RCR 064: Key CISSP Exam Questions - CISSP Training and Study!

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  075

As head of sales, Jim is the data owner for the sales department. Which of the following is not Jim’s responsibility as data owner?

1. Assigning information classifications
2. Dictating how data should be protected
3. Verifying the availability of data
4. Determining how long to retain data

Answer: C. The responsibility of verifying the availability of data is the only responsibility listed that does not belong to the data (information) owner. Rather, it is the responsibility of the data (information) custodian. The data custodian is also responsible for maintaining and protecting data as dictated by the data owner. This includes performing regular backups of data, restoring data from backup media, retaining records of activity, and fulfilling information security and data protection requirements in the company’s policies, guidelines, and standards. Data owners work at a higher level than the data custodians. The data owners basically state, “This is the level of integrity, availability, and confidentiality that needs to be provided—now go do it.” The data custodian must then carry out these mandates and follow up with the installed controls to make sure they are working properly.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Question:  076

Assigning data classification levels can help with all of the following except:

1. The grouping of classified information with hierarchical and restrictive security
2. Ensuring that nonsensitive data is not being protected by unnecessary controls
3. Extracting data from a database
4. Lowering the costs of protecting data

Answer: C. Data classification does not involve the extraction of data from a database. However, data classification can be used to dictate who has access to read and write data that is stored in a database. Each classification should have separate handling requirements and procedures pertaining to how that data is accessed, used, and destroyed. For example, in a corporation, confidential information may only be accessed by senior management. Auditing could be very detailed and its results monitored daily, and degaussing or overwriting procedures may be required to erase the data. On the other hand, information classified as public may be accessed by all employees, with no special auditing or destruction methods required.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Question:  077

Susan, an attorney, has been hired to fill a new position at Widgets, Inc.: chief privacy officer (CPO). What is the primary function of her new role?

1. Ensuring the protection of partner data
2. Ensuring the accuracy and protection of company financial information
3. Ensuring that security policies are defined and enforced
4. Ensuring the protection of customer, company, and employee data

Answer: 

 The chief privacy officer (CPO) position is being created by companies in response to the increasing demands on organizations to protect myriad types of data. The CPO is responsible for ensuring the security of customer, company, and employee data, which keeps the company free from legal prosecution and—hopefully—out of the headlines. Thus, the CPO is directly involved with setting policies on how data is collected, protected, and distributed to third parties. The CPO is usually an attorney and reports to the chief security officer (CSO).

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• https://www.isc2.org/Training/Self-Study-Resources

TRANSCRIPT:

