CCT 097: CISSP Practice Questions - Applying Resource Protections for the CISSP Exam (CISSP Domain 7.5)

Ready to become a CISSP expert? With this episode, we're going to decode the complex subject of CISSP domain 7.5 - protection of media types, as we sail through its tricky waters. A special highlight of this week's episode is the CISSP Question Thursday segment, featuring targeted questions designed to sharpen your skills and make your CISSP exam prep a walk in the park. You'll also get an insider's view of how a study blueprint can be your compass, guiding you towards your CISSP exam success. 

Hear firsthand accounts from past learners who achieved their CISSP goals by following this strategy. The episode doesn't stop at the blueprint though. We'll also delve into secure practices for offsite media storage and why you should not be storing all backups in one location. So join me, Sean Gerber, on this enriching exploration of media types, and let's ace this exam together!

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

TRANSCRIPT

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started, hey y'all, sean Gerber, with CISSP Cyber Training. How are you all today? Today is what is it? What is today? Today is CISSP Question Thursday, so we are excited to provide you a bunch of questions that will help you understand and study for the CISSP exam. These are toad. These are toad. These are not a toad, no, these are focused on the CISSP domain 7.5 and we're going to be focused on protection of media types. So if you want to any understanding of what needs to be done as far as understanding these questions, you can listen to the podcast that occurred on the previous Monday and that will give you the guidance and the direction of what we're going to be talking about from the questions today. So the ultimate goal of each of these podcasts is to basically build on each other, so that we go from each of the domains one through eight and we take a section and we then talk about the section on a Monday. We follow that up with CISSP questions on Thursday, so that way you have an understanding of the content and how you may see some of the questions on the test. I do know that when I've had people that have taken this test that work for me, some of my students that have done well they all come back and say the blueprint is amazing. You follow the blueprint, you will pass the CISSP. And I know when I studied for the CISSP I spent gobs of time and got so confused and didn't know what to do that I just kind of tried to break it down into pieces and hence that's where the blueprint came from. So if you go to CISSP Cyber Training, you will see the blueprint CISSPcybertrainingcom. All right, so let's get started. We are in 7.5 and we're going to be locked. Talking about question number one. Question one which of the following media types is most vulnerable to environmental factors such as temperature and humidity? A cloud storage. B solid state drives or otherwise known as SSDs. C magnetic tapes or. D optical disks yes, some of those you may not have heard of much other than if you probably listened to the podcast on Monday because guess what? Yeah, the magnetic tapes aren't around much anymore. But again, which of the following media types are most vulnerable to environmental factors like temperature and humidity? And the answer is C magnetic tapes. These are particularly sensitive to environmental factors such as temperature and humidity, which can degrade their quality and lead to data loss. Obviously, ssds are very sensitive in some environmental factors obviously shaking or dropping but at the end of the day they're not quite as bad. Cloud storage and optical disks are less affected by such environmental issues. Question number two In media management, what is the primary purpose of degausing in disposal of media? In the media management aspect, what is the primary purpose of degausing in the disposal of media? A data sanitization, b encryption of data. C physical destruction or D environmental recycling. Okay, so what is the primary purpose of degausing as it relates to the disposal of media? And the answer is A data sanitization. Degausing is a method used to sanitize the data, which basically puts a really strong magnetic field out to use to destroy the data that's on the drive itself. Now it basically designs to ensure that the data cannot be recovered, which is crucial for sensitive information that you don't want out to anybody else. Question three which of the following is not a repeat, not a recommended practice for secure offsite media storage? A regular audits of storage facilities makes no sense. B use of climate control environments. C ensuring that the facility has a robust physical security or. D storing all baked backups. It's not a bake right Storing all backups in a single location. Which of the following is not recommended practice for secure off-site media storage? And the answer is D storing all the backups in a single location. Why is that? Well, because if it's all in a location and something bad happens like an earthquake and they all go away, earthquake's probably a little bit dramatic, but you fire. You know your kid is at home with his new Frappe and spills it all over your hard drives. Yeah, it's not good. Every reason I talk about Frappe is my wife has a coffee truck now, which is pretty cool, and I had no idea what a Frappe was. I guess I call it a Frappe, but yeah, and I didn't even know what skinny was. Like. I have some young ladies come to the truck going can I have a skinny? Blankety, blankety, blank, and I'm like what is a skinny? But it's basically sugar-free. So they use different words, very different language. Question four what is the primary benefit of using a role-based access control R-B-A-C in media protection? What is the primary benefit of using a role-based access control our back in media protection? A data encryption, b physical security enhancement, c restricting access based on user roles or D reducing the cost of security. So the primary benefit of a role-based access or R-B-A-C is C restricting access based control based on user controls, user roles. Sorry, let me just say that again, restricting access based on user roles. So that's R-B-A-C. It again depends on the individual user and you have a specific role within the organization and it grants the access only for the data that is necessary for that specific role. Question five in the context of media-related security breaches. Why is maintaining a chain of custody important in forensic analysis In the context of a media-related security breach, which basically means your USB was stolen or something along those lines? Why is maintaining a chain of custody important in forensic analysis? A to ensure data encryption, b for environmental protection, c to comply with storage protocols, or D to prove the integrity of the origin of the device and origin of the device? Okay, so again, media-related security breach. Why maintaining a chain of custody is important? And it's D to prove the integrity and origin of the device. It's important to have that and chain of custody is a big factor, especially if you're trying to deal and go down the path of legal retribution and criminal prosecution. Question six which of the following is a key consideration when implementing physical security measures for media protection? A fire suppression systems. B password policies, c data encryption standards or D role-based access controls, which are the following key considerations when implementing physical security measures? Key term physical security measures or key words I should say Fire suppression systems. A that is a key physical security measure that's put in place to help prevent damage from fire hazards