Quix5 - D2 - 50Q

Descrição

Good Luck!
Requiemdust Sheena
Quiz por Requiemdust Sheena, atualizado more than 1 year ago
Requiemdust Sheena
Criado por Requiemdust Sheena mais de 4 anos atrás
24
0

Resumo de Recurso

Questão 1

Questão
Charles has been asked to downgrade the media used for storage of private data for his organization. What process should Charles follow?
Responda
  • A. Degauss the drives, and then relabel them with a lower classification level.
  • B. Pulverize the drives, and then reclassify them based on the data they contain.
  • C. Follow the organization’s purging process, and then downgrade and replace labels.
  • D. Relabel the media, and then follow the organization’s purging process to ensure that the media matches the label.

Questão 2

Questão
Which of the following tasks are not performed by a system owner per NIST SP 800-18?
Responda
  • A. Develops a system security plan
  • B. Establishes rules for appropriate use and protection of data
  • C. Identifies and implements security controls
  • D. Ensures that system users receive appropriate security training

Questão 3

Questão
NIST SP 800-60 provides a process shown in the following diagram to assess information systems. What process does this diagram show?
Responda
  • A. Selecting a standard and implementing it
  • B. Categorizing and selecting controls
  • C. Baselining and selecting controls
  • D. Categorizing and sanitizing

Questão 4

Questão
Which letters on this diagram are locations where you might find data at rest?
Responda
  • A. A, B, and C
  • B. C and E
  • C. A and E
  • D. B, D, and F

Questão 5

Questão
What would be the best way to secure data at points B, D, and F?
Responda
  • A. AES-256
  • B. SSL
  • C. TLS
  • D. 3DES

Questão 6

Questão
What is the best way to secure files that are sent from workstation A via the internet service (C) to remote server E?
Responda
  • A. Use AES at rest at point A, and use TLS in transit via B and D
  • B. Encrypt the data files and send them.
  • C. Use 3DES and TLS to provide double security.
  • D. Use full disk encryption at A and E, and use SSL at B and D.

Questão 7

Questão
Susan needs to provide a set of minimum security requirements for email. What steps should she recommend for her organization to ensure that the email remains secure?
Responda
  • A. All email should be encrypted.
  • B. All email should be encrypted and labeled.
  • C. Sensitive email should be encrypted and labeled.
  • D. Only highly sensitive email should be encrypted.

Questão 8

Questão
What term describes the process of reviewing baseline security controls and selecting only the controls that are appropriate for the IT system you are trying to protect?
Responda
  • A. Standard creation
  • B. CIS benchmarking
  • C. Baselining
  • D. Scoping

Questão 9

Questão
What data role does a system that is used to process data have?
Responda
  • A. Mission owner
  • B. Data owner
  • C. Data processor
  • D. Custodian

Questão 10

Questão
Which one of the following is not considered PII under U.S. federal government regulations?
Responda
  • A. Name
  • B. Social security number
  • C. Student ID number
  • D. ZIP code

Questão 11

Questão
What type of health information is the Health Insurance Portability and Accountability Act required to protect?
Responda
  • A. PII
  • B. PHI
  • C. SHI
  • D. HPHI

Questão 12

Questão
What encryption algorithm would provide strong protection for data stored on a USB thumb drive?
Responda
  • A. TLS
  • B. SHA1
  • C. AES
  • D. DES

Questão 13

Questão
Lauren’s multinational company wants to ensure compliance with the EU GDPR. Which principle of the GDPR states that the individual should have the right to receive personal information concerning himself or herself and share it with another data controller?
Responda
  • A. Onward transfer
  • B. Data integrity
  • C. Enforcement
  • D. Data portability

Questão 14

Questão
What is the best method to sanitize a solid-state drive (SSD)?
Responda
  • A. Clearing
  • B. Zero fill
  • C. Disintegration
  • D. Degaussing

Questão 15

Questão
As shown in the following security lifecycle diagram (loosely based on the NIST reference architecture), NIST uses a five-step process for risk management. What data role will own responsibility for step 1, the categorization of information systems; to whom will they delegate step 2; and what data role will be responsible for step 3?
Responda
  • A. Data owners, system owners, custodians
  • B. Data processors, custodians, users
  • C. Business owners, administrators, custodians
  • D. System owners, business owners, administrators

Questão 16

Questão
As shown in the following security lifecycle diagram (loosely based on the NIST reference architecture), NIST uses a five-step process for risk management. If the systems that are being assessed all handle credit card information (and no other sensitive data), at what step would the PCI DSS first play an important role?
Responda
  • A. Step 1
  • B. Step 2
  • C. Step 3
  • D. Step 4

Questão 17

Questão
What data security role is primarily responsible for step 5?
Responda
  • A. Data owners
  • B. Data processors
  • C. Custodians
  • D. Users

