Exam CS0-002 topic 1 question 44 discussion

A data governance program is a collection of practices, policies, and procedures that manage, leverage, and protect the data assets of an organization1. It requires changing the workplace culture and adding some software1. To survey sensitive data within the organization, the most accurate method is to perform an enterprise-wide discovery scan that can identify and classify data from various sources and systems2. This way, the analyst can have a comprehensive view of the data landscape and its quality, security, accessibility, and usage. Consulting with an internal data custodian (B) or reviewing enterprise-wide asset inventory © may provide some insights, but not as accurate or complete as a discovery scan. Creating a survey and distributing it to data owners (D) may be time-consuming and unreliable, as data owners may not have the full knowledge or awareness of their data

Both C and D are relying on the knowledge of a third party - and they could be wrong. B is logical as you actually talk to those who knows about the system but A is the more logical first step.

D. Is the best option here, specifically how it mentions "Data Owners"

Data owner—A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of the information asset. The owner is responsible for labeling the asset (such as determining who should have access and determining the asset's criticality and sensitivity) and ensuring that it is protected with appropriate controls (access control, backup, retention, and so forth). The owner also typically selects a steward and custodian and directs their actions and sets the budget and resource allocation for sufficient controls.

I would go with A simply because a survey of "sensitive" data might lead to loss of data confidentiality. A survey also is also a cumbersome task and might be inefficient.

It's D

A Data Owner is the person accountable for the classification, protection, use, and quality of one or more data sets within an organization. This responsibility involves activities including, but not limited to, ensuring that: The organization's Data Glossary is comprehensive and agreed upon by all stakeholders. https://blog.satoricyber.com/the-datamasters-data-owners-vs-data-stewards-vs-data-custodians/#:~:text=A%20Data%20Owner%20is%20the,agreed%20upon%20by%20all%20stakeholders

Data owners are the people who classify the Data and they also set permission to who access it, so they are the only ones who can provide the most accurate information.

Through the process of elimination, D makes the most sense A- Enumerate OS/ports/services/etc, not dealing with data B- Data custodian handles the technical details of the data C- Assets the company owns, though data is an asset this wouldn't be of much use

D seems correct by process of elimination, none of the other ones are related to sensitive data.

D, as this is the only answer that mentions data ownership.

A Sounds good to me