and that's the overall purpose. Question seven what is the main advantage of using AES encryption for data on media? What does that mean? I don't really remember AES. That's encryption technology. A low cost. B environmental resistance. C strong cryptographic security or. D easy implementation. What is the main advantage of using AES encryption for data on media? The answer is C strong cryptology, cryptographic security. Aes stands for advanced encryption standard. I didn't want to say the word because you'd probably give it away. Encryption is a strong cryptographic security. You want to make it highly effective in protecting your sensitive data in pretty much almost all types of various media out there. Question eight which of these is not a stage in the data lifecycle management? Which of these is not a stage in the data life cycle management? We talked about this A creation, b encryption, c storage or D destruction. Which one is not a stage in the data life cycle management? The answer is B encryption. Encryption is a security measure. It's not a stage in data life cycle. You may do encryption on your systems after you create them, but you do not specifically encrypt them as a life cycle stage. Question nine, which is why is it important to have media specific incident response plans. Why is it important to have a media specific incident response plan? A to comply with legal requirements, b for faster data recovery, c to reduce the cost of incidents or D to address unique challenges of media-related breaches. Okay, so why is it important to have a media-specific incident response plan? And the answer is D to address unique challenges of media-related breaches. Again, media-specific incidents. They can be very unique and you must have a situation in place to deal with them specifically. I've had that situation occur multiple times where my standard incident response process just really doesn't meet the mustard. I know it's a really old term, but it doesn't really cut the mustard. It doesn't really meet the level where it needs to be. It needs to. It's just too verbose from a standard incident response, so you should have something that is specifically designed for media-related breaches or events. Question 10, what role does climate control play in physical security of media? What role does climate control play in the physical security of media? A protect media from environmental damage. B preventing unauthorized access. C data encryption or D ensuring compliance with legal standards. What role does climate control play in the physical security of media? And the answer is A protecting media from environmental damage that, such as temperature, humidity, extremes and so forth, can cause havoc on your systems. Question 11, in the context of GDPR, why is secure media destruction important? Again, the regulation, gdpr, general data privacy regulation. Why is media destruction important? A to ensure data availability, b for legal compliance with data protection laws. C to enhance physical security or D to reduce storage costs. And the answer is B the legal compliance with data protection laws, laws like GDPR. They do mandate appropriate measures to prevent unauthorized access of data and this includes a disposal of that data, and you need to have that documented to ensure that you are properly protecting it? Question 12, which of the following best describes the purpose of using biometric systems in media access control? Which of the following best describes the purpose of using biometric systems in media access control A enhancing logical access security. B reducing environmental impact. C facilitating easier access to users or D decreasing operational costs? Well, if you know anything about biometrics, they don't do anything for environmental impact, they are not easier for users and they do not decrease operational costs. So the answer, if you didn't know, would be logical access security. They're used basically around this. By using these biological characteristics, such as fingerprints and iris scans, they help control the access to the specific media. Question 13, which is the primary concern when transporting sensitive media off site? A minimizing transportation time. B ensuring robust encryption, c avoiding detection by unauthorized parties, or D preventing physical damage during transit Was a primary concern when transporting sensitive media off site, and that's D preventing physical damage during transit. Yeah, dropping hard drives not a good thing. Dropping media tapes, even though they don't, that isn't a bad thing. I mean it is a bad thing, but it isn't going to destroy it specifically, unless you drop it in a puddle. But you need to make sure that you have good, positive control of taking any sensitive media off site to prevent any sort of physical damage? Question 14, almost there, almost done. Which of the following is a key factor in selecting an off site storage facility for media? A proximity to the main office. B the facility security certifications and physical safeguards. C the cost of storage. Or. D the storage capacity of the facility. Which of the following is a key factor in selecting an off site storage facility for media? And the answer is B the facility security certifications and physical safeguards are a key factor when you are picking someplace off site. You. If they had their act together, then you will want to continue to put your stuff there. Question 15, why is it important to include public relations or PR teams in media related incident response? Okay, I pull them in on any response. Pr needs to be pulled in any time. A to manage the organization's public image and communication. B to assist with technical aspects probably not Provide legal advice. That's the next question. Next answer yeah, it could be. Maybe depends if your PR team has legal team. And then C is to conduct forensic analysis, not them. So why is it important for a public relations team in a media related incident response? A to manage your organization's public image and communications. You need a PR team to help mitigate any sort of communications that has to occur to the individuals as well as to the media itself. I would say really stupid things on air, but your PR people know how to say these things in a way that doesn't come across like okay, there's nobody driving this boat, they're all a bunch of fools and we're all going down with the ship. Yeah, that's what, that's how I would say it, but the riverbodies, else they would probably be much more eloquent. And then myself, my third grade education and being a farm boy from Iowa, that is kind of what I think about. So, all right, that is all I have for today. Go to CISSP, cyber trainingcom and you can go there. You can get access to all of my training there, it's all. It's a plethora, a cornucopia, a very large amount of data that's there for you to pass the CISSP. You want to do the blueprint, you do. My prices are going to be changing just a little bit. I'm making some changes to my packages, that and adding a lot more bonuses to it. I just I'm on there, almost there, almost almost there. So if you're going to be interested, I get in there ahead of time. I would do it sooner rather than later, because the prices are going to go up. Just because my time is so short, I don't have a whole lot of time to spend and so therefore, and there's been a lot of overwhelming response to the product, so I kind of have to make some changes, but you are going to be very happy with the product. You do follow my, my blueprint, you will pass the CISSP and you know what? There's a lot more future for you, a lot more opportunities, if you get that darn certification done. All right, have a great day and we will catch you on the flip side, see you.