CompTIA Security Plus Mock Test Q325

An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?

A. Business continuity planning
B. Quantitative assessment
C. Data classification
D. Qualitative assessment

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. Knowing how to apply these categories and matching it up with the appropriate data handling will address the situation of the data ‘unknown sensitivity’

Incorrect Answers:
A: Business continuity planning (BCP) is the process of implementing policies, controls, and procedures to counteract the effects of losses, outages, or failures of critical business processes. BCP is primarily a management tool that ensures that critical business functions can be performed when normal business operations are disrupted.
B: Quantitative assessment is cost-based and objective risk assessment.
D: Qualitative assessment is opinion-based and subjective risk assessment.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 7, 404, 431