Question 1mediummultiple choice
Read the full Asset Security explanation →CISSP Asset Security • Complete Question Bank
Complete CISSP Asset Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. Event Log Entry: Time: 2025-02-15 09:23:45 Event ID: 4663 User: SEC\jsmith Object: \\fileserver\finance\PII_data.xlsx Access: Read Process: excel.exe Time: 2025-02-15 09:24:10 Event ID: 4663 User: SEC\jsmith Object: \\fileserver\finance\PII_data.xlsx Access: Write Process: excel.exe Time: 2025-02-15 09:25:00 Event ID: 5145 User: SEC\jsmith Object: \\fileserver\finance\PII_data.xlsx Access: Delete Process: cmd.exe
Refer to the exhibit.
S3 Bucket Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::confidential-bucket/*"
}
]
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Defines allowed use of organizational assets
Categorizes data based on sensitivity
Procedures for handling security incidents
Rules for password creation and management
Access to classified data is granted based on user's clearance level and need-to-know. The following policy excerpt: 'Classified data shall be stored in approved containers. Access requires signed NDA and manager approval.'
Data Retention Policy: Customer records: 7 years after account closure. Email logs: 90 days. Payment card data: 3 years post transaction per PCI DSS.
Data classification labels: Public, Internal, Confidential, Highly Confidential. Handling: Confidential data must be encrypted at rest and in transit. Access limited to employees with business need.
Refer to the exhibit.
[Object] policy: AccessControl
version: 1.0
groups:
- name: Analysts
rights: [read]
- name: Managers
rights: [read, write]
rules:
- resource: /data/financial
allowed: [Analysts, Managers]
- resource: /data/confidential
allowed: [Managers]
denied: [Analysts]Refer to the exhibit.
{
"policy": {
"id": "data-retention",
"rules": [
{
"data_type": "PII",
"retention_days": 365,
"action": "delete"
},
{
"data_type": "FinancialRecords",
"retention_days": 2555,
"action": "archive"
}
],
"exceptions": [
{
"reason": "Legal hold: Case 2024-007",
"data_ids": ["FIN-001", "FIN-002"],
"action": "preserve"
}
]
}
}Access control list (ACL) extract from a Cisco router: ! access-list 100 permit tcp 10.0.0.0 0.255.255.255 any eq 443 access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 192.168.1.100 eq 22 access-list 100 deny tcp any host 10.0.0.1 eq 80 access-list 100 permit ip any any ! interface GigabitEthernet0/0 ip access-group 100 in !
S3 bucket policy (JSON):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": "arn:aws:s3:::example-bucket/public/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "192.0.2.0/24"
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/DataAnalyst"
},
"Action": ["s3:GetObject"],
"Resource": "arn:aws:s3:::example-bucket/internal/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/BackupAdmin"
},
"Action": ["s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
}
]
}