Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Asset Security practice sets

CISSP Asset Security • Complete Question Bank

CISSP Asset Security — All Questions With Answers

Complete CISSP Asset Security question bank — all 0 questions with answers and detailed explanations.

52
Questions
Free
No signup
Certifications/CISSP/Practice Test/Asset Security/All Questions
Question 1mediummultiple choice
Read the full Asset Security explanation →

A financial institution is implementing a data retention policy to comply with regulatory requirements. The policy must ensure that transaction records are retained for 7 years and then securely destroyed. Which of the following is the BEST approach to implement this policy?

Question 2hardmultiple choice
Read the full Asset Security explanation →

During a security audit, it is discovered that a company's data classification labels are inconsistently applied across different departments. Which of the following is the BEST long-term solution to ensure consistent data classification?

Question 3easymultiple choice
Read the full Asset Security explanation →

An organization wants to protect sensitive data stored on laptops. Which of the following is the MOST effective control to prevent data loss if a laptop is stolen?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization is moving patient records to a cloud storage service. Which of the following is the MOST important requirement to ensure data security and compliance with HIPAA?

Question 5hardmultiple choice
Read the full Asset Security explanation →

A company is decommissioning a data center and needs to dispose of hard drives that contained highly confidential financial data. Which of the following methods provides the HIGHEST assurance that data cannot be recovered?

Question 6mediummulti select
Read the full Asset Security explanation →

Which TWO of the following are essential components of a data classification policy? (Select two.)

Question 7hardmulti select
Read the full Asset Security explanation →

Which THREE of the following are valid considerations when implementing data loss prevention (DLP) controls to protect sensitive data? (Select three.)

Question 8easymultiple choice
Read the full Asset Security explanation →

An analyst reviews the exhibit showing Windows security event logs. What activity should be investigated as a potential data exfiltration attempt?

Exhibit

Refer to the exhibit.

Event Log Entry:
Time: 2025-02-15 09:23:45
Event ID: 4663
User: SEC\jsmith
Object: \\fileserver\finance\PII_data.xlsx
Access: Read
Process: excel.exe

Time: 2025-02-15 09:24:10
Event ID: 4663
User: SEC\jsmith
Object: \\fileserver\finance\PII_data.xlsx
Access: Write
Process: excel.exe

Time: 2025-02-15 09:25:00
Event ID: 5145
User: SEC\jsmith
Object: \\fileserver\finance\PII_data.xlsx
Access: Delete
Process: cmd.exe
Question 9mediummultiple choice
Read the full Asset Security explanation →

A security engineer reviews the S3 bucket policy in the exhibit. What is the most significant security issue with this configuration?

Exhibit

Refer to the exhibit.

S3 Bucket Policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::confidential-bucket/*"
    }
  ]
}
Question 10hardmultiple choice
Read the full NAT/PAT explanation →

You are the security architect for a multinational corporation that handles highly sensitive intellectual property (IP) and personally identifiable information (PII) for clients in multiple jurisdictions, including GDPR and CCPA regions. The company recently experienced a data breach where an attacker exfiltrated 50 GB of data from a file server by exploiting a vulnerability in the backup software. The backup software had been configured with default credentials and was accessible from the internet. The security team has implemented compensating controls, but management wants to prevent such incidents in the future. You have been asked to recommend a long-term strategy to protect sensitive data assets. The budget is limited, and the solution must minimize user friction. Current environment: On-premises Active Directory with Windows file servers, some data in AWS S3, and a mix of laptops and mobile devices. The organization uses Microsoft 365 for email and collaboration. Which of the following is the BEST course of action?

Question 11mediumdrag order
Read the full Asset Security explanation →

Drag and drop the steps for a forensic investigation in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 12mediummatching
Read the full Asset Security explanation →

Match each security policy to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Defines allowed use of organizational assets

Categorizes data based on sensitivity

Procedures for handling security incidents

Rules for password creation and management

Question 13easymultiple choice
Read the full Asset Security explanation →

A company wants to ensure that data is properly classified before storage. Which control should be implemented?

Question 14mediummultiple choice
Read the full Asset Security explanation →

A financial institution must retain customer transaction records for 7 years. After that, what is the most appropriate action?

Question 15hardmultiple choice
Read the full Asset Security explanation →

An organization implements a data masking policy for production databases. Which of the following best describes the primary goal?

Question 16easymultiple choice
Read the full Asset Security explanation →

In asset security, which of the following is a primary responsibility of a data owner?

