Page405

  1. Which of the following describes a duty of the Data Owner?
    A. Patch systems
    B. Report suspicious activity
    C. Ensure their files are backed up
    D. Ensure data has proper security labels

Correct Answer and Explanation: D. Answer D is correct; the Data Owner ensures that data has proper security labels.

Incorrect Answers and Explanations: A, B, and C. Answers A, B, and C are incorrect. Custodians patch systems. Users should be aware and report suspicious activity. Ensuring files are backed up is a weaker answer for a Data Owner duty, used to confuse the Data Owner with "the owner of the file" on a discretionary access control system.

  1. Which control framework has 40 processes across five domains?
    A. COSO
    B. COBIT
    C. ITIL
    D. OCTAVE

Correct Answer and Explanation: B. Answer B is correct; COBIT has 40 Information Technology processes across the five domains.

Incorrect Answers and Explanations: A, C, and D. Answers A, C, and D are incorrect. All are audit or control frameworks, but only COBIT has 40 processes across five domains.

  1. Which phase of OCTAVE identifies vulnerabilities and evaluates safeguards?
    A. Phase 1
    B. Phase 2
    C. Phase 3
    D. Phase 4

Correct Answer and Explanation: B. Answer B is correct; Phase 2 identifies vulnerabilities and evaluates safeguards.

Incorrect Answers and Explanations: A, C, and D. Answers A, C, and D are incorrect. Phase 1 identifies staff knowledge, assets, and threats. Phase 3 conducts the Risk Analysis and develops the risk mitigation strategy. There is no Phase 4 in OCTAVE.

  1. Which of the following is the best method for securely removing data from a Solid State Drive that is not physically damaged?
    A. ATA secure erase
    B. Bit-level overwrite
    C. Degaussing
    D. File shredding

Correct Answer and Explanation: A. Answer A is correct; ATA Secure erase will reliably remove data from an undamaged Solid State Drive (SSD).

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. A bit-level overwrite will not reliably destroy all data on a Solid State Drive. Degaussing has no effect on non-magnetic media. File shredding (overwriting a file's contents before deleting) will also not reliably destroy all data on a Solid State Drive.

  1. The release of what type of classified data could lead to "exceptionally grave damage to the national security"?
    A. Confidential
    B. Secret
    C. Sensitive but Unclassified (SBU)
    D. Top Secret

Correct Answer and Explanation: D. Answer D is correct; the release of top secret data could lead to "exceptionally grave damage to the national security."

Incorrect Answers and Explanations: A, B, and C. Answers A, B, and C are incorrect. The release of confidential data could lead to "damage to the national security." The release of secret data could lead to "serious damage to the national security." The release of SBU data is not a matter of national security, but is important for other reasons, including protecting individual's PII.