cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Re: CISSP "sample" questions

Which of the following actions should management take when classified information must be made available to different user populations?

 

a. Increase security controls on the information.
b. Raise the classification label to the next highest level.
c. Disburse the information to multiple local area network servers.
d. Require specific approval each time the information is accessed.

 

answer: a

 

This is a case of read the question carefully, and read all the answers carefully.  Note that increasing security controls doesn't necessarily mean just making the controls more stringent.  It can also refer to increasing aspects like granularity, which is probably what is wanted here.

 

Raising classification to a higher level doesn't help with disparate populations.  Distributing files to other servers probably won't help with this problem at all.  Requiring specific approval might work, but would be very time consuming.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Newcomer I

Re: CISSP "sample" questions

Refreshing to see so much natural and correct English for a change. Great effort with these sample questions, too - reading them I realized I still have a LONG way to go.
Highlighted
Newcomer I

Re: CISSP "sample" questions


@rslade wrote:

Who is ultimately responsible to ensure that information is categorized and that specific protective measures are taken?

a. Security Officer
b. Senior Management
c. Data Owner
d. Custodian


Answer: b.
Reference: Commonsense Computer Security; Martin Smith; 1993; pg 63.

 

This is possibly as close to a "trick" question that you'll get on the exam.  If you are just skimming the question, and the answers, the fact that the data owner is generally responsible for assigning data classification is going to jump out at you.  Again, read the whole question.  The key word here is "ultimately."  "Ultimately," senior management is responsible for everything.  The security officer may play some role in data classification, but unless you work in a MAC (Mandatory Access Control) environment won't be the one making individual decisions.  And the custodian just acts on behalf of the owner.


The way I see it, this is difficult, if not impossible, to answer. First, "ultimately responsible" would have to be defined. Second, responsibility can be (and almost always is) delegated from the top to the bottom of the pyramid. In a philosophical way, the one who delegates is still "ultimately" responsible, but in real-life scenarios, if your data is going to be hacked and you, as CXO, delegated the above responsibilities to, say, the data owner or just the plain, old security officer, it's those guys who fall on their swords, not you.

 

This is not the type of question I'd want in my test (though I have a sneaking suspicion I will), and it doesn't really look useful, either - hackers don't give many fcuks, flying or otherwise, about wordplay.

Highlighted
Community Champion

Re: CISSP "sample" questions


@OneOfTheMartins 

 

This is not the type of question I'd want in my test (though I have a sneaking suspicion I will), and it doesn't really look useful, either - hackers don't give many fcuks, flying or otherwise, about wordplay.


So most of your post was appropriate, HOWEVER this last line is NOT.

 

You could have easily said "hackers don't care..... OR anything.

 

Your language is inappropriate on a professional forum 

 

Please refrain even with your fancy spelling.

 

@SamanthaO_isc2 Suggest you add this word to the Pr0N list.......

 

Diana

 

Highlighted
Newcomer I

Re: CISSP "sample" questions

Point taken. Even though I'm very liberal about the usage of profanity, I will comply.