CISSP Official Practice Tests by Mike Chapple, David Seidl

(chelsyfait) #1

Chapter 2 ■ Asset Security (Domain 2) 49



  1. Which California law requires conspicuously posted privacy policies on commercial web-
    sites that collect the personal information of California residents?
    A. The Personal Information Protection and Electronic Documents Act
    B. The California Online Privacy Protection Act
    C. California Online Web Privacy Act
    D. California Civil Code 1798.82

  2. Fred is preparing to send backup tapes offsite to a secure third-party storage facility. What
    steps should Fred take before sending the tapes to that facility?
    A. Ensure that the tapes are handled the same way the original media would be handled
    based on their classification.
    B. Increase the classification level of the tapes because they are leaving the possession of
    t he company.
    C. Purge the tapes to ensure that classified data is not lost.
    D. Decrypt the tapes in case they are lost in transit.

  3. Which of the following does not describe data in motion?


A. Data on a backup tape that is being shipped to a storage facility
B. Data in a TCP packet
C. Data in an e-commerce transaction
D. Data in files being copied between locations


  1. A new law is passed that would result in significant financial harm to your company if the
    data that it covers was stolen or inadvertently released. What should your organization do
    about this?
    A. Select a new security baseline.
    B. Relabel the data.
    C. Encrypt all of the data at rest and in transit.
    D. Review its data classifications and classify the data appropriately.

  2. Ed has been asked to send data that his organization classifies as confidential and propri-
    etary via email. What encryption technology would be appropriate to ensure that the con-
    tents of the files attached to the email remain confidential as they traverse the internet?
    A. SSL
    B. TLS
    C. PGP
    D. VPN

Free download pdf