Skip to main content

Asset Security

Domain 02 Practice Set: 01

CISSP DOMAIN 02: Asset Security (Assessment Mode)

CISSP Domain 2: Asset Security. This domain focuses on the concepts, principles, structures, and standards used to monitor and secure assets, emphasizing the importance of classification, ownership, and the protection of privacy and personal information.

Domain 02: Practice Set 01

Disclaimer: The practice exam questions provided are representative of the certification exam, but not the actual questions you will see on the certification exam. Practice exams are for self-assessment.

Page : 1/10

1. Which of the following best explains the concept of a data custodian?
2. What principle ensures that data can only be accessed or modified by authorized users?
3. Which of the following is the MOST secure method for disposing of paper records containing sensitive information?
4. When implementing a privacy program, what is the PRIMARY purpose of data minimization?
5. What is a common method for securely erasing data from a solid-state drive (SSD)?

Page : 2/10

6. When storing highly sensitive data in a cloud storage service, which of the following practices is MOST important to ensure the confidentiality and integrity of the data?
7. Your organization is implementing an information classification program. Which of the following is the primary reason for classifying information?
8. What is the MOST critical benefit of maintaining an up-to-date asset inventory?
9. Which of the following is true about information labeling?
10. An organization has developed a new data retention policy. Which of the following factors is MOST crucial when determining the retention period for specific types of data?

Page : 3/10

11. An organization needs to transfer sensitive data between its headquarters and a remote office. Which of the following is the MOST secure method to ensure data confidentiality and integrity during transmission?
12. Which of the following media sanitization methods is MOST appropriate for permanently removing data from a solid-state drive (SSD) before disposal?
13. A company wants to prevent sensitive data from being accidentally shared outside the organization. Which technology would be MOST effective in identifying and blocking the transfer of this sensitive data?
14. What is the primary purpose of implementing a data leakage prevention (DLP) system?
15. What is the purpose of a data retention policy?

Page : 4/10

16. Following a data breach that exposed sensitive customer information, what is the FIRST action an organization should take?
17. What type of controls are encryption and access control mechanisms considered as?
18. In the context of secure asset disposal, which of the following statements is true about the method of cryptographic erasure?
19. What is the purpose of digital rights management (DRM)?
20. In asset management, what is the difference between "owners" and "custodians"?

Page : 5/10

21. Which of the following best describes the purpose of data anonymization in protecting privacy?
22. What role does classification play in information security?
23. What is the primary reason for implementing privacy controls within an organization
24. What is the MOST important factor to consider when determining the methods for secure disposal of data?
25. Which of the following is NOT a method of protecting data at rest?

Page : 6/10

26. Which of the following best describes the purpose of asset inventory management?
27. What is the primary consideration when implementing encryption for data at rest?
28. Which of the following best defines "privacy"?
29. What is the most critical step to ensure the security of data when an employee leaves the organization?
30. What is the PRIMARY purpose of implementing controls to protect intellectual property rights within an organization?

Page : 7/10

31. Which of the following best describes the concept of data ownership?
32. Which of the following is true regarding secure data sanitization methods?
33. Which of the following best describes the purpose of an information retention policy?
34. What does the principle of "least privilege" entail in the context of asset security?
35. Which of the following scenarios exemplifies a violation of data privacy principles?

Page : 8/10

36. In the context of data lifecycle management, why is it important to securely delete data once it is no longer needed?
37. Which of the following is the PRIMARY purpose of establishing data handling policies within an organization?
38. An organization is implementing a data classification policy. Which of the following is the MOST important reason for classifying data?
39. Which of the following is an example of a physical control for asset security?
40. In an organization, who is PRIMARILY responsible for determining the classification level of data?

Page : 9/10

41. What is the purpose of an information retention policy?
42. What is the purpose of employing data masking techniques?
43. Why is it important to have a secure data destruction policy?
44. What is a primary goal of implementing data retention policies?
45. What is the primary purpose of data classification?

Page : 10/10

46. An employee in an organization has access to classified information. Which of the following BEST ensures that this information remains secure?
47. Which of the following is an example of a physical control for protecting assets?
48. Which of the following best exemplifies the principle of Privacy by Design?
49. What is the main goal of information labeling and handling policies?
50. Which of the following best describes the term "privacy by design"?
CISSP Practice Test, Quiz & Flashcards

More practice question and flash cards

Risk & Security Management

Domain_01_CISSP Practice Set 01

Asset Security

Domain_02_CISSP Practice Set 01

Security Architecture & Engineering

Domain_03_CISSP Practice Set 01

Communication & Network Security

Domain_04_CISSP Practice Set 01

Identity & Access Management

Domain_05_CISSP Practice Set 01

Domain 02: Mindmaps, Flashcards and more…

Learn More

CISSP Practice Sets Status

CISSP practice sets and Questions counter

5

CISSP Practice Sets

250

Questions

5.8

Test Submited by Users