.
keys be stored?With the cloud customerWith a third-party providerAt the cloud provider data centerAnywhere but with the cloud provider
58 Which of the following is not used to determine data retention requirements?LegislationBusiness needsAverage media longevityContracts
59 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?External hacking detectionPrediction of physical device theftData classification/categorization issuesSocial engineering attacks
60 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting untrained personnelPredicting system outagesSending alerts for conflicts of interestEnforcing mandatory vacation
61 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Reducing workload for production personnelDecreasing size of log filesOptimizing performanceEnsuring adequate lighting of workspaces
62 Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?Detecting ambient heating, ventilation, and air-conditioning (HVAC) problemsEnsuring proper cloud migrationDeciding risk parametersProtecting all physical entry points against the threat of fire
63 In addition to predictive capabilities, event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) are instrumental in what other security function?Personnel safetyVehicle trackingIncident evidenceAcoustic dampening
64 Which of the following is one of the benefits of event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM])?Greater physical securityPsychological deterrenceCost savingsMore logs can be reviewed, at faster speeds
65 As in a traditional IT environment, proper key management is crucial in the cloud. Which of the following principles is not true regarding key management?It is good practice to introduce pseudorandom numbers when generating keys.Public keys should never be shared with anyone.Losing the keys is equivalent to losing the data.Symmetric keys should be passed out of band.
66 Which of the following is a good business case for the use of data masking?The shipping department should get only a masked version of the customer’s address.The customer service department should get only a masked version of the customer’s Social Security (SS) number.The billing department should get only a masked version of the customer’s credit card number.The Human Resources (HR) department should get only a masked version of the employee’s driver’s license number.
67 All of the following are methods of data masking suggested by (ISC)2 except _______________.Random substitutionAlgorithmic substitutionDeletionConflation
68 If data masking is being performed for software testing purposes, which of the following is not a good masking technique to use?Random substitutionShufflingDeletionAlgorithmic substitution
69 For which use case would it probably be best to use static masking?Creating a test environment for a new applicationAllowing a customer service representative limited access to account dataProviding detailed reports to regulatorsNotifying shareholders
70 For which use case would it probably be best to use dynamic masking?Creating a test environment for a new applicationAllowing a customer service representative limited access to account dataSending incident response notificationsImplementing business continuity and disaster recovery (BC/DR)
71 What is one possible risk associated with the use of algorithmic masking for obscuring a data set?You could corrupt the production data.The data could be subject to easy inadvertent disclosure.Algorithms are two-way operations.A null set has no test value.
72 ____________ is a direct identifier, and ____________ is an indirect identifier.Username; passwordUser’s name; user’s ageUser’s IP address; user’s media access control (MAC) addressLocation; income level
73 Anonymization is the process of removing ____________ from data sets.AccessCryptographic keysNumeric valuesIdentifying information
74 Tokenization is a method of obscuring data that, other than encryption, can be used to comply with ____________ standards.Gramm-Leach-Bliley Act (GLBA)Payment Card Industry (PCI)Child Online Protection Act (COPA)Sarbanes-Oxley Act (SOX)
75 Tokenization requires at least ____ database(s).OneTwoThreeFour
76 Data owners might consider using tokenization for all of the following reasons except _______________.Regulatory or contractual complianceInferenceReduced cost of complianceMitigating risk from data lost to intrusion
77 Bit-splitting, also known as data dispersion, might be thought of as ____________ in the cloud.RAIDBIOSDDoSSYN-ACK
78 Bit-splitting also provides security against data breaches by _______________.Removing all access to unauthorized partiesEnsuring that an unauthorized user only gets a useless fragment of dataMoving data across jurisdictional boundariesTracking all incoming access requests
79 If bit-splitting is used to store data sets across multiple jurisdictions, how may this enhance security?By making seizure of data by law enforcement more difficultBy hiding it from attackers in a specific jurisdictionBy ensuring that users can only accidentally disclose data to one geographic areaBy restricting privilege user access
80 Which of the following is a possible negative aspect of bit-splitting?Less securityGreatest risk of unauthorized accessSignificantly greater processing overheadViolating regulatory compliance
81 Which of the following is a possible negative aspect of bit-splitting?It may require trust in additional third parties beyond the primary cloud service provider.There may be cause for management concern that the technology will violate internal policy.Users will have far greater difficulty understanding the implementation.Limited vendors make acquisition and support challenging.
82 Which of the following is a possible negative aspect of bit-splitting?Greater chance of physical theft of assetsLoss of public imageSome risk to availability, depending on the implementationA small fire hazard
83 Which of the following is a theoretical technology that is intended to allow encrypted material to be processed and manipulated without decrypting it first?Inverse postulationHomomorphic encryptionDidactic alignmentObverse reinstantiation
84 Which of the following is a data discovery approach used by e-commerce retailers to discern and predict shoppers’ needs?Big dataReal-time analyticsAgile analyticsAgile business intelligence
85 Which of the following is a data discovery approach that offers insight to trends of trends, using both historical and predictive approaches?Obverse polyglotismBig dataReal-time analyticsAgile analytics/business intelligence
86 Which of the following is not a data discovery technique?MetadataLabelsContent analysisData hover
87 Which of the following data discovery techniques involves using extra information automatically appended/included with the intended data when the data is created?MetadataLabelsContent analysisData hover
88 When labeling is used as a data discovery technique, who should be applying the labels?The security officeUsersData ownersRegulators
89 When data labels are being used in an environment (for discovery and other purposes), when should the labels be applied?During the risk assessmentAs part of the business impact analysis (BIA)At collection/creationWhen the discovery tools are implemented
90 Which of the following tools might be useful in data discovery efforts that are based on content analysis?Egress monitoring solutionsDigital rights management (DRM)iSCSIFibre Channel over Ethernet (FCoE)
91 All of the following might be used as data discovery characteristics in a content-analysis-based data discovery effort except _______________.KeywordsPattern matchingFrequencyInheritance
92 What is the risk to the organization