Domain 2 Asset Security University Quiz

1.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

Which of these should NOT be part of a data retention policy?

Which backup system we use for backing our data up.

How long do we keep the data?

Where do we keep the backup data?

Which data do we keep?

Answer explanation

A backup policy would address which systems and media we would use, the retention policy would only deal with what, how long, where and similar topics.

2.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

We have many different types of memory. Which type is volatile?

Flash memory.

DRAM

PROM

EEPROM

Answer explanation

RAM (Random Access memory) is volatile memory. It loses the memory content after a power loss or within a few minutes. ROM (Read Only memory) is nonvolatile it retains memory after power loss.

3.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

We keep our backup data for as long as the information is usable or if we are required to by law, standards, or regulations. What is this an example of?

Proper data encryption.

Proper data handling.

Proper data retention.

Proper data storage.

Answer explanation

Data Retention: Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater).

4.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

In designing our data retention policy, which of these should NOT be a consideration?

Which data do we keep?

How long do we keep the data?

Where do we keep the backup data?

How to safely destroy the data after the retention has expired?

Answer explanation

A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics.

5.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

When a system has been certified, what does that mean?

The data owner has accepted the certification and the residual risk, which is required before the system is put into production.

The data steward has accepted the certification and the residual risk, which is required before the system is put into production.

It has met the data stewards' security requirements.

It has met the data owners' security requirements.

Answer explanation

Certification is when a system has been certified to meet the security requirements of the data owner. Certification considers the system, the security measures taken to protect the system, and the residual risk represented by the system.

6.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

Senior leadership has approved the use of flash drives. Which type of memory do they use?

EEPROM

PROM

SDRAM.

DRAM.

Answer explanation

Flash memory: Small portable drives (USB sticks are an example); they are a type of EEPROM.

7.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

Which of these is NOT an acceptable form of dealing with remanence?

Degaussing

Disk shredding.

Overwriting.

Formatting.

Answer explanation

Formatting puts a new file structure over the old one, the data is still recoverable in most cases.

8.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

In building a new system, we need to ensure we protect the Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) standard. Which of these is protected under the HIPAA standard?

All of these.

URLs

Full dates.

IP addresses.

Answer explanation

Under the US Health Insurance Portability and Accountability Act (HIPAA), Protected Health Information (PHI) that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

9.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

Which of these is a COMMON attack against data at rest?

Stealing unencrypted laptops.

Screen scrapers.

Keyloggers.

MITM

Answer explanation

If we do not encrypt our laptops which uses the data from our database, it is a very good attack vector for someone wanting to steal our data.

10.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

To ensure the confidentiality, integrity, and availability of our backup tapes, where would it be appropriate to store them?

In a backup storage facility.

Our data center.

A closet we have access to.

Under the bed.

Answer explanation

Where do we keep our sensitive data? It should be kept in a secure, climate-controlled facility, preferably geographically distant or at least far enough away that potential incidents will not affect that facility too. Many older breaches were from bad policies around tape backups. Tapes were kept at the homes of employees instead of at a proper storage facility or in a storage room with no access logs and no access restrictions (often unencrypted).

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers