Skip to main content

Asset Security

Domain 02 Practice Set: 01

CISSP DOMAIN 02: Asset Security (Assessment Mode)

CISSP Domain 2: Asset Security. This domain focuses on the concepts, principles, structures, and standards used to monitor and secure assets, emphasizing the importance of classification, ownership, and the protection of privacy and personal information.

Domain 02: Practice Set 01

Disclaimer: The practice exam questions provided are representative of the certification exam, but not the actual questions you will see on the certification exam. Practice exams are for self-assessment.

Page : 1/10

1. What is the main goal of information labeling and handling policies?
2. Which of the following is true regarding secure data sanitization methods?
3. In asset management, what is the difference between "owners" and "custodians"?
4. Which of the following best describes the concept of data ownership?
5. Which of the following is the PRIMARY purpose of establishing data handling policies within an organization?

Page : 2/10

6. Why is it important to have a secure data destruction policy?
7. What role does classification play in information security?
8. Which of the following best exemplifies the principle of Privacy by Design?
9. Which of the following is true about information labeling?
10. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?

Page : 3/10

11. Which of the following best defines "privacy"?
12. What is the primary purpose of implementing a data leakage prevention (DLP) system?
13. Which of the following scenarios exemplifies a violation of data privacy principles?
14. When implementing a privacy program, what is the PRIMARY purpose of data minimization?
15. An organization needs to transfer sensitive data between its headquarters and a remote office. Which of the following is the MOST secure method to ensure data confidentiality and integrity during transmission?

Page : 4/10

16. What does the principle of "least privilege" entail in the context of asset security?
17. What is the primary consideration when implementing encryption for data at rest?
18. Which of the following media sanitization methods is MOST appropriate for permanently removing data from a solid-state drive (SSD) before disposal?
19. An organization is implementing a data classification policy. Which of the following is the MOST important reason for classifying data?
20. An organization has developed a new data retention policy. Which of the following factors is MOST crucial when determining the retention period for specific types of data?

Page : 5/10

21. Which of the following best describes the purpose of data anonymization in protecting privacy?
22. What is the primary purpose of data classification?
23. What is the most critical step to ensure the security of data when an employee leaves the organization?
24. What principle ensures that data can only be accessed or modified by authorized users?
25. A company wants to prevent sensitive data from being accidentally shared outside the organization. Which technology would be MOST effective in identifying and blocking the transfer of this sensitive data?

Page : 6/10

26. Which of the following is the MOST secure method for disposing of paper records containing sensitive information?
27. An employee in an organization has access to classified information. Which of the following BEST ensures that this information remains secure?
28. What is the purpose of digital rights management (DRM)?
29. What is a common method for securely erasing data from a solid-state drive (SSD)?
30. What is the MOST critical benefit of maintaining an up-to-date asset inventory?

Page : 7/10

31. What is the MOST important factor to consider when determining the methods for secure disposal of data?
32. What is the primary reason for implementing privacy controls within an organization
33. In the context of data lifecycle management, why is it important to securely delete data once it is no longer needed?
34. Which of the following is NOT a method of protecting data at rest?
35. In the context of secure asset disposal, which of the following statements is true about the method of cryptographic erasure?

Page : 8/10

36. What is the PRIMARY purpose of implementing controls to protect intellectual property rights within an organization?
37. What is the purpose of an information retention policy?
38. When storing highly sensitive data in a cloud storage service, which of the following practices is MOST important to ensure the confidentiality and integrity of the data?
39. What is the purpose of a data retention policy?
40. What is the purpose of employing data masking techniques?

Page : 9/10

41. Which of the following is an example of a physical control for asset security?
42. Which of the following best describes the term "privacy by design"?
43. In an organization, who is PRIMARILY responsible for determining the classification level of data?
44. Which of the following is an example of a physical control for protecting assets?
45. What type of controls are encryption and access control mechanisms considered as?

Page : 10/10

46. Following a data breach that exposed sensitive customer information, what is the FIRST action an organization should take?
47. Which of the following best explains the concept of a data custodian?
48. Which of the following best describes the purpose of an information retention policy?
49. What is a primary goal of implementing data retention policies?
50. Which of the following best describes the purpose of asset inventory management?
CISSP Practice Test, Quiz & Flashcards

More practice question and flash cards

Risk & Security Management

Domain_01_CISSP Practice Set 01

Asset Security

Domain_02_CISSP Practice Set 01

Security Architecture & Engineering

Domain_03_CISSP Practice Set 01

Communication & Network Security

Domain_04_CISSP Practice Set 01

Identity & Access Management

Domain_05_CISSP Practice Set 01

Domain 02: Mindmaps, Flashcards and more…

Learn More

CISSP Practice Sets Status

CISSP practice sets and Questions counter

5

CISSP Practice Sets

250

Questions

5.8

Test Submited by Users