  Cerberus podcast where we provide you the training tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host of this action-packed informative podcast join me each week cuz I provide the information you need to grow your knowledge so that you're better prepared to pass the cissp exam good morning how are you all doing this beautiful day I hope everything's going well in your lives and I hope you all are staying safe from this virus that is out on plaguing the world today we hear about it here in the United States about the coronavirus and it is not good so we just hope that everybody is staying safe and doing what they're supposed to be doing I eat studying for the cissp exam so and listening to podcasts and you are get ready to pass your cissp so if this today is the episode that we're to be focused on exam questions and some of the ones that you need to be concerned about as we get started on this also know that as you go to Sean gerber.com I've got a bunch of cissp exam questions that are free for you to use and to look at and to get yourself prepared for the cissp exam I'm actually making a few changes to the site so be patient if there's a few things that are missing but you'll get them they'll all be pop it up here soon so let's go ahead and get started with 75 and this is head of sales Jim is the data owner for the sales department which of the following is not Jim's responsibility as the data owner applications dictating how data should be protected find the availability of the data or determining how long to retain the can I get its head of sales Jim is the data owner for the sales department which of the following is not Jim's responsibility as the data owner information classifications dictating how data should be protected verifying the availability of the data Termini how long to retain the data belong to the data or information owner rather is responsibility the data information custodian we talked about this and some of our previous episodes about the owner and data custodian and their responsibilities of the data custodians also responsible for maintaining and protecting data as dictated by the data owner this includes perform regular backup files Dana Restorations of backup media retain records of activity and fulfilling information security and data protection requirements of the company's policies guidelines and standards are as this comes out of brainscape is actually some great slides or cars that they have available but this just came out of there are you guys grab different cissp exam questions from around the globe and around different areas because they also give you a better perspective of how are some of the questions that you may get asked as you're looking to study for the cissp and what you may expect on the cissp exam all right so next question levels can help with all of the following except grouping of classified information with hierarchical and restrictive security non-sensitive data is not being protected by unnecessary controls extracting data from the database we're lowering the cost of protecting okay so the question again assigning data classification levels can help with which of the following there's the key thing except always understand look a little except it was negative aspects of the question the grouping of classified information with hierarchical and restricted security ensuring that nonsense of data is not being protected by unnecessary controls they had a bunch of negatives in their account throw you off extracting data from a database lowering the cost of protecting the data an answer is tracking the database right so did classification does not involve the extraction of data from the database again their classification doesn't really care about the date of being removed from the database it just cares about the data itself. The data was that are asked a question about the data that would be a different aspect but at the end of the day they don't care a whole lot about the extracting the data from the database Excel important things to consider when you're looking at data classification play also to add with that and they have it in there as well is auditing can be very detailed and results monitor daily and degaussing or overriding procedures may be required to erase the data you may have those procedures in place as you're getting Randall's the data is done but the classification aspect of it is not included okay to keep keep that in mind as you're looking at there's no way they're going to trick with the question to make sure that you read the full question and you understand exactly what they're asking for it comes from brainscape Susan an attorney who has been hired to fill a new position at widgets Incorporated their Chief privacy officer what is the primary role of primary function of her new role hey ensuring the protection of partner data be ensuring the accuracy and protection of company financial information see ensuring that security policies are defined and enforced ensuring the protection of customer company and employee data so what again what was the question isn't an attorney has how to fill a new position at work agency gsa Chief privacy officer the primary function of her new role ensuring the protection of a partner data during the accuracy of the protection of a company's financial information that security policies are defined and enforced at Dior the last question ensuring the protection of customer company and employee data what is the answer to that question it is D ensuring the protection of cuss company and employee data the CPO which is a new relatively new role that's been out is responsible for ensuring the security of customers company and employee data which basically keep the company free from legal prosecution and hopefully out of the headlines right now we get into more and more data requiring privacy aspect in a gdpr requires a Chief privacy officer in their gdpr requirements and then also there's the dependencies around that Chief privacy officer might reside has to be in the EU they can have designates all those aspects are involved with the Chief privacy officer is one that's coming up quite frequently in conversations usually the CPO is an attorney and it does report at times to the chief security officer this is so maybe do the chief security officer simultaneously as a chief information security officer know they are different depending upon the company you're in it could be synonymous they could be the same but in many cases that the CSO in the ciso usually are different rules this is all we have for the cissp question sample questions for the week go to Sean gerber.com and sign up for my email subscription or set up on my email subscription and you'll get a bunch of free content I've got a mini-course out there that is available from Des Moines 1 through 4 actually will cover all through email I'll send you an e-mail ticklers on that and that'll give you all the domains videos from every one of the domains domains 1 through 8 to go to Sean gerber.com and sign up for that or you can go to Sean gerber.com specifically and set up for my entire course and get the all of my cissp training along with what you'll get is my my sample questions that are available and on top of that if you have any questions you'd be feel free to reach out to me I am happy to help in any questions you may have so I hope you all have a wonderful day and you have a great time stay away from coronavirus and we will catch you on the flip side today on my podcast head over to Shawn gerber.com and look at all the free concert that I have available for you there is a cissp mini course free cissp exam questions podcast and so much more it's all available to my email subscriber so sign up if you want my first you with your cissp need so you can pass the test first time thanks so much for listening will catch on the flipside CPI