CISSP · Question #1532
Hotspot Question Identify the component that MOST likely lacks digital accountability related to information access. Click on the correct device in the image below. Answer:
The correct answer is Identify the component that MOST likely lacks digital accountability related to information access.: BACKUP MEDIA. The question asks to identify the component lacking digital accountability for information access, which is most likely the offline backup media due to its physical nature and lack of inherent logging capabilities for content access.
Question
Exhibit
Answer Area
- Identify the component that MOST likely lacks digital accountability related to information access.BACKUP MEDIABACKUP MEDIABACKUP SERVERSTORAGE AREA NETWORKDATABASE SERVERWEB SERVER
Explanation
The question asks to identify the component lacking digital accountability for information access, which is most likely the offline backup media due to its physical nature and lack of inherent logging capabilities for content access.
Approach. The correct interaction is to click on the 'BACKUP MEDIA'. Digital accountability refers to the ability to uniquely identify and track who accessed specific information, when, and how, typically through digital audit trails and logging mechanisms. While all servers (Web, Database, Backup) and client devices (Laptop) have operating systems and applications that generate logs for access events, and the SAN is a digital system with its own management logs, 'BACKUP MEDIA' (such as magnetic tapes or external hard drives) are often removed from the online system and stored physically offline. Once offline, physical access to these media allows for direct information access without leaving a 'digital' trace or audit log on the media itself. The backup server tracks when data was written to the media, but it cannot track who accessed the content on the media once it's physically detached and potentially handled by an unauthorized individual using an external tape drive. This makes offline backup media the component most prone to lacking digital accountability for information access.
Common mistakes.
- common_mistake. A common mistake would be to select one of the active digital systems like the Web Server, Database Server, Backup Server, SAN, or Laptop. These systems inherently provide digital accountability through operating system logs, application logs, security event logs, and access control mechanisms. For instance, a Web Server logs user requests and access, a Database Server logs queries and data manipulation, a Backup Server logs backup and restore operations, a SAN logs storage management events, and a Laptop logs user activity. While these systems can be compromised, they possess the capability for digital accountability, unlike offline physical backup media.
Concept tested. Information security principles, specifically accountability, auditability, data lifecycle management, and the unique security challenges associated with physical and offline storage media versus active digital systems. It highlights the distinction between digital logging and the lack thereof for offline physical assets.
Topics
Community Discussion
No community discussion yet for this question.
