CISSP Exam Questions for Self-Study (Domain 1)

Note:  Pardon the messiness of the questions.  These questions come from my podcast and will be cleaning the questions up over the coming weeks.

Question:  001

When look at the sensitivity of data, what items would be included as sensitive data?

  • A. Personally Identifiable Information (PII)
  • B. Protected Health Information (PHI)
  • C. Proprietary Data
  • D. All of the above

Answer:  [d] All of the Above - All of the data mentioned above is considered sensitive data.   In many cases, if data is posted on websites on the internet, it is considered Public Domain, available to everyone and not sensitive. 

Source:  ShonGerber Training Courses

------------------------------------

Question:  002

What is the most correct term when an administrator is removing sensitive data from a system before putting in back into a less secure environment?

  • A. Erasing
  • B. Purging
  • C. Clearing
  • D. Overwriting

Answer:  [b] Purging Explanation:  Clearing is an overwriting process for media so that it cannot be recovered once it is "cleared".

Source:  ShonGerber Training Courses

------------------------------------

Question:  003

Which of the following is the most secure method of destroying data on a Hard Disk Drive (HDD)?

  • A. Formatting
  • B. Degaussing
  • C. Destruction
  • D. Deleting

Answer:  [c] Destruction - All of them will delete the data in some form, but to ensure that the data is fully destroyed, only physical destruction of the device will ensure all the data is gone.

Source:  ShonGerber Training Courses

------------------------------------

Question:  004

What is/are the key problems with not having Data Owners specified?

  • A. Data may not be adequately protected
  • B. Not having the right contact person in the event of a breach
  • C. Data will not be adequately maintained, allowing for data sprawl
  • D. All of the above

Answer:  [d] All of the Above - All of the answers above are key problems that face Data Owners when they do not have a person specifically specified to manage the data. 

Source:  ShonGerber Training Courses

------------------------------------

Question:  005

What is the fine for not complying with GDPR?

  • A. 2.5% of EU revenue for the affected business
  • B. 4% of total global revenue
  • C. 4% total global and confiscation of EU facilities
  • D. 2.5% of total global revenue

Answer:  [b] 4% of total global revenue - 4% of total global revenue of companies not complying with the required regulations.  As an example:  $1 Billion USD Global Revenue would equate to a $40 million dollar fine.  

Source:  ShonGerber Training Courses

------------------------------------

Question:  006

As it relates to appropriately keeping information around assets, when considering the record retention of audit logs, what of the following are key items?

  • A. Types of Data
  • B. Prescribed Timelines
  • C. Storage Locations
  • D. All of the above

Answer:  [d] All of the above - All of the above are important aspect around the retention of audit logs for record retention. 

Source:  ShonGerber Training Courses

------------------------------------

Question:  007

What are the three Data States?

  • A. Data while Resting, Data in Movement, Data in Use
  • B. Data at Rest, Data in Transit, Data in Activity
  • C. Data at Rest, Data in Transit, Data in Use
  • D. Data while Resting, Data in Transit, Data in Use

Answer:  [c] Data at Rest, Data in Transit, Data in Use - Data at Rest, Data in Transit, and Data in Use or the correct answers as all others may play on the actual words, but do not adequately convey the desired meaning around the three data states.

Source:  ShonGerber Training Courses

------------------------------------

Question:  008

What are some storage options for Sensitive Data?

  • A. Encryption
  • B. Locked Cabinets / Rooms
  • C, Cable Locks
  • D. Restricted Server Rooms
  • E. All of the above

Answer:  [e] All of the Above - All of the above are secure storage options for sensitive data.

Source:  ShonGerber Training Courses

------------------------------------

Question:  009

When handling sensitive data, is a process needed to ensure its safety and if so, why is it needed?

  • A. Yes, data will not always remain the same classification, it can and does changes over time.
  • B. No, once data is labeled a specific data sensitivity marking it will always stay that level
  • C. Yes, data will not always remain the classification, but it is extremely rare that a data classification will change and the documented process is only being used as audit "check" box item.

Answer:  [a] Yes, data will not always remain the same classification, it can and does changes over time - Data will change in its sensitivity, especially over time and thus a process needs to be in place to reduce the data classification or increase it based on the needs of the company.

Source:  ShonGerber Training Courses

------------------------------------

Question:  010

When looking to protect some of the most sensitive data within an organization what is the most correct answer that can be applied to ensure the data is adequately protected?

  • A. Data Loss Prevention Software and Documented Procedures
  • B. Set proper expectations with employees
  • C. Trust all connections into your network
  • D. Have employees sign a document highlighting that they should do the right thing as it relates to protecting your company's data.

Answer:  [a] Data Loss Prevention Software and Documented Procedures - Software and documented procedures are key to ensuring your data is adequately protected.  The other options may be correct in some aspects, but it is important that a coordinated approach to protecting your data is implemented. 

Source:  ShonGerber Training Courses

------------------------------------

 

Close

Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .