CSA Exam CCZT Topic 4 Question 15 Discussion

Actual exam question for CSA's CCZT exam

Question #: 15
Topic #: 4

[All CCZT Questions]

What should an organization's data and asset classification be based on?

ALocation of data

BHistory of data

CSensitivity of data

DRecovery of data
Data and asset classification should be based on the sensitivity of data, which is the degree to which the data requires protection from unauthorized access, modification, or disclosure. Data sensitivity is determined by the potential impact of data loss, theft, or corruption on the organization, its customers, and its partners. Data sensitivity can also be influenced by legal, regulatory, and contractual obligations.
Reference=
Certificate of Competence in Zero Trust (CCZT) prepkit, page 10, section 2.1.1
Identify and protect sensitive business data with Zero Trust, section 1
Secure data with Zero Trust, section 1
SP 800-207, Zero Trust Architecture, page 9, section 3.2.1

Show Suggested Answer

Suggested Answer: C

Proper risk management should be a key component of any ZT project, especially during implementation and adjustments, because it helps to identify, analyze, evaluate, and treat the potential risks that may affect the ZT and ZTA objectives and outcomes. Proper risk management also helps to prioritize the ZT and ZTA activities and resources based on the risk level and impact, and to monitor and review the risk mitigation strategies and actions.

Reference=Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance,Zero Trust Training (ZTT) - Module 9: Risk Management

by Leslee at May 09, 2024, 07:29 PM

Limited Time Offer

25%

19 days ago

I think an organization's data and asset classification should be based on the sensitivity of data.

upvoted 0 times

...