Page 361 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 361
email servers, and administrators purge email older than six
months to comply with the organization’s security policy. Access to
the datacenter is controlled, and all systems that process sensitive
information are marked. Administrators routinely back up data
processed in the datacenter. They keep a copy of the backups on
site and send an unmarked copy to one of the company
warehouses. Warehouse workers organize the media by date, and
they have backups from the last 20 years. Employees work at the
warehouse during the day and lock it when they leave at night and
over the weekends. Recently a theft at the warehouse resulted in
the loss of all of the offsite backup tapes. Later, copies of their data,
including sensitive emails from years ago, began appearing on
internet sites, exposing the organization’s internal sensitive data.
18. Of the following choices, what would have prevented this loss
without sacrificing security?
A. Mark the media kept offsite.
B. Don’t store data offsite.
C. Destroy the backups offsite.
D. Use a secure offsite storage facility.
19. Which of the following administrator actions might have prevented
this incident?
A. Mark the tapes before sending them to the warehouse.
B. Purge the tapes before backing up data to them.
C. Degauss the tapes before backing up data to them.
D. Add the tapes to an asset management database.
20. Of the following choices, what policy was not followed regarding
the backup media?
A. Media destruction
B. Record retention
C. Configuration management
D. Versioning