Question 17mediummultiple choice
Read the full Asset Security explanation →

A company uses a cloud storage service. Which asset security control is most important to prevent unauthorized access to data?

Question 18hardmultiple choice
Read the full Asset Security explanation →

An organization is decommissioning a data center. Which of the following is the most secure method for sanitizing hard drives that will be reused?

Question 19easymultiple choice
Read the full Asset Security explanation →

A data classification scheme includes Public, Internal, Confidential, and Restricted. Which classification requires the highest level of protection?

Question 20mediummultiple choice
Read the full Asset Security explanation →

A security analyst discovers that a business unit is storing sensitive data on a file share without classification labels. What is the first step to remediate?

Question 21hardmultiple choice
Read the full Asset Security explanation →

An organization implements a data loss prevention (DLP) solution to monitor data in motion. Which type of data is typically most challenging to detect?

Question 22mediummulti select
Read the full Asset Security explanation →

Which THREE of the following are examples of data at rest?

Question 23hardmulti select
Read the full Asset Security explanation →

Which TWO of the following are valid data de-identification techniques?

Question 24easymulti select
Read the full Asset Security explanation →

Which THREE of the following are recognized roles in asset security?

Question 25mediummultiple choice
Read the full Asset Security explanation →

Refer to the exhibit. Which access control model is described?

Exhibit

Access to classified data is granted based on user's clearance level and need-to-know. The following policy excerpt: 'Classified data shall be stored in approved containers. Access requires signed NDA and manager approval.'
Question 26hardmultiple choice
Read the full Asset Security explanation →

Refer to the exhibit. An organization has a lawsuit requiring preservation of all records related to a customer dispute from 2018. Which data set must be preserved beyond its scheduled retention?

Exhibit

Data Retention Policy: Customer records: 7 years after account closure. Email logs: 90 days. Payment card data: 3 years post transaction per PCI DSS.
Question 27easymultiple choice
Read the full Asset Security explanation →

Refer to the exhibit. A project team is sending a spreadsheet marked Confidential via email. What control is required?

Exhibit

Data classification labels: Public, Internal, Confidential, Highly Confidential. Handling: Confidential data must be encrypted at rest and in transit. Access limited to employees with business need.
Question 28easymultiple choice
Read the full Asset Security explanation →

A healthcare organization must decommission a server containing protected health information (PHI). Which data sanitization method ensures the data is irrecoverable while complying with regulatory requirements?

Question 29mediummultiple choice
Read the full Asset Security explanation →

A financial institution is implementing a data classification policy. Which role is responsible for assigning initial classification labels to data assets?

Question 30hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is designing a data retention schedule. Which factor is most critical when determining retention periods for personal data subject to the GDPR?

Question 31easymultiple choice
Read the full Asset Security explanation →

A company's data classification policy labels information as 'Internal Use Only' and 'Confidential.' An employee emails a 'Confidential' document to an external partner without authorization. Which type of data security objective has been violated?

Question 32mediummultiple choice
Read the full Asset Security explanation →

An organization uses a data loss prevention (DLP) system to monitor outbound emails. Which data classification type would the DLP most likely use to detect sensitive information leaving the network?

Question 33hardmultiple choice
Read the full Asset Security explanation →

A company is implementing a data masking solution for a test database that mirrors production. Which masking technique preserves referential integrity while obfuscating sensitive values?

Question 34easymultiple choice
Read the full Asset Security explanation →

Which data lifecycle phase involves the process of determining the value of data and assigning appropriate controls to protect it?

Question 35mediummultiple choice
Read the full Asset Security explanation →

A security architect is designing controls for a cloud-based file storage service that stores personally identifiable information (PII). Which control best ensures that data remains encrypted at rest without involving the cloud provider's key management?

Question 36hardmultiple choice
Read the full Asset Security explanation →

A government agency's data retention policy requires that classified documents be destroyed after 10 years. Which method ensures both the information and the media are completely destroyed in a way that is verifiable and auditable?

Question 37easymulti select
Read the full Asset Security explanation →

Which TWO of the following are principles of the data minimization concept under privacy regulations such as GDPR?

Question 38mediummulti select
Read the full Asset Security explanation →

Which TWO of the following are valid types of data classification labels commonly used in commercial organizations?

Question 39hardmulti select
Read the full Asset Security explanation →

Which THREE of the following are key considerations when implementing a data retention policy for an organization subject to multiple legal jurisdictions?

