Skip to content

Page081

Summary of Exam Objectives

In this domain we discussed the concept of data classification, in use for millennia. We discussed the roles required to protect data, including business or mission owners, data owners, system owners, custodians, and users.

An understanding of the remanence properties of volatile and non-volatile memory and storage mediums are critical security concepts to master. We discussed RAM, ROM, types of PROMs, flash memory, and Solid State Drives (SSDs), including remanence properties and secure destruction methods. Finally, we discussed well-known standards, including PCI-DSS and the ISO 27000 series, as well as standards processes including scoping and tailoring.

Self-Test

Note
Please see the Self-Test Appendix for explanations of all correct and incorrect answers.

  1. What type of memory is used often for CPU registers?
    A. DRAM
    B. Firmware
    C. ROM
    D. SRAM

  2. What type of firmware is erased via ultraviolet light?
    A. EPROM
    B. EEPROM
    C. Flash memory
    D. PROM

  3. What describes the process of determining which portions of a standard will be employed by an organization?
    A. Baselines
    B. Policies
    C. Scoping
    D. Tailoring

  4. What term means that a vendor no longer sells a product?
    A. End of Support (EoS)
    B. Legacy
    C. End of Life (EoL)
    D. End of Support Life (EoSL)

  5. What was ISO 17799 renamed as?
    A. BS 7799-1
    B. ISO 27000
    C. ISO 27001
    D. ISO 27002

  6. Which of the following describes a duty of the Data Owner?
    A. Patch systems
    B. Report suspicious activity
    C. Ensure their files are backed up
    D. Ensure data has proper security labels

  7. Which control framework has 40 processes across five domains?
    A. COSO
    B. COBIT
    C. ITIL®
    D. OCTAVE®

  8. Which phase of OCTAVE® identifies vulnerabilities and evaluates safeguards?
    A. Phase 1
    B. Phase 2
    C. Phase 3
    D. Phase 4

  9. Which of the following is the best method for securely removing data from a Solid State Drive that is not physically damaged?
    A. ATA secure erase
    B. Bit-level overwrite
    C. Degaussing
    D. File shredding

  10. The release of what type of classified data could lead to “exceptionally grave damage to the national security”?
    A. Confidential
    B. Secret C. Sensitive but Unclassified (SBU)
    D. Top Secret

  11. A company outsources payroll services to a third party company. Which of the following roles most likely applies to the third party payroll company?
    A. Data controller
    B. Data handler
    C. Data owner
    D. Data processor

  12. Which managerial role is responsible for the actual computers that house data, including the security of hardware and software configurations?
    A. Custodian
    B. Data owner
    C. Mission owner
    D. System owner

  13. What method destroys the integrity of magnetic media such as tapes or disk drives by exposing them to a strong magnetic field, destroying the integrity of the media and the data it contains?
    A. Bit-level overwrite
    B. Degaussing
    C. Destruction
    D. Shredding

  14. What type of relatively expensive and fast memory uses small latches called “flip-flops” to store bits?
    A. DRAM
    B. EPROM
    C. SRAM
    D. SSD

  15. What type of memory stores bits in small capacitors (like small batteries)?
    A. DRAM
    B. EPROM
    C. SRAM
    D. SSD