Skip to main content

Asset Security

Domain 02 Practice Set: 01

CISSP DOMAIN 02: Asset Security (Assessment Mode)

CISSP Domain 2: Asset Security. This domain focuses on the concepts, principles, structures, and standards used to monitor and secure assets, emphasizing the importance of classification, ownership, and the protection of privacy and personal information.

Domain 02: Practice Set 01

Disclaimer: The practice exam questions provided are representative of the certification exam, but not the actual questions you will see on the certification exam. Practice exams are for self-assessment.

Page : 1/10

1. An organization needs to transfer sensitive data between its headquarters and a remote office. Which of the following is the MOST secure method to ensure data confidentiality and integrity during transmission?
2. An organization is implementing a data classification policy. Which of the following is the MOST important reason for classifying data?
3. Which of the following best describes the purpose of an information retention policy?
4. Which of the following is NOT a method of protecting data at rest?
5. Which of the following is true about information labeling?

Page : 2/10

6. When implementing a privacy program, what is the PRIMARY purpose of data minimization?
7. Following a data breach that exposed sensitive customer information, what is the FIRST action an organization should take?
8. Which of the following media sanitization methods is MOST appropriate for permanently removing data from a solid-state drive (SSD) before disposal?
9. A company wants to prevent sensitive data from being accidentally shared outside the organization. Which technology would be MOST effective in identifying and blocking the transfer of this sensitive data?
10. What role does classification play in information security?

Page : 3/10

11. Which of the following best describes the term "privacy by design"?
12. In the context of data lifecycle management, why is it important to securely delete data once it is no longer needed?
13. Which of the following is true regarding secure data sanitization methods?
14. What is the primary purpose of data classification?
15. What is the primary consideration when implementing encryption for data at rest?

Page : 4/10

16. In an organization, who is PRIMARILY responsible for determining the classification level of data?
17. An employee in an organization has access to classified information. Which of the following BEST ensures that this information remains secure?
18. What is the most critical step to ensure the security of data when an employee leaves the organization?
19. What type of controls are encryption and access control mechanisms considered as?
20. What is the purpose of a data retention policy?

Page : 5/10

21. What does the principle of "least privilege" entail in the context of asset security?
22. In the context of secure asset disposal, which of the following statements is true about the method of cryptographic erasure?
23. In asset management, what is the difference between "owners" and "custodians"?
24. Which of the following is an example of a physical control for protecting assets?
25. Which of the following best describes the purpose of asset inventory management?

Page : 6/10

26. What is the MOST critical benefit of maintaining an up-to-date asset inventory?
27. Which of the following is the MOST secure method for disposing of paper records containing sensitive information?
28. What is the primary reason for implementing privacy controls within an organization
29. Which of the following is the PRIMARY purpose of establishing data handling policies within an organization?
30. What is the primary purpose of implementing a data leakage prevention (DLP) system?

Page : 7/10

31. Which of the following is an example of a physical control for asset security?
32. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?
33. What is the purpose of employing data masking techniques?
34. Which of the following best explains the concept of a data custodian?
35. What principle ensures that data can only be accessed or modified by authorized users?

Page : 8/10

36. An organization has developed a new data retention policy. Which of the following factors is MOST crucial when determining the retention period for specific types of data?
37. Which of the following best describes the purpose of data anonymization in protecting privacy?
38. Which of the following scenarios exemplifies a violation of data privacy principles?
39. What is a common method for securely erasing data from a solid-state drive (SSD)?
40. Which of the following best describes the concept of data ownership?

Page : 9/10

41. When storing highly sensitive data in a cloud storage service, which of the following practices is MOST important to ensure the confidentiality and integrity of the data?
42. What is the MOST important factor to consider when determining the methods for secure disposal of data?
43. What is the main goal of information labeling and handling policies?
44. What is the purpose of an information retention policy?
45. Which of the following best defines "privacy"?

Page : 10/10

46. What is the PRIMARY purpose of implementing controls to protect intellectual property rights within an organization?
47. What is the purpose of digital rights management (DRM)?
48. What is a primary goal of implementing data retention policies?
49. Why is it important to have a secure data destruction policy?
50. Which of the following best exemplifies the principle of Privacy by Design?
CISSP Practice Test, Quiz & Flashcards

More practice question and flash cards

Risk & Security Management

Domain_01_CISSP Practice Set 01

Asset Security

Domain_02_CISSP Practice Set 01

Security Architecture & Engineering

Domain_03_CISSP Practice Set 01

Communication & Network Security

Domain_04_CISSP Practice Set 01

Identity & Access Management

Domain_05_CISSP Practice Set 01

Domain 02: Mindmaps, Flashcards and more…

Learn More

CISSP Practice Sets Status

CISSP practice sets and Questions counter

5

CISSP Practice Sets

250

Questions

5.8

Test Submited by Users