- Basic Security Principles
- Data Management: Determine and Maintain Ownership
- Data Standards
- Data Security, Protection, Sharing, and Dissemination
- Classifying Information and Supporting Assets
- Asset Management and Governance
- Determine Data Security Controls
- Laws, Standards, Mandates and Resources
- Exam Prep Questions
- Answers to Exam Prep Questions
- Need to Know More?
Exam Prep Questions
Which of the following levels best represents the military classification system?
A. Confidential, private, sensitive, and public
B. Top secret, secret, private, sensitive, and public
C. Top secret, confidential, private, sensitive, and unclassified
D. Top secret, secret, confidential, sensitive, and unclassified
Which of the following standards describes how well a system or process is documented?
A. ISO 27001
B. ISO 9001
C. ISO 27002
D. ISO 17799
Which of the following endpoint security controls could have been used to potentially prevent malware such as Stuxnet, Conficker, and Flame?
A. Implementing disk encryption
B. Hardening edge devices
C. Blocking removable media
D. Enforcing application whitelisting
Place the following in their proper order:
A. Determine SLE, ARO, and ALE, then asset value.
B. Determine asset value, then ARO, SLE, and ALE.
C. Determine asset value, then SLE, ALE, and SLE.
D. Determine asset value, then SLE, ARO, and ALE.
The downside of performing this type of assessment is that you are not working with dollar values, so it is sometimes harder to communicate the results of the assessment to management. Which of the following assessment types does this describe?
C. Numeric mitigation
D. Red team
Which of the following categories of control can include the logical mechanisms used to control access and authenticate users?
Which of the following is incorrect when describing an SED?
A. Eases compliance
B. Slow performance
C. Ease of use
D. Strong security
Which of the following is the top level of protection for commercial business classification?
C. Top secret
Which of the following is the most specific of security documents?
The last thing you want in an organization is that everyone is accountable but no one is responsible. Therefore, the data owner should be in which of the following groups?
A. End users
B. Technical managers
C. Senior management
D. Everyone is responsible; therefore, all groups are owners
Which term best describes a symbol, word, name, sound, or thing that uniquely identifies a product or service?
A. Trade secret
After opening a new branch in the Midwest your company is analyzing buying patterns to determine the relationship between various items purchased. Which of the following best describes this situation?
A. Data mining
B. Knowledge management
C. Data warehouse
D. Data standards
Which ISO document is used for a standard for information security management?
A. ISO 27001
B. ISO 27002
C. ISO 27004
D. ISO 27799
Which of the following SAN solutions is fast, rides on top of Ethernet, yet is non-routable?
Who is ultimately responsible for the security of an asset?
A. Asset owner
D. Risk assessment team