CISSP Question #490: Real Exam Question with Answer & Explanation

Question

A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?

Options

• ALog of backup administrative actions
• BLog of the transported media and its classification marking
• CLog of the transported media and Its detailed contents
• DLog of backed up data and their respective data custodians

Explanation

When backup media is stolen in transit, the incident response team must quickly assess the potential business and regulatory impact. The classification marking on the media provides the fastest and most practical way to determine sensitivity and impact scope.

Common mistakes.

• A. A log of backup administrative actions records who performed backup tasks and when, but provides no direct information about the sensitivity or value of the data that was physically stolen.
• C. While detailed contents would give the most granular view, this level of logging is rarely maintained for transported media and would be impractically verbose for rapid business impact analysis, making it less effective in a timely incident response.
• D. Knowing data custodians identifies who is responsible for the data but does not directly indicate the sensitivity or criticality of the stolen data, making it insufficient on its own for assessing business impact.

Concept tested. Data classification and incident business impact analysis

Reference. https://www.nist.gov/system/files/documents/2018/03/07/msp-ebook-final.pdf

No community discussion yet for this question.