Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›CISSP›Objectives›Asset Security
Objective 2.0

Asset Security

CISSP Practice Questions

Use this page to practise Asset Security questions for this certification. Focus on how the exam tests asset security in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

CISSP Asset Security — Key Topics

Asset Security questions on this certification test your ability to deploy and manage asset security concepts in scenario-based situations.

  • Core Asset Security concepts and how they apply in real-world cloud scenarios.
  • How to deploy asset security correctly and verify the outcome.
  • Troubleshooting asset security issues by interpreting error output and system state.
  • Cloud best practices and Asset Security design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Asset Security

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

CISSP Asset Security — Practice Questions

30 questions from this objective

Question 2mediummultiple choice
Full question →

A financial institution is implementing a data retention policy to comply with regulatory requirements. The policy must ensure that transaction records are retained for 7 years and then securely destroyed. Which of the following is the BEST approach to implement this policy?

Question 3hardmultiple choice
Full question →

During a security audit, it is discovered that a company's data classification labels are inconsistently applied across different departments. Which of the following is the BEST long-term solution to ensure consistent data classification?

Question 4easymultiple choice
Full question →

An organization wants to protect sensitive data stored on laptops. Which of the following is the MOST effective control to prevent data loss if a laptop is stolen?

Question 5mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization is moving patient records to a cloud storage service. Which of the following is the MOST important requirement to ensure data security and compliance with HIPAA?

Question 6hardmultiple choice
Full question →

A company is decommissioning a data center and needs to dispose of hard drives that contained highly confidential financial data. Which of the following methods provides the HIGHEST assurance that data cannot be recovered?

Question 7mediummulti select
Full question →

Which TWO of the following are essential components of a data classification policy? (Select two.)

Question 8hardmulti select
Full question →

Which THREE of the following are valid considerations when implementing data loss prevention (DLP) controls to protect sensitive data? (Select three.)

Question 9easymultiple choice
Full question →

An analyst reviews the exhibit showing Windows security event logs. What activity should be investigated as a potential data exfiltration attempt?

Exhibit

Refer to the exhibit.

Event Log Entry:
Time: 2025-02-15 09:23:45
Event ID: 4663
User: SEC\jsmith
Object: \\fileserver\finance\PII_data.xlsx
Access: Read
Process: excel.exe

Time: 2025-02-15 09:24:10
Event ID: 4663
User: SEC\jsmith
Object: \\fileserver\finance\PII_data.xlsx
Access: Write
Process: excel.exe

Time: 2025-02-15 09:25:00
Event ID: 5145
User: SEC\jsmith
Object: \\fileserver\finance\PII_data.xlsx
Access: Delete
Process: cmd.exe
Question 10mediummultiple choice
Full question →

A security engineer reviews the S3 bucket policy in the exhibit. What is the most significant security issue with this configuration?

Exhibit

Refer to the exhibit.

S3 Bucket Policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::confidential-bucket/*"
    }
  ]
}
Question 11hardmultiple choice
Read the full NAT/PAT explanation →

You are the security architect for a multinational corporation that handles highly sensitive intellectual property (IP) and personally identifiable information (PII) for clients in multiple jurisdictions, including GDPR and CCPA regions. The company recently experienced a data breach where an attacker exfiltrated 50 GB of data from a file server by exploiting a vulnerability in the backup software. The backup software had been configured with default credentials and was accessible from the internet. The security team has implemented compensating controls, but management wants to prevent such incidents in the future. You have been asked to recommend a long-term strategy to protect sensitive data assets. The budget is limited, and the solution must minimize user friction. Current environment: On-premises Active Directory with Windows file servers, some data in AWS S3, and a mix of laptops and mobile devices. The organization uses Microsoft 365 for email and collaboration. Which of the following is the BEST course of action?

Question 12mediumdrag order
Full question →

Drag and drop the steps for a forensic investigation in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 13mediummatching
Full question →

Match each security policy to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Defines allowed use of organizational assets

Categorizes data based on sensitivity

Procedures for handling security incidents

Rules for password creation and management

Question 14easymultiple choice
Full question →

A company wants to ensure that data is properly classified before storage. Which control should be implemented?

Question 15mediummultiple choice
Full question →

A financial institution must retain customer transaction records for 7 years. After that, what is the most appropriate action?

Question 16hardmultiple choice
Full question →

An organization implements a data masking policy for production databases. Which of the following best describes the primary goal?

Question 17easymultiple choice
Full question →

In asset security, which of the following is a primary responsibility of a data owner?

Question 18mediummultiple choice
Full question →

A company uses a cloud storage service. Which asset security control is most important to prevent unauthorized access to data?

Question 19hardmultiple choice
Full question →

An organization is decommissioning a data center. Which of the following is the most secure method for sanitizing hard drives that will be reused?

Question 20easymultiple choice
Full question →

A data classification scheme includes Public, Internal, Confidential, and Restricted. Which classification requires the highest level of protection?

Question 21mediummultiple choice
Full question →

A security analyst discovers that a business unit is storing sensitive data on a file share without classification labels. What is the first step to remediate?

Question 22hardmultiple choice
Full question →

An organization implements a data loss prevention (DLP) solution to monitor data in motion. Which type of data is typically most challenging to detect?

Question 23mediummulti select
Full question →

Which THREE of the following are examples of data at rest?

Question 24hardmulti select
Full question →

Which TWO of the following are valid data de-identification techniques?

Question 25easymulti select
Full question →

Which THREE of the following are recognized roles in asset security?

Question 26mediummultiple choice
Full question →

Refer to the exhibit. Which access control model is described?

Exhibit

Access to classified data is granted based on user's clearance level and need-to-know. The following policy excerpt: 'Classified data shall be stored in approved containers. Access requires signed NDA and manager approval.'
Question 27hardmultiple choice
Full question →

Refer to the exhibit. An organization has a lawsuit requiring preservation of all records related to a customer dispute from 2018. Which data set must be preserved beyond its scheduled retention?

Exhibit

Data Retention Policy: Customer records: 7 years after account closure. Email logs: 90 days. Payment card data: 3 years post transaction per PCI DSS.
Question 28easymultiple choice
Full question →

Refer to the exhibit. A project team is sending a spreadsheet marked Confidential via email. What control is required?

Exhibit

Data classification labels: Public, Internal, Confidential, Highly Confidential. Handling: Confidential data must be encrypted at rest and in transit. Access limited to employees with business need.
Question 29easymultiple choice
Full question →

A healthcare organization must decommission a server containing protected health information (PHI). Which data sanitization method ensures the data is irrecoverable while complying with regulatory requirements?

Question 30mediummultiple choice
Full question →

A financial institution is implementing a data classification policy. Which role is responsible for assigning initial classification labels to data assets?

Question 31hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is designing a data retention schedule. Which factor is most critical when determining retention periods for personal data subject to the GDPR?

More Asset Security questions available in the full practice test.

Continue Practising →

Next objective

Security Operations

→

All CISSP Objectives

  • 2.Asset Security
  • 7.Security Operations