sec+ chapter 15

A company is procuring new hardware assets to replace its legacy systems. Which of the following is the MOST important security consideration during the acquisition process?

checking the hardware is on the company’s approved hardware list

A company needs to keep certain documents for seven years to comply with legal requirements. Which policy should govern the storage and accessibility of these documents during this period?

data retention policy

After a data retention period has expired, what must be done to the storage media, on an information system, before it can be reused or disposed of to ensure data confidentiality?

Overwriting with non-sensitive data.

A healthcare institution is destroying several old computers that stored protected health information (PHI). Which of the following destruction methods would ensure compliance with data protection regulations?

Degaussing the hard drives and then physically destroying them.

An organization is implementing an asset tracking system. Which of the following would be the LEAST effective method for asset enumeration?

Manual recording in a spreadsheet.

Before disposing of old company smartphones, which process must be undertaken to ensure the confidentiality of stored data?

factory reset

During the hardware asset assignment process, which of the following is critical to ensure proper accountability and security?

Assigning each asset a unique identifier.

When classifying data, which of the following categories would you assign to data with the highest level of sensitivity and a need for robust protection?

Confidential

When decommissioning a hard drive containing sensitive information, which method of sanitization is LEAST likely to allow data recovery?

physical shredding

Your company has multiple hardware assets that require regular monitoring. Which process would be BEST for tracking these assets effectively?

Utilizing RFID tags and automated inventory management systems.