RCR 086: Information Classification in 6 Steps - CISSP Training and Study!

Published: March 23, 2020, 10:50 a.m.

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.   

In this episode, Shon will talk about the following items that are included within Domain 2 (Asset Security) of the CISSP Exam. 

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ 

CISSP Exam Questions 

Question:  138 

Which of the following is something that should be required of an offsite backup facility that stores backed-up media for companies? 
A. The facility should be within 10 to 15 minutes of the original facility to ensure easy access. 
B. The facility should contain all necessary PCs and servers and should have raised flooring. 
C. The facility should be protected by an armed guard. 
D. The facility should protect against unauthorized access and entry.

D. This question addresses a facility that is used to store backed-up data; it is not talking about an offsite facility used for disaster recovery purposes. The facility should not be only 10 to 15 minutes away, because some types of disasters could destroy both the company’s main facility and this facility if they are that close together, in which case the company would lose all of its information. The facility should have the same security standards as the company’s security, including protection against unauthorized access. 


Question:  139 

Which item will a business impact analysis not identify? 
A. Whether the company is best suited for a parallel or full-interrupt test 
B. What areas would suffer the greatest operational and financial loss in the event of a particular disaster or disruption 
C. What systems are critical for the company and must be highly protected 
D. What amount of outage time a company can endure before it is permanently crippled 

A. All the other answers address the main components of a business impact analysis. Determining the best type of exercise or drill to carry out is not covered under this type of analysis 


Question:  140 

Which areas of a company are recovery plans recommended for? 
A. The most important operational and financial areas 
B. The areas that house the critical systems 
C. All areas 
D. The areas that the company cannot survive without 

C. It is best if every department within the company has its own contingency plan and procedures in place. These individual plans would “roll up” into the overall enterprise BCP. 


Want to find Shon elsewhere on the internet?