Questão 18

Questão
Susan’s organization performs a zero fill on hard drives before they are sent to a third-party organization to be shredded. What issue is her organization attempting to avoid?
Responda
  • A. Data remanence while at the third-party site
  • B. Mishandling of drives by the third party
  • C. Classification mistakes
  • D. Data permanence

Questão 19

Questão
Embedded data used to help identify the owner of a file is an example of what type of label?
Responda
  • A. Copyright notice
  • B. DLP
  • C. Digital watermark
  • D. Steganography

Questão 20

Questão
Retaining and maintaining information for as long as it is needed is known as what?
Responda
  • A. Data storage policy
  • B. Data storage
  • C. Asset maintenance
  • D. Record retention

Questão 21

Questão
Which of the following activities is not a consideration during data classification?
Responda
  • A. Who can access the data
  • B. What the impact would be if the data was lost or breached
  • C. How much the data cost to create
  • D. What protection regulations may be required for the data

Questão 22

Questão
What type of encryption is typically used for data at rest?
Responda
  • A. Asymmetric encryption
  • B. Symmetric encryption
  • C. DES
  • D. OTP

Questão 23

Questão
Fred is preparing to send backup tapes offsite to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?
Responda
  • A. Ensure that the tapes are handled the same way the original media would be handled based on their classification.
  • B. Increase the classification level of the tapes because they are leaving the possession of the company.
  • C. Purge the tapes to ensure that classified data is not lost.
  • D. Decrypt the tapes in case they are lost in transit.

Questão 24

Questão
Which of the following does not describe data in motion?
Responda
  • A. Data on a backup tape that is being shipped to a storage facility
  • B. Data in a TCP packet
  • C. Data in an e-commerce transaction
  • D. Data in files being copied between locations

Questão 25

Questão
A new law is passed that would result in significant financial harm to your company if the data that it covers was stolen or inadvertently released. What should your organization do about this?
Responda
  • A. Select a new security baseline.
  • B. Relabel the data.
  • C. Encrypt all of the data at rest and in transit.
  • D. Review its data classifications and classify the data appropriately.

Questão 26

Questão
Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the internet?
Responda
  • A. SSL
  • B. TLS
  • C. PGP
  • D. VPN

Questão 27

Questão
Which mapping correctly matches data classifications between nongovernment and government classification schemes?
Responda
  • A. Top Secret – Confidential/Proprietary Secret – Private Confidential – Sensitive
  • B. Secret – Business confidential Classified – Proprietary Confidential – Business internal
  • C. Top Secret – Business sensitive Secret – Business internal Confidential – Business proprietary
  • D. Secret – Proprietary Classified – Private Unclassified – Public

Questão 28

Questão
Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she using to protect against it?
Responda
  • A. Man-in-the-middle, VPN
  • B. Packet injection, encryption
  • C. Sniffing, encryption
  • D. Sniffing, TEMPEST

Questão 29

Questão
Control Objectives for Information and Related Technology (COBIT) is a framework for information technology (IT) management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements?
Responda
  • A. Business owners
  • B. Data processors
  • C. Data owners
  • D. Data stewards

Questão 30

Questão
What term is used to describe a starting point for a minimum security standard?
Responda
  • A. Outline
  • B. Baseline
  • C. Policy
  • D. Configuration guide

Questão 31

Questão
When media is labeled based on the classification of the data it contains, what rule is typically applied regarding labels?
Responda
  • A. The data is labeled based on its integrity requirements.
  • B. The media is labeled based on the highest classification level of the data it contains.
  • C. The media is labeled with all levels of classification of the data it contains.
  • D. The media is labeled with the lowest level of classification of the data it contains.

Questão 32

Questão
Which one of the following administrative processes assists organizations in assigning appropriate levels of security control to sensitive information?
Responda
  • A. Information classification
  • B. Remanence
  • C. Transmitting data
  • D. Clearing

Questão 33

Questão
How can a data retention policy help to reduce liabilities?
Responda
  • A. By ensuring that unneeded data isn’t retained
  • B. By ensuring that incriminating data is destroyed
  • C. By ensuring that data is securely wiped so it cannot be restored for legal discovery
  • D. By reducing the cost of data storage required by law

Questão 34

Questão
Staff in an information technology (IT) department who are delegated responsibility for day-to-day tasks hold what data role?
Responda
  • A. Business owner
  • B. User
  • C. Data processor
  • D. Custodian

Questão 35

Questão
Susan works for an American company that conducts business with customers in the European Union. What is she likely to have to do if she is responsible for handling PII from those customers?
Responda
  • A. Encrypt the data at all times.
  • B. Label and classify the data according to HIPAA.
  • C. Conduct yearly assessments to the PCI DSS standard.
  • D. Comply with a standard such as the US-EU Privacy Shield.

