41.
Which one of the following identifies the primary a purpose of information classification
processes?
- A.Define the requirements for protecting sensitive data.
- B.Define the requirements for backing up data.
- C.Define the requirements for storing data.
- D.Define the requirements for transmitting data.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| A primary purpose of information classification processes is to identify security classifications for sensitive data and define the requirements to protect sensitive data. Information classification processes will typically include requirements to protect sensitive data at rest (in backups and stored on media), but not requirements for backing up and storing any data. Similarly, information classification processes will typically include requirements to protect sensitive data in transit, but not any data. |
42.
When determining the classification of data, which one of the following is the most
important consideration?
- A.Processing system
- B.Value
- C.Storage media
- D.Accessibility
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Data is classified based on its value to the organization. In some cases, it is classified based on the potential negative impact if unauthorized personnel can access it, which represents a negative value. It is not classified based on the processing system, but the processing system is classified based on the data it processes. Similarly, the storage media is classified based on the data classification, but the data is not classified based on where it is stored. Accessibility is affected by the classification, but the accessibility does not determine the classification. Personnel implement controls to limit accessibility of sensitive data. |
43.
Which of the following answers would not be included as sensitive data?
- A.Personally identifiable information (PII)
- B.Protected health information (PHI)
- C.Proprietary data
- D.Data posted on a website
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Data posted on a website is not sensitive, but PII, PHI, and proprietary data are all sensitive data. |
44.
What is the most important aspect of marking media?
- A.Date labeling
- B.Content description
- C.Electronic labeling
- D.Classification
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Classification is the most important aspect of marking media because it clearly identifies the value of the media and users know how to protect it based on the classification. Including information such as the date and a description of the content isn’t as important as marking the classification. Electronic labels or marks can be used, but when they are used, the most important information is still the classification of the data. |
45.
Which would an administrator do to classified media before reusing it in a less secure
environment?
- A.Erasing
- B.Clearing
- C.Purging
- D.Overwriting
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Purging media removes all data by writing over existing data multiple times to ensure that the data is not recoverable using any known methods. Purged media can then be reused in less secure environments. Erasing the media performs a delete, but the data remains and can easily be restored. Clearing, or overwriting, writes unclassified data over existing data, but some sophisticated forensics techniques may be able to recover the original data, so this method should not be used to reduce the classification of media. |
|
|
||||||||||||||||||||||||||||
