Who is accountable for the information within an Information System (IS)?
Correct Answer: C
Explanation Section: Security Operations
Question 32
What is a data dictionary?
Correct Answer: B
A data dictionary is a database for system developers. The other answers are distracters.
Question 33
Physical assets defined in an organization's Business Impact Analysis (BIA) could include which of the following?
Correct Answer: B
Question 34
Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following?
Correct Answer: A
Explanation/Reference: Explanation: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. Some information is more sensitive than other information and requires a higher level of confidentiality. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination. Incorrect Answers: B: Integrity ensures that data is unaltered. This is not what is described in the question. C: Availability ensures reliability and timely access to data and resources to authorized individuals. This is not what is described in the question. D: Capability is not the prevention of the intentional or unintentional unauthorized disclosure of contents. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23
Question 35
What are the four domains that make up CobiT?
Correct Answer: D
Explanation/Reference: Explanation: The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. CobiT is broken down into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. Incorrect Answers: A: Maintain and Implement is not one of the four domains; it should be Acquire and Implement. B: Support and Purchase is not one of the four domains; it should be Deliver and Support. C: This answer is missing the first domain, Plan and Organize. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 55
