Page : 1/10
1. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?
2. What is the primary purpose of data classification?
3. Which of the following best describes the concept of data ownership?
4. What is a primary goal of implementing data retention policies?
5. Which of the following is NOT a method of protecting data at rest?
Page : 2/10
6. What is the purpose of digital rights management (DRM)?
7. An organization has developed a new data retention policy. Which of the following factors is MOST crucial when determining the retention period for specific types of data?
8. Which of the following best describes the purpose of data anonymization in protecting privacy?
9. Which of the following best defines "privacy"?
10. What is the purpose of a data retention policy?
Page : 3/10
11. Which of the following is an example of a physical control for protecting assets?
12. What role does classification play in information security?
13. Which of the following is true about information labeling?
14. An organization is implementing a data classification policy. Which of the following is the MOST important reason for classifying data?
15. In an organization, who is PRIMARILY responsible for determining the classification level of data?
Page : 4/10
16. Which of the following best describes the purpose of an information retention policy?
17. What is the MOST important factor to consider when determining the methods for secure disposal of data?
18. Which of the following best explains the concept of a data custodian?
19. What is the main goal of information labeling and handling policies?
20. What type of controls are encryption and access control mechanisms considered as?
Page : 5/10
21. Why is it important to have a secure data destruction policy?
22. What is the primary reason for implementing privacy controls within an organization
23. Which of the following media sanitization methods is MOST appropriate for permanently removing data from a solid-state drive (SSD) before disposal?
24. When implementing a privacy program, what is the PRIMARY purpose of data minimization?
25. What is the MOST critical benefit of maintaining an up-to-date asset inventory?
Page : 6/10
26. An organization needs to transfer sensitive data between its headquarters and a remote office. Which of the following is the MOST secure method to ensure data confidentiality and integrity during transmission?
27. A company wants to prevent sensitive data from being accidentally shared outside the organization. Which technology would be MOST effective in identifying and blocking the transfer of this sensitive data?
28. When storing highly sensitive data in a cloud storage service, which of the following practices is MOST important to ensure the confidentiality and integrity of the data?
29. What is the purpose of employing data masking techniques?
30. Which of the following is the PRIMARY purpose of establishing data handling policies within an organization?
Page : 7/10
31. What principle ensures that data can only be accessed or modified by authorized users?
32. Which of the following scenarios exemplifies a violation of data privacy principles?
33. Which of the following is an example of a physical control for asset security?
34. What is the purpose of an information retention policy?
35. What is a common method for securely erasing data from a solid-state drive (SSD)?
Page : 8/10
36. Which of the following best describes the purpose of asset inventory management?
37. In the context of data lifecycle management, why is it important to securely delete data once it is no longer needed?
38. What is the PRIMARY purpose of implementing controls to protect intellectual property rights within an organization?
39. An employee in an organization has access to classified information. Which of the following BEST ensures that this information remains secure?
40. Which of the following is the MOST secure method for disposing of paper records containing sensitive information?
Page : 9/10
41. What is the primary purpose of implementing a data leakage prevention (DLP) system?
42. Which of the following is true regarding secure data sanitization methods?
43. Which of the following best describes the term "privacy by design"?
44. In asset management, what is the difference between "owners" and "custodians"?
45. What does the principle of "least privilege" entail in the context of asset security?
Page : 10/10
46. What is the primary consideration when implementing encryption for data at rest?
47. Which of the following best exemplifies the principle of Privacy by Design?
48. Following a data breach that exposed sensitive customer information, what is the FIRST action an organization should take?
49. What is the most critical step to ensure the security of data when an employee leaves the organization?
50. In the context of secure asset disposal, which of the following statements is true about the method of cryptographic erasure?