Domain 2. Asset Security

Question 1

System of classes ordered according to value

Answer 1

Classification

Question 2

The act of sorting into defined classifications

Answer 2

Categorization

Question 3

Generation of new digital content, or the alteration/updating/modifying of existing content

Answer 3

Create

Question 4

Committing digital data to some sort of storage repository, which typically occurs nearly simultaneously with creation

Answer 4

Store

Question 5

Data viewed, processed, or otherwise used in some sort of activity, not including modification

Answer 5

Use

Question 6

Information made accessible to others, such as company users, customers, and partners

Answer 6

Share

Question 7

Data leaves active use and enters long-term storage

Answer 7

Archive

Question 8

Data is permanently destroyed using physical or digital means (e.g., crypto shredding)

Answer 8

Destroy

Question 9

Physical destruction of media; this is the most effective means of sanitization.

Answer 9

Destroy

Question 10

Logical/physical techniques used to sanitize; data cannot be reconstructed.

Answer 10

Purge

Question 11

Logical techniques used to sanitize; data may be reconstructed. This is the least effective means of sanitization.

Answer 11

Clear

Question 12

Sanitization Methods (Best to Worst)

Answer 12

Best to Worst:

1. Media destruction (incinerate)
2. shred disintegrate drill
3. degauss
4. encryption (cryptoshredding)
5. overwrite wipe erasure
6. format

Question 13

refers to residual representation of information even after attempts to securely delete or remove the data

Answer 13

Data remanence

Question 14

Inactive data that is stored (resting) on media: hard disks, tapes, databases, spreadsheets, etc.

protection:
- encryption
- access control
- backup and restoration

Answer 14

Data at REST

Question 15

Data flowing across a network, such as the internet.

protection:
- access control
- network encryption
+ end to end
+ link
+ onion

Answer 15

Data in TRANSIT

Question 16

Data being used in computational activities.

protection:
- homomorphic encryption
- RBAC
- DRP
- DLP

Answer 16

Data in USE

Question 17

The data portion of a packet is encrypted immediately by the application on the source node. The data remains encrypted throughout transmission as it passes through each node on its journey. Once the packet arrives at its destination, it is decrypted in the recipient’s application.

Answer 17

End-to-End Encryption

Question 18

The packet header and data are encrypted between each node. Header information and plaintext content are also available at each node. As a result, every node becomes a potential attack or disclosure point.

Answer 18

Link Encryption

Question 19

Describes a very effective method of protecting data in transit, as it essentially provides complete confidentiality and anonymity using multiple layers of encryption.

Answer 19

Onion Network Encryption