CAS-001 Question #253: Real Exam Question with Answer & Explanation

The correct answer is B: Data Owner. The key phrase is 'ultimately responsible for the data.' The Data Owner is the individual - typically a business executive, department head, or senior manager - who holds formal accountability for a dataset: they determine classification, acceptable use, access rights, and retent

Question

During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST?

Options

AData User
BData Owner
CBusiness Owner
DData Custodian

Explanation

The key phrase is 'ultimately responsible for the data.' The Data Owner is the individual - typically a business executive, department head, or senior manager - who holds formal accountability for a dataset: they determine classification, acceptable use, access rights, and retention policies. In incident response, the Data Owner must be engaged first because they are the decision-making authority for how the data is handled during and after the incident. A Data User simply consumes the data and has no authority over it. A Data Custodian (often IT/operations) manages and maintains the data on behalf of the owner but is not responsible for it. A Business Owner is a related concept but is typically tied to a business process rather than the data itself - the Data Owner is the more precise and correct term when the question is specifically about data responsibility.

Community Discussion

No community discussion yet for this question.

Full CAS-001 Practice