RCR 063: CISSP Sample Exam Questions (Domain 2) - CISSP Training and Study

Published: Jan. 29, 2020, 11 p.m.

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  072

Jared plays a role in his company’s data classification system. In this role, he must practice due care when accessing data and ensure that the data is used only in accordance with allowed policy while abiding by the rules set for the classification of the data. He does not determine, maintain, or evaluate controls, so what is Jared’s role?

  1. Data owner
  2. Data custodian
  3. Data user
  4. Information systems auditor

Answer: C. Any individual who uses data for work-related tasks is a data user. Users must have the necessary level of access to the data to perform the duties within their position and are responsible for following operational security procedures to ensure the data’s confidentiality, integrity, and availability to others. This means that users must practice due care and act in accordance with both security policy and data classification rules.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165


Question:  073

Michael is charged with developing a data classification program for his company. Which of the following should he do first?

  1. Understand the different levels of protection that must be provided
  2. Specify data classification criteria
  3. Identify the data custodians
  4. Determine protection mechanisms for each classification level

Answer: A. Before Michael begins developing his company’s classification program, he must understand the different levels of protection that must be provided. Only then can he develop the necessary classification levels and their criteria. One company may choose to use only two layers of classification, whereas another may choose to use more. Regardless, when developing classification levels, he should keep in mind that too many or too few classification levels will render the classification ineffective; there should be no overlap in the criteria definitions between classification levels; and classification levels should be developed for both data and software.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165


Question:  074

Which of the following is NOT a factor in determining the sensitivity of data?

  1. Who should be accessing the data
  2. The value of the data
  3. How the data will be used
  4. The level of damage that could be caused should the data be exposed

Answer: C. How the data will be used has no bearing on how sensitive it is. In other words, the data is sensitive no matter how it will be used—even if it is not used at all.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165


Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/