RCR 063: Quick Study CISSP Exam Questions - CISSP Training and Study!

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  072

Jared plays a role in his company’s data classification system. In this role, he must practice due care when accessing data and ensure that the data is used only in accordance with allowed policy while abiding by the rules set for the classification of the data. He does not determine, maintain, or evaluate controls, so what is Jared’s role?

1. Data owner
2. Data custodian
3. Data user
4. Information systems auditor

Answer: C. Any individual who uses data for work-related tasks is a data user. Users must have the necessary level of access to the data to perform the duties within their position and are responsible for following operational security procedures to ensure the data’s confidentiality, integrity, and availability to others. This means that users must practice due care and act in accordance with both security policy and data classification rules.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165

------------------------------------

Question:  073

Michael is charged with developing a data classification program for his company. Which of the following should he do first?

1. Understand the different levels of protection that must be provided
2. Specify data classification criteria
3. Identify the data custodians
4. Determine protection mechanisms for each classification level

Answer: A. Before Michael begins developing his company’s classification program, he must understand the different levels of protection that must be provided. Only then can he develop the necessary classification levels and their criteria. One company may choose to use only two layers of classification, whereas another may choose to use more. Regardless, when developing classification levels, he should keep in mind that too many or too few classification levels will render the classification ineffective; there should be no overlap in the criteria definitions between classification levels; and classification levels should be developed for both data and software.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165

------------------------------------

Question:  074

Which of the following is NOT a factor in determining the sensitivity of data?

1. Who should be accessing the data
2. The value of the data
3. How the data will be used
4. The level of damage that could be caused should the data be exposed

Answer: C. How the data will be used has no bearing on how sensitive it is. In other words, the data is sensitive no matter how it will be used—even if it is not used at all.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• https://www.isc2.org/Training/Self-Study-Resources

TRANSCRIPT: 

  what can reduce the risk podcast episode 63 cissp sample exam questions domain to welcome to reduce cyber risk podcast where we provide you the training tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host of this action-packed informative podcast join me each week cuz I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam all right good morning buddy how you all doing hope you all having a wonderful day this beautiful day and Roses releases on a Wednesday we are having a great day here in Kansas actually supposed to be I think 40° with snow and possibly rain later today with mixed with snow tomorrow morning and tomorrow afternoon about 3 to 5 in of snow so not too shabby no but I do have a snowblower that I bought many years ago number to okay Jared plays a role in his company's data classification program in this role he must practice do care when accessing data and ensure that the data is used only in accordance with allowed policies while abiding by the rules set for the classification of the data he does not determine maintain or evaluate controls so what is Jared roll dice of you followed us with one episode of he was 61 or 62 we talked a little bit about this role within the company so they is data owner be is did a custodian see is did a user or D and information systems auditor all right so he plays it to Monroe Lori plays Department role as role he must practice do care when accessing data and ensures that the data is used only in accordance with allowed policy while abiding by the rules set for classification of beta he doesn't not determine maintain or evaluate the controls so what is his role related custodian seeded user ID Information Systems auditor and the answer is C an individual who uses data for work-related tasks as a data user they are the ones that fall into that bucket but having a certain level of accessing information available to them they don't have to worry about anyting else as far as maintaining evaluating all the controls they're just a user of that information and basically means that this user must practice do care and act in accordance with both security policy and data for classification Rule brainscape and will have my links are the in the links cancel 5 charging go check it out run with it so but yeah that's around data custodian data user and data owner which we talked about episode 62 but again the answer is CJ user alright the next question Michael is charged with developing a data classification program for his company which of the following should he do first a understand the different levels of protection that must be provided be specified data classification criteria C identified its custodians D determine protection mechanisms for each classification level following should he do first understand the different levels of protection that must be provided so yeah yeah misunderstand if you going to be secret top secret unclassified business confidential Business secret one of them might be best if I did classification criteria what is the criteria which you would classify something secret top secret identify data custodians who's going to be basically responsible for maintaining it and then D determine the protection mechanisms for each classification level a right basically before Michael begins he's got to determine what's going to what are the different levels of protection that must be provided so he's got to do that and he's got to work with some his leaders and the people that own the data to understand what are the different levels then once that's done he can then start building out the classification pieces to it and determine the criteria to determine the custodians and so on and so forth so those are important parts of you first must understand the different levels of protection that must be provided again off of brainscape flashcards and check that out the following is not a factor in determining the sensitivity of data turn the data a b the value of the data c-holiday does doobie use D the level of damage that could be caused should the date of be exposed which of the following is not a factor in determining the sensitivity of the data who should be accessing the data give the data see the data to be used or D the level of damage that could be caused should the day to be exposed answer is see how the data is will be used has no bearing on how sensitive it is okay in other words the data is sensitive no matter how it will be used even if it is not used at all again when you're taking the cissp exam focus on some keywords when this one here's the tricky one which of the following is not a factor in determining the sensitivity of the data I have for you today hope you guys have a go out to Shawn gerber.com and check out the free stuff that I've got available I got a free trip mini courses available for you specifically that you can go out and check that out and it'll help you pass the cissp the first time it's a got about eight different videos that are available for you over my cissp training and I guarantee you it will be extremely helpful to you all right I hope you have a wonderful day and we'll catch you on the flip side how old is Sean gerber.com and look at all the free content that I have available for you there is a cissp mini course free cissp exam questions podcast and so much more it's all available to my email subscriber so sign up if you want my first need a help you with your cissp need so you can pass the test the first time thanks so much for listening will catch you on the flip side CPI