Professional Documents
Culture Documents
Information
Systems
Security
CISSP ® Professional
Domain 2
(©) Copyright ThorTeaches 2018 -
1
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Data Classification
Policies:
Labels.
Clearance.
Shon Harris,
(©) Copyright ThorTeaches 2018 -
Pages 197 3
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Question:
What would be a COMMON attack on our data at
rest?
A. Eavesdropping.
B. All of these.
C. Cryptanalysis.
D. Shoulder surfing.
Question:
An attacker has stolen one of our backup tapes. What
could prevent the data on the tape from being
accessible?
A. Proper data retention.
B. Proper data storage.
C. Proper data encryption.
D. Proper data handling.
Shon Harris,
(©) Copyright ThorTeaches 2018 -
Pages 88 6
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Question:
When assigning sensitivity to our data, which of
these should NOT be a factor?
A. Who will have access to the data.
B. What the data is worth.
C. How bad a data exposure would be.
D. How the data will be used.
(©) Copyright ThorTeaches 2018 -
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Question:
We are wanting to erase EPROM memory to update to
the latest firmware. How would we do that?
A. Shine an UV light on the chip.
B. It can’t be erased once it has been written.
C. We can use programs to erase the content.
D. Taking the chip out of the motherboard and
degauss it.
(©) Copyright ThorTeaches 2018 -
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Question:
We have many different types of memory. Which type is
volatile?
A. DRAM.
B. Flash Memory.
C. PROM.
D. EEPROM.
Question:
Senior leadership has approved the use of flash
drives. Which type of memory do they use?
A. SDRAM.
B. EEPROM.
C. PROM.
D. DRAM.
(©) Copyright ThorTeaches 2018 -
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Data Destruction:
Paper disposal.
Digital disposal.
Deleting, formatting and overwriting.
Shon Harris,
(©) Copyright ThorTeaches 2018 -
Pages 196 12
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Data Destruction:
Degaussing destroys magnetic media
Full physical destruction
Doing multiple types of data
destruction
Question:
Which of these would be something we would
consider for proper data disposal of SSD drives?
A. Deleting all files.
B. Degaussing.
C. Formatting.
D. Shredding.
(©) Copyright ThorTeaches 2018 -
CISSP® - Certified Information Systems Security Professional
DOMAIN 2: Asset Security.
Question:
We have chosen to use multiple types of data destruction on
our sensitive data. Why would we do that?
A. To ensure data is still accessible after the
destruction.
B. To make sure we have the old drives available.
C. To ensure there is no data remanence.
D. Because it is easier than just a single type of data
destruction.
Question:
What are we trying to get rid of with when we do our
data disposal?
A. The data content.
B. The data in use.
C. Data remanence.
D. How long we keep the data.
Question:
As part of our backup policy we are deciding
on how long we should keep our backups.
What should we base that decision on?
A. 1 month, as long as we have a full backup of
everything.
B. All data is required to be kept 1 year.
C. Forever, we can never get rid of backup data.
D. As long as it is useful or required, whichever is longer.
(©) Copyright ThorTeaches 2018 -