Asset Security Question CISSP Course: Try this CISSP (Certified Information Systems Security Professional) sample review practice test on Chapter 2: Asset Security for ISC CISSP certification preparation.
This chapter presents the following:
• Information life cycle
• Information classification and protection
• Information ownership
• Protection of privacy
• Asset retention
• Data security controls
• Asset handling requirements
Asset Security Question CISSP Course
Q1. Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is the most likely using to protect against it?
- A. Man-in-the-middle, VPN
- B. Packet injection, encryption
- C. Sniffing, encryption
- D. Sniffing, TEMPEST
Q2. Control Objectives for Information and Related Technology (COBIT) is a framework for information technology (IT) management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements?
- A. Business owners
- B. Data processors
- C. Data owners
- D. Data stewards
Q3. Nadia’s company operates a hybrid cloud environment with some on-site and some cloud-based systems. She has satisfactory on-site monitoring but needs to apply security policies to the activities her users engage in and report on exceptions with her growing number of cloud services. What type of tool is best suited to this purpose?
- A. A NGFW
- B. A CASB
- C. An IDS
- D. A SOAR
Q4. When media is labeled based on the classification of the data it contains, what rule is typically applied regarding labels?
- A. The data is labeled based on its integrity requirements.
- B. The media is labeled based on the highest classification level of the data it contains.
- C. The media is labeled with all levels of classification of the data it contains.
- D. The media is labeled with the lowest classification level of the data it contains.
Q5. Which administrative processes assist organizations in assigning appropriate levels of security control to sensitive information?
- A. Data classification
- B. Remanence
- C. Transmitting data
- D. Clearing
Q6. How can a data retention policy helps to reduce liabilities?
- A. By ensuring that unneeded data isn’t retained
- B. By ensuring that incriminating data is destroyed
- C. By ensuring that data is securely wiped so it cannot be restored for legal discovery
- D. By reducing the cost of data storage required by law
Q7. Staff in the information technology (IT) department who have delegated responsibility for day-to-day tasks hold what data role?
- A. Business owner
- B. User
- C. Data processor
- D. Custodian
Q8. Ben has been tasked with identifying security controls for systems covered by his organization’s information classification system. Why might Ben choose to use a security baseline?
- A. It applies in all circumstances, allowing consistent security controls.
- B. They are approved by industry standards bodies, preventing liability.
- C. They provide a good starting point that can be tailored to organizational needs.
- D. They ensure that systems are always in a certain state.
Q9. Megan wants to prepare media to allow for reuse in an environment operating at the same sensitivity level. Which of the following is the best option to meet her needs?
- A. Clearing
- B. Erasing
- C. Purging
- D. Sanitization
Q10. Mikayla wants to identify data that should be classified that already exists in her environment. What tool is best suited to identifying data like Social Security numbers, credit card numbers, and similar well-understood data formats?
- A. Manual searching
- B. A sensitive data scanning tool
- C. An asset metadata search tool
- D. A data loss prevention system (DLP)
Q11. What issue is common to spare sectors and bad sectors on hard drives as well as overprovisioned space on modern SSDs?
- A. They can be used to hide data.
- B. They can only be degaussed.
- C. They are not addressable, resulting in data remanence.
- D. They may not be cleared, resulting in data remanence.
Q12. Naomi knows that commercial data is typically classified based on different criteria than government data. Which of the following is not a common criterion for commercial data classification?
- A. Useful lifespan
- B. Data value
- C. Impact on national security
- D. Regulatory or legal requirements
For questions 13–15, please refer to the following scenario:
Your organization regularly handles three types of data: information that it shares with cus- tomers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with cus- tomers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations.
Q13. What term best describes data that is resident in system memory?
- A. Data at rest
- B. Buffered data
- C. Data in use
- D. Data in motion
Q14. What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it?
- A. Classification
- B. Symmetric encryption
- C. Watermarks
- D. Metadata
Q15. What type of encryption is best suited for use on the file servers for the proprietary data, and how might you secure the data when it is in motion?
- A. TLS at rest and AES in motion
- B. AES at rest and TLS in motion
- C. VPN at rest and TLS in motion
- D. DES at rest and AES in motion
Q16. What does labeling data allow a DLP system to do?
- A. The DLP system can detect labels and apply appropriate protections based on rules.
- B. The DLP system can adjust labels based on changes in the classification scheme.
- C. The DLP system can modify labels to permit requested actions.
- D. The DLP system can delete unlabeled data.
Q17. Why is it cost-effective to purchase high-quality media to contain sensitive data?
- A. Expensive media is less likely to fail.
- B. The data value often far exceeds the cost of the media.
- C. Expensive media is easier to encrypt.
- D. More expensive media typically improves data integrity.
Q18. Chris is responsible for workstations throughout his company and knows that some of the company’s workstations are used to handle both proprietary information and highly sensitive trade secrets. Which option best describes what should happen at the end of their life (EOL) for the workstations he is responsible for?
- A. Erasing
- B. Clearing
- C. Sanitization
- D. Destruction
Q19. Fred wants to classify his organization’s data using common labels: private, sensitive, public, and proprietary. Which of the following should he apply to his highest classification level based on common industry practices?
- A. Private
- B. Sensitive
- C. Public
- D. Proprietary
Q20. If you are selecting a security standard for a Windows 10 system that processes credit cards, what security standard is your best choice?
- A. Microsoft’s Windows 10 security baseline
- B. The CIS Windows 10 baseline
- C. PCI DSS
- D. The NSA Windows 10 Secure Host Baseline
See also:
- CISSP Practice Test & Preparation Guide 2024
- Security and Risk Management Test
- Asset Security Test
- Security Architecture and Engineering Test
- Communication and Network Security Test
- Identity and Access Management (IAM) Test
- Security Assessment and Testing Test
- Security Operations Test
- Software Development Security Test