32 Chapter 2 ■ Asset Security (Domain 2)
- Adjusting the CIS benchmarks to your organization’s mission and your specific IT systems
would involve what two processes?
A. Scoping and selection
B. Scoping and tailoring
C. Baselining and tailoring
D. Tailoring and selection - How should you determine what controls from the baseline a given system or software
package should receive?
A. Consult the custodians of the data.
B. Select based on the data classification of the data it stores or handles.
C. Apply the same controls to all systems.
D. Consult the business owner of the process the system or data supports. - What problem with FTP and Telnet makes using SFTP and SSH better alternatives?
A. FTP and Telnet aren’t installed on many systems.
B. FTP and Telnet do not encrypt data.
C. FTP and Telnet have known bugs and are no longer maintained.
D. FTP and Telnet are difficult to use, making SFTP and SSH the preferred solution. - The government defense contractor that Saria works for has recently shut down a major
research project and is planning on reusing the hundreds of thousands of dollars of sys-
tems and data storage tapes used for the project for other purposes. When Saria reviews
the company’s internal processes, she finds that she can’t reuse the tapes and that the
manual says they should be destroyed. Why isn’t Saria allowed to degauss and then reuse
the tapes to save her employer money?
A. Data permanence may be an issue.
B. Data remanence is a concern.
C. The tapes may suffer from bitrot.
D. Data from tapes can’t be erased by degaussing. - Information maintained about an individual that can be used to distinguish or trace their
identity is known as what type of information?
A. Personally identifiable information (PII)
B. Personal health information (PHI)
C. Social Security number (SSN)
D. Secure identity information (SII) - What is the primary information security risk to data at rest?
A. Improper classification
B. Data breach