(ISC)2 Certified in Cybersecurity Practice Exam

The choice indicating that all types of data require security measures is based on the understanding that various classifications of data—restricted, illegal, and private—each present different risks that necessitate protective measures.

Restricted data typically contains sensitive information that, if exposed, could harm individuals or organizations, such as trade secrets, financial records, or confidential business plans. Implementing security measures for this data helps prevent unauthorized access and data breaches.

Illegal data, which refers to information that is not compliant with laws and regulations, may also require security measures, albeit often for the purpose of containment and compliance—for instance, ensuring that such data is not disseminated or misused within an organization, thereby safeguarding the organization from legal repercussions.

Private data, which pertains to personal or confidential information relating to individuals, must be protected to uphold privacy rights and prevent identity theft or unauthorized exploitation of that data.

In summary, each category of data—restricted, illegal, and private—has specific security requirements. Recognizing that all these types necessitate security measures reflects a comprehensive approach to data protection, highlighting the importance of guarding against risks associated with any form of sensitive information.