RCR 064: CISSP Sample Exam Questions - CISSP Training and Study

Published: Feb. 1, 2020, 6 p.m.

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  075

As head of sales, Jim is the data owner for the sales department. Which of the following is not Jim’s responsibility as data owner?

  1. Assigning information classifications
  2. Dictating how data should be protected
  3. Verifying the availability of data
  4. Determining how long to retain data

Answer: C. The responsibility of verifying the availability of data is the only responsibility listed that does not belong to the data (information) owner. Rather, it is the responsibility of the data (information) custodian. The data custodian is also responsible for maintaining and protecting data as dictated by the data owner. This includes performing regular backups of data, restoring data from backup media, retaining records of activity, and fulfilling information security and data protection requirements in the company’s policies, guidelines, and standards. Data owners work at a higher level than the data custodians. The data owners basically state, “This is the level of integrity, availability, and confidentiality that needs to be provided—now go do it.” The data custodian must then carry out these mandates and follow up with the installed controls to make sure they are working properly.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Question:  076

Assigning data classification levels can help with all of the following except:

  1. The grouping of classified information with hierarchical and restrictive security
  2. Ensuring that nonsensitive data is not being protected by unnecessary controls
  3. Extracting data from a database
  4. Lowering the costs of protecting data

Answer: C. Data classification does not involve the extraction of data from a database. However, data classification can be used to dictate who has access to read and write data that is stored in a database. Each classification should have separate handling requirements and procedures pertaining to how that data is accessed, used, and destroyed. For example, in a corporation, confidential information may only be accessed by senior management. Auditing could be very detailed and its results monitored daily, and degaussing or overwriting procedures may be required to erase the data. On the other hand, information classified as public may be accessed by all employees, with no special auditing or destruction methods required.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Question:  077

Susan, an attorney, has been hired to fill a new position at Widgets, Inc.: chief privacy officer (CPO). What is the primary function of her new role?

  1. Ensuring the protection of partner data
  2. Ensuring the accuracy and protection of company financial information
  3. Ensuring that security policies are defined and enforced
  4. Ensuring the protection of customer, company, and employee data

Answer: [Ensuring the protection of customer, company, and employee data] The chief privacy officer (CPO) position is being created by companies in response to the increasing demands on organizations to protect myriad types of data. The CPO is responsible for ensuring the security of customer, company, and employee data, which keeps the company free from legal prosecution and—hopefully—out of the headlines. Thus, the CPO is directly involved with setting policies on how data is collected, protected, and distributed to third parties. The CPO is usually an attorney and reports to the chief security officer (CSO).

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: