for risk management. If the systems that are being assessed all handle credit card information (and no other sensitive data), at what step would the PCI DSS first play an important role?

What data security role is primarily responsible for step 5?

Susan’s organization performs a zero fill on hard drives before they are sent to a third-party organization to be shredded. What issue is her organization attempting to avoid?

Embedded data used to help identify the owner of a file is an example of what type of label?

Retaining and maintaining information for as long as it is needed is known as what?

Which of the following activities is not a consideration during data classification?

What type of encryption is typically used for data at rest?

Fred is preparing to send backup tapes offsite to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?

Which of the following does not describe data in motion?

A new law is passed that would result in significant financial harm to your company if the data that it covers was stolen or inadvertently released. What should your organization do about this?

Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the internet?

Which mapping correctly matches data classifications between nongovernment and government classification schemes?

Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she using to protect against it?

Control Objectives for Information and Related Technology (COBIT) is a framework for information technology (IT) management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements?

What term is used to describe a starting point for a minimum security standard?

When media is labeled based on the classification of the data it contains, what rule is typically applied regarding labels?

Which one of the following administrative processes assists organizations in assigning appropriate levels of security control to sensitive information?

How can a data retention policy help to reduce liabilities?

Staff in an information technology (IT) department who are delegated responsibility for day-to-day tasks hold what data role?

Susan works for an American company that conducts business with customers in the European Union. What is she likely to have to do if she is responsible for handling PII from those customers?

Ben has been tasked with identifying security controls for systems covered by his organization’s information classification system. Why might Ben choose to use a security baseline?

What term is used to describe overwriting media to allow for its reuse in an environment operating at the same sensitivity level?

What issue is common to spare sectors and bad sectors on hard drives as well as overprovisioned space on modern SSDs?

What term describes data that remains after attempts have been made to remove the data?

Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What civilian data classifications best fit this data?

Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it?

Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What type of encryption should you use on the file servers for the proprietary data, and how might you secure the data when it is in motion?

What does labeling data allow a DLP system to do?

Why is it cost effective to purchase high-quality media to contain sensitive data?

Chris is responsible for workstations throughout his company and knows that some of the company’s workstations are used to handle proprietary information. Which option best describes what should happen at the end of their lifecycle for workstations he is responsible for?

What scenario describes data at rest?

If you are selecting a security standard for a Windows 10 system that processes credit cards, what security standard is your best choice?

The CIS benchmarks are an example of what practice?

How should you determine what controls from the baseline a given system or software package should receive?

What problem with FTP and Telnet makes using SFTP and SSH better alternatives?