exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 155 discussion

Actual exam question from ISC's CISSP
Question #: 155
Topic #: 1
[All CISSP Questions]

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

  • A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
  • B. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
  • C. Data stewardship roles, data handling and storage standards, data lifecycle requirements
  • D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
sandeepghadge
Highly Voted 2 years, 2 months ago
"classifying information " isnt its Data owner(steward) job ?
upvoted 8 times
jackdryan
1 year, 7 months ago
C is correct
upvoted 1 times
...
...
franbarpro
Highly Voted 2 years, 2 months ago
Selected Answer: C
From Google: Data stewardship is the collection of practices that ensure an organization's data is accessible, usable, safe, and trusted.
upvoted 6 times
...
Scheds
Most Recent 1 month ago
Selected Answer: C
One technique I learnt is if there are two answers that kinda look similar, choose the one that engulfs/contains the other as its element.
upvoted 1 times
...
TheManiac
7 months, 1 week ago
Selected Answer: C
classifying information = classifying data. Other options do not talk about data, but A and C. A starts with system owner roles. System owner or Data steward. Which one is more important on this issue? Data steward. So, it is C
upvoted 1 times
...
splash2357
11 months, 1 week ago
Selected Answer: C
Since the question doesn't specify the assets are: - related to software development (e.g. source code repositories) - storage only - on the cloud I'm going with C
upvoted 1 times
...
Soleandheel
1 year ago
Guys the correct answer is C. Data Stewart..... A. could have been the best answer if it said Data owner as opposed to system owner.
upvoted 2 times
...
Moose01
1 year, 1 month ago
Life Cycle! Categorize the Data, Classify (active data, or data at rest, retention period) all these is covered in the question itself. Data Owner is responsible to identifying and categorizing, legal team is will decide how to retain the data, data at rest must be secured (encrypted). the answer is "A" - See below Oban has good explanation
upvoted 1 times
...
oban
1 year, 11 months ago
Selected Answer: A
A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements are important factors that must be considered when classifying information and supporting assets for risk management, legal discovery, and compliance. In order to effectively manage the risks associated with sensitive information, it is important to understand who is responsible for that information, how it is supposed to be handled, and where and how it is stored. This includes understanding the roles and responsibilities of system owners, who are responsible for the security and operation of the systems that hold the data, as well as the standards for data handling and storage and the requirements for secure development lifecycle (SDLC) . This can help organizations to ensure that they are following best practices for protecting sensitive information and meeting regulatory requirements. B,C and D options also include some important factors that need to be considered but A option covers most of the important points for classifying information and assets for risk management, legal discovery and compliance. - openai
upvoted 4 times
...
Delab202
1 year, 11 months ago
Selected Answer: C
Data steward A person responsible for data management from a business and stakeholder perspective; may or may not also be a custodian or owner. Data stewards ensure that data quality meets business needs, that data is supported by sufficient metadata to make it easy to use, and that it meets all regulatory requirements. They also work with stakeholders to create and monitor data acquisition and dissemination procedures.
upvoted 4 times
...
somkiatr
1 year, 12 months ago
Selected Answer: C
C is better than A. Reference : https://www.techtarget.com/searchdatamanagement/definition/data-stewardship
upvoted 3 times
...
boyin
2 years ago
Selected Answer: A
The question is asking for "classifying information and supporting assets"
upvoted 1 times
...
Jamati
2 years, 1 month ago
Selected Answer: C
Definitely C
upvoted 3 times
...
kuberk
2 years, 1 month ago
Selected Answer: A
It is not specifically for data, hence A makes more sense
upvoted 3 times
...
DracoL
2 years, 1 month ago
Selected Answer: C
It is data lifecycle not secure development lifecycle. This is really a give away why it is NOT A.
upvoted 6 times
Hava_2013
2 years, 1 month ago
secure development is for the Due Diligence part
upvoted 1 times
...
...
MG1707
2 years, 2 months ago
Selected Answer: C
data stewards are first to be asked...
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago