28 Chapter 2 ■ Asset Security (Domain 2)
- Angela is an information security architect at a bank and has been assigned to ensure that
transactions are secure as they traverse the network. She recommends that all transactions
use TLS. What threat is she most likely attempting to stop, and what method is she using
to protect against it?
A. Man-in-the-middle, VPN
B. Packet injection, encryption
C. Sniffing, encryption
D. Sniffing, TEMPEST - Control Objectives for Information and Related Technology (COBIT) is a framework for
information technology (IT) management and governance. Which data management role
is most likely to select and apply COBIT to balance the need for security controls against
business requirements?
A. Business owners
B. Data processors
C. Data owners
D. Data stewards - What term is used to describe a starting point for a minimum security standard?
A. Outline
B. Baseline
C. Policy
D. Configuration guide - When media is labeled based on the classification of the data it contains, what rule is
typically applied regarding labels?
A. The data is labeled based on its integrity requirements.
B. The media is labeled based on the highest classification level of the data it contains.
C. The media is labeled with all levels of classification of the data it contains.
D. The media is labeled with the lowest level of classification of the data it contains. - Which one of the following administrative processes assists organizations in assigning
appropriate levels of security control to sensitive information?
A. Information classification
B. Remanence
C. Transmitting data
D. Clearing - How can a data retention policy help to reduce liabilities?
A. By ensuring that unneeded data isn’t retained
B. By ensuring that incriminating data is destroyed
C. By ensuring that data is securely wiped so it cannot be restored for legal discovery
D. By reducing the cost of data storage required by law