CompTIA CASP+ (CAS-003) — Question 81

Engineers at a company believe a certain type of data should be protected from competitors, but the data owner insists the information is not sensitive. An information security engineer is implementing controls to secure the corporate SAN. The controls require dividing data into four groups: non-sensitive, sensitive but accessible, sensitive but export-controlled, and extremely sensitive.
Which of the following actions should the engineer take regarding the data?

Answer options

• A. Label the data as extremely sensitive.
• B. Label the data as sensitive but accessible.
• C. Label the data as non-sensitive.
• D. Label the data as sensitive but export-controlled.

Correct answer: C

Explanation

The correct answer is C, as the data owner has deemed the information non-sensitive, which aligns with labeling it as such. Labeling the data as extremely sensitive, sensitive but accessible, or sensitive but export-controlled would contradict the owner's assessment and potentially impose unnecessary restrictions on the data.