Questão 36

Questão
Ben has been tasked with identifying security controls for systems covered by his organization’s information classification system. Why might Ben choose to use a security baseline?
Responda
  • A. It applies in all circumstances, allowing consistent security controls.
  • B. They are approved by industry standards bodies, preventing liability.
  • C. They provide a good starting point that can be tailored to organizational needs.
  • D. They ensure that systems are always in a secure state.

Questão 37

Questão
What term is used to describe overwriting media to allow for its reuse in an environment operating at the same sensitivity level?
Responda
  • A. Clearing
  • B. Erasing
  • C. Purging
  • D. Sanitization

Questão 38

Questão
What issue is common to spare sectors and bad sectors on hard drives as well as overprovisioned space on modern SSDs?
Responda
  • A. They can be used to hide data.
  • B. They can only be degaussed.
  • C. They are not addressable, resulting in data remanence.
  • D. They may not be cleared, resulting in data remanence.

Questão 39

Questão
What term describes data that remains after attempts have been made to remove the data?
Responda
  • A. Residual bytes
  • B. Data remanence
  • C. Slack space
  • D. Zero fill

Questão 40

Questão
Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What civilian data classifications best fit this data?
Responda
  • A. Unclassified, confidential, top secret
  • B. Public, sensitive, private
  • C. Public, sensitive, proprietary
  • D. Public, confidential, private

Questão 41

Questão
Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it?
Responda
  • A. Classification
  • B. Symmetric encryption
  • C. Watermarks
  • D. Metadata

Questão 42

Questão
Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What type of encryption should you use on the file servers for the proprietary data, and how might you secure the data when it is in motion?
Responda
  • A. TLS at rest and AES in motion
  • B. AES at rest and TLS in motion
  • C. VPN at rest and TLS in motion
  • D. DES at rest and AES in motion

Questão 43

Questão
What does labeling data allow a DLP system to do?
Responda
  • A. The DLP system can detect labels and apply appropriate protections.
  • B. The DLP system can adjust labels based on changes in the classification scheme.
  • C. The DLP system can notify the firewall that traffic should be allowed through.
  • D. The DLP system can delete unlabeled data.

Questão 44

Questão
Why is it cost effective to purchase high-quality media to contain sensitive data?
Responda
  • A. Expensive media is less likely to fail.
  • B. The value of the data often far exceeds the cost of the media.
  • C. Expensive media is easier to encrypt.
  • D. More expensive media typically improves data integrity.

Questão 45

Questão
Chris is responsible for workstations throughout his company and knows that some of the company’s workstations are used to handle proprietary information. Which option best describes what should happen at the end of their lifecycle for workstations he is responsible for?
Responda
  • A. Erasing
  • B. Clearing
  • C. Sanitization
  • D. Destruction

Questão 46

Questão
What scenario describes data at rest?
Responda
  • A. Data in an IPSec tunnel
  • B. Data in an e-commerce transaction
  • C. Data stored on a hard drive
  • D. Data stored in RAM

Questão 47

Questão
If you are selecting a security standard for a Windows 10 system that processes credit cards, what security standard is your best choice?
Responda
  • A. Microsoft’s Windows 10 security baseline
  • B. The CIS Windows 10 baseline
  • C. PCI DSS
  • D. The NSA Windows 10 baseline

Questão 48

Questão
The CIS benchmarks are an example of what practice?
Responda
  • A. Conducting a risk assessment
  • B. Implementing data labeling
  • C. Proper system ownership
  • D. Using security baselines

Questão 49

Questão
How should you determine what controls from the baseline a given system or software package should receive?
Responda
  • A. Consult the custodians of the data.
  • B. Select based on the data classification of the data it stores or handles.
  • C. Apply the same controls to all systems.
  • D. Consult the business owner of the process the system or data supports.

Questão 50

Questão
What problem with FTP and Telnet makes using SFTP and SSH better alternatives?
Responda
  • A. FTP and Telnet aren’t installed on many systems.
  • B. FTP and Telnet do not encrypt data.
  • C. FTP and Telnet have known bugs and are no longer maintained.
  • D. FTP and Telnet are difficult to use, making SFTP and SSH the preferred solution.

Semelhante

Estatuto
renathanjo2
REAÇÕES QUÍMICAS
Yani
Catastrofes Naturais (flashcard)
niksonsadjo
Temas de Redação ENEM 2014
Alessandra S.
Níveis de organização dos seres vivos
GoConqr suporte .
Direito Processual Penal
thiago.tc3
Informática - questões gerais
António Mordido
Plano de estudos ENEM - Parte 1 *Humanas
GoConqr suporte .
O que estudar para Exame da Ordem
GoConqr suporte .
SIMULADÃO EA-HSG FATOS DA HISTÓRIA NAVAL PARTE 2
isac rodrigues
IMPROBIDADE ADMINISTRATIVA
Luiz Concursos