nerdexam
(ISC)2

CAP · Question #400

Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality?

The correct answer is D. Data Classification. Data classification is the process of categorizing data by its sensitivity or confidentiality level so that proportional security controls can be applied to protect it.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality?

Options

  • AChange Control
  • BData Hiding
  • CConfiguration Management
  • DData Classification

How the community answered

(26 responses)
  • B
    4% (1)
  • C
    4% (1)
  • D
    92% (24)

Why each option

Data classification is the process of categorizing data by its sensitivity or confidentiality level so that proportional security controls can be applied to protect it.

AChange Control

Change Control is a project or configuration management process for reviewing and approving modifications to scope, schedule, cost, or system baselines, and has no direct role in protecting data by sensitivity level.

BData Hiding

Data Hiding is an object-oriented programming principle that restricts direct access to an object's internal attributes through encapsulation, and is not a security process for categorizing data by confidentiality.

CConfiguration Management

Configuration Management tracks and controls changes to system components and software baselines to ensure system integrity, but it does not classify or assign protection levels to data based on secrecy.

DData ClassificationCorrect

Data classification assigns labels such as public, internal, confidential, or restricted to data based on its sensitivity and the potential harm from unauthorized disclosure. This process ensures that security controls - including encryption, access restrictions, and handling procedures - are matched to the confidentiality requirements of each data category.

Concept tested: Data classification by sensitivity and confidentiality level

Source: https://csrc.nist.gov/publications/detail/sp/800-60/vol-1-rev-1/final

Topics

#Data Classification#Data Protection#Information Security#Confidentiality

Community Discussion

No community discussion yet for this question.

Full CAP Practice