CCT 053: CISSP Exam Questions (Domain 2)

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Hey there, how are you all doing? This is Sean Gerber with CISSP Cyber Training. I hope you all are having a beautiful day, but today is CISSP exam question Thursday, so we're going to go over some CISSP exam questions to help you pass the CISSP the first time. All right, so what's the first question? Question one okay, this is dealing with domain two. So question one the primary difference between content-based and context-based data classification. A the technologies used for classification. B the sensitivity of the data being classified. C the focus of the data's content versus the usage or relation to the data. Or D the level of involvement in the classification process. Okay, so the question is what is the primary difference between content-based and context-based data classification? And the answer is C the focus of the data's content versus the usage or relation to the other data. So what does that come down to is is that, again, it's a context, one of the things that you're dealing with content. I'm going to say content versus context. Content deals with the data, such as credit card numbers, social security numbers, personal addresses and so forth. Context focuses on the context in which the data is used in relation to the other types of data. Again, at whatever applications using it that might fly into the face of context or might follow into context Information. Number two during which stage of the information life cycle is data converted into a format that can be easily analyzed or used in decision making? A creation and collection, b processing, c distribution or depreservation? Again, what information life cycle is the data converted into a format that can be easily analyzed or used in decision making? And the answer is B processing. The processing stage of the information life cycle involves transforming the raw data into a format that can be easily analyzed or used in decision making. Question three what is the most appropriate level of data classification for trade secrets and classified research? A public, b internal use, de-confidential or. D highly confidential, slash, restricted. What is the most appropriate level of data classification? or trade secrets, that and clive, or trade secrets and classified research? And the answer is, if you guys probably guessed it, d highly confidential and restricted. Again, trade secrets are of the most sensitive nature, so therefore they should be protected that way, and highly confidential and restricted will fall into suit for that. Question four what method of asset classification would likely involve categorization of assets into groups like web servers, database servers and application servers? What method of asset classification would likely involve categorization of assets into groups like web servers, database servers and or application servers? And question A is function B information security, d location or C location, d ownership. Okay, function information sensitivity, location or ownership. If you look at those, you can throw out a couple of them, but the main one is a function. Function based asset classification focuses on grouping the assets based on what they're used for right. So, such as a web server, database servers, those would fall within the function based classification. Question five which of the following asset life cycle stages involves ensuring that the assets continue to function correctly and securely? A acquisition, b use, c maintenance or D disposal? Okay, which of the following asset life cycle stages involves ensuring that the assets continue to function correctly and securely? A acquisition, b use, c maintenance or D disposal? And the answer is C maintenance. It is the maintenance part. So the maintenance stage of the asset life cycle includes regular activities to ensure that the asset continues to function correctly and securely. Question six which data classification method involves sophisticated tools that can accurately analyze unstructured data in various formats? A content based classification, c or C. B context based classification. C user based classification or D none of the above. So which classification method involves sophisticated tools that can accurately analyze unstructured data and various formats? And the answer is a content based classification. Content based classification requires very sophisticated tools to look at the data because it's got to understand the unstructured data in various formats and therefore plugging in what it's going to take to make it work. So content based classification does need very sophisticated tools In the context. Question seven in the context of data classification, when would user based classifications be most useful? A, when the data is relatively uniform and sensitivity. B when the data sensitivity is best understood by the people working with it. Or C, when there is a restrict regulatory requirements to adhere to. Or D when data is being shared with external parties. So, in the context of data classification, when would user based classification be most useful? Okay, again, user based, focus on that. When it is. B, when data sensitivity is the best understood by people working on it again, users. User based classification is the most useful when organizations or the sensitivity of the data can be widely and best understood by people working it. Question eight which asset classification method would involve categorization of assets into groups like finance, hr or it departments? A, function, b information sensitivity, c, location or D ownership? Hmm, question Which asset classification method would involve categorization assets into groups like finance, hr and or IT departments? And the answer is D ownership. Ownerships based on asset classification involves grouping these assets based on who owns them or is responsible for them. Ideally, if you can get them in by the individual to be ownership, that would be great, but that gets to be problematic. So, yes, it's based on ownership. Question nine a company that processes credit card payments needs to classify its assets. What type of classification classification should be applied? A, function, b information sensitivity, c location or D regulatory requirements. A company that processes credit card payments needs to classify its assets. What type of classification should be applied? A function, b information sensitivity, d location or regulatory requirements? is D, and the answer is D regulatory requirements. Any asset involved in processing credit cards must comply with PCI DSS. Right, your payment card industry data security standard, and these fall within the regulatory requirements. If you don't follow those, you don't get to use your credit cards. And the last question for this podcast is which of the following is not commonly used level of data classification A public, b internal use, c secret or D highly confidential, slash, restricted. Which of the following is not commonly used level of data classification? And the answer is C secret. Even though secret is used a lot in the military and other government organizations, it is not typically used with commercial entities And so therefore it's you would focus on the other ones. Now, that being said, your company may go work for, may decide to use secret and top secret and super Uber top secret, but in most cases it is not used. It's public, internal, highly confidential or confidential. All right, that's all I've got for today. I hope you guys have a wonderful day and we will catch you on the flip side, see you.