Page 841 - StudyBook.pdf
P. 841
Self Test Appendix • Appendix 825
Answer B.The vendor’s Web site. Manufacturers’Web sites are also valuable to the security and
effectiveness of a network and its systems, as they provide support, and may include a knowl-
edge base of known problems and solutions.
Answer A is incorrect, because the bug fix is for the OS and would not be included in the
documentation for the server.Also, because it is a recent bug fix, it would have come out after
the server’s manual was published.Answer C is incorrect, because a service pack is software that
is used to fix issues and upgrade elements of the OS.Answer D is incorrect because the OS is
manufactured by Novell, so the Microsoft knowledge base would not have specific information
on issues with another company’s OSes.
9. You are concerned about the possibility of sensitive information developed by your company
being distributed to the public, and decide to implement a system of classification. In creating
this system, which of the following levels of classification would you apply to sensitive informa-
tion that is not to be disseminated outside of the organization?
A. Unclassified
B. Classified
C. Public
D. External
Answer B. Classified.When information is designated as classified, it means that it is for internal
use only and not for distribution to parties outside of the organization.
Answers A and C are incorrect because when information is classified as public or unclassified,
then it can be viewed by parties outside of an organization.Answer D is incorrect, because
external documents are those generated outside of the
organization.
10. Changes in the law now require your organization to store data on clients for three years, at
which point the data are to be destroyed.When the expiration date on the stored data is
reached, any printed documents are to be shredded and media that contains data on the client
is to be destroyed.What type of documentation would you use to specify when data is to be
destroyed?
A. Disaster recovery documentation
B. Retention policies and logs
C. Change documentation
D. Destruction logs
Answer B. Retention policies and logs. Policy regarding the retention of data will decide how
long the company will retain data before destroying it. Retention and storage documentation is
necessary to keep track of this data, so that it can be determined what data should be removed
and/or destroyed once a specific date is reached.
Answer A is incorrect, because disaster recovery documentation is used to provide information
on how the company can recover from an incident.Answer C is incorrect, because change doc-
umentation provides information on changes that have occurred in a system.Answer D is
incorrect, because destruction logs are used to chronicle what data and equipment have been
destroyed after the retention date has expired.
www.syngress.com
