Chapter 2 ■ Asset Security (Domain 2) 29
- Staff in an information technology (IT) department who are delegated responsibility for
day-to-day tasks hold what data role?
A. Business owner
B. User
C. Data processor
D. Custodian - Susan works for an American company that conducts business with customers in the
European Union. What is she likely to have to do if she is responsible for handling PII
from those customers?
A. Encrypt the data at all times.
B. Label and classify the data according to HIPAA.
C. Conduct yearly assessments to the PCI DSS standard.
D. Comply with a standard such as the US-EU Privacy Shield. - Ben has been tasked with identifying security controls for systems covered by his organiza-
tion’s information classification system. Why might Ben choose to use a security baseline?
A. It applies in all circumstances, allowing consistent security controls.
B. They are approved by industry standards bodies, preventing liability.
C. They provide a good starting point that can be tailored to organizational needs.
D. They ensure that systems are always in a secure state. - What term is used to describe overwriting media to allow for its reuse in an environment
operating at the same sensitivity level?
A. Clearing
B. Erasing
C. Purging
D. Sanitization - Which of the following classification levels is the United States (U.S.) government’s
classification label for data that could cause damage but wouldn’t cause serious or grave
damage?
A. Top S e c re t
B. Secret
C. Confidential
D. Classified - What issue is common to spare sectors and bad sectors on hard drives as well as overprovi-
sioned space on modern SSDs?
A. They can be used to hide data.
B. They can only be degaussed.
C. They are not addressable, resulting in data remanence.
D. They may not be cleared, resulting in data remanence.