40 Chapter 2 ■ Asset Security (Domain 2)
- If Chris is one of the data owners for the organization, what steps in this process is he
most likely responsible for?
A. He is responsible for steps 3, 4, and 5.
B. He is responsible for steps 1, 2, and 3.
C. He is responsible for steps 5, 6, and 7.
D. All of the steps are his direct responsibility. - Chris manages a team of system administrators. What data role are they fulfilling if they
conduct steps 6, 7, and 8 of the classification process?
A. They are system owners and administrators.
B. They are administrators and custodians.
C. They are data owners and administrators.
D. They are custodians and users. - If Chris’s company operates in the European Union and has been contracted to handle the
data for a third party, what role is his company operating in when it uses this process to
classify and handle data?
A. Business owners
B. Mission owners
C. Data processors
D. Data administrators - Which of the following is not one of the European Union’s General Data Protection Regu-
lation (GDPR) principles?
A. Information must be processed fairly.
B. Information must be deleted within one year of acquisition.
C. Information must be maintained securely.
D. Information must be accurate. - Ben’s company, which is based in the European Union, hires a third-party organization
that processes data for it. Who has responsibility to protect the privacy of the data and
ensure that it isn’t used for anything other than its intended purpose?
A. Ben’s company is responsible.
B. The third-party data processor is responsible.
C. The data controller is responsible.
D. Both organizations bear equal responsibility.