Question 40easymultiple choice
Read the full Asset Security explanation →

Refer to the exhibit. An analyst attempts to read /data/confidential. What will be the outcome?

Exhibit

Refer to the exhibit.

[Object] policy: AccessControl
 version: 1.0
 groups:
  - name: Analysts
    rights: [read]
  - name: Managers
    rights: [read, write]
 rules:
  - resource: /data/financial
    allowed: [Analysts, Managers]
  - resource: /data/confidential
    allowed: [Managers]
    denied: [Analysts]
Question 41mediummultiple choice
Read the full Asset Security explanation →

Refer to the exhibit. The file data.txt contains PII. What is the most likely security issue indicated by the logs?

Network Topology
-rw-rrRefer to the exhibit.$ ls -l data.txt
Question 42hardmultiple choice
Read the full Asset Security explanation →

Refer to the exhibit. A legal hold exception preserves FinancialRecords FIN-001 and FIN-002. What is the correct action for FinancialRecords that are not under legal hold?

Exhibit

Refer to the exhibit.

{
  "policy": {
    "id": "data-retention",
    "rules": [
      {
        "data_type": "PII",
        "retention_days": 365,
        "action": "delete"
      },
      {
        "data_type": "FinancialRecords",
        "retention_days": 2555,
        "action": "archive"
      }
    ],
    "exceptions": [
      {
        "reason": "Legal hold: Case 2024-007",
        "data_ids": ["FIN-001", "FIN-002"],
        "action": "preserve"
      }
    ]
  }
}
Question 43mediummultiple choice
Read the full Asset Security explanation →

A financial institution is implementing a data loss prevention (DLP) solution to protect customer financial information. The DLP system must detect and block the transmission of credit card numbers via email. Which of the following is the BEST approach to ensure accurate detection while minimizing false positives?

Question 44easymultiple choice
Read the full NAT/PAT explanation →

A multinational corporation must ensure that data leaving the organization's network is classified and labeled appropriately. Which of the following is the MOST effective method to enforce consistent labeling across all data types?

Question 45hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. An organization uses this ACL on the external interface of a border router to control access to internal services. A security analyst discovered that an attacker from the Internet was able to SSH into the internal server at 192.168.1.100. Which of the following is the MOST likely reason for this security gap?

Exhibit

Access control list (ACL) extract from a Cisco router:
!
access-list 100 permit tcp 10.0.0.0 0.255.255.255 any eq 443
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 192.168.1.100 eq 22
access-list 100 deny tcp any host 10.0.0.1 eq 80
access-list 100 permit ip any any
!
interface GigabitEthernet0/0
 ip access-group 100 in
!
Question 46mediummultiple choice
Read the full Asset Security explanation →

Refer to the exhibit. A security engineer is reviewing the S3 bucket policy. The BackupAdmin role is intended to perform backups and restores of the entire bucket. What is the MOST significant security concern with this policy?

Exhibit

S3 bucket policy (JSON):
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetObject"],
      "Resource": "arn:aws:s3:::example-bucket/public/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:role/DataAnalyst"
      },
      "Action": ["s3:GetObject"],
      "Resource": "arn:aws:s3:::example-bucket/internal/*"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:role/BackupAdmin"
      },
      "Action": ["s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
      "Resource": [
        "arn:aws:s3:::example-bucket",
        "arn:aws:s3:::example-bucket/*"
      ]
    }
  ]
}
Question 47mediummulti select
Read the full Asset Security explanation →

Which THREE of the following are valid methods to reduce the risk of data exfiltration via removable media in a high-security environment?

Question 48hardmulti select
Read the full Asset Security explanation →

Which TWO of the following are essential characteristics of an effective information classification scheme?

Question 49hardmultiple choice
Open the full VLAN trunking answer →

A global manufacturing company with headquarters in Europe and factories in Asia and North America has recently experienced a data breach. The breach involved the theft of intellectual property (IP) containing product designs stored on a file server located in the Asian factory. The investigation revealed that the attacker gained access using a compromised administrator account from a contractor's laptop that was connected to the corporate VPN. The company has implemented network segmentation, but the file server resides in the same VLAN as other factory equipment. The company uses Active Directory for identity management, and all employees and contractors use the same domain. The company is now reviewing its data governance policies to prevent future incidents. The security team must recommend a set of controls that address the root cause while maintaining operational efficiency. Which of the following is the BEST course of action?

Question 50mediummultiple choice
Read the full NAT/PAT explanation →

A hospital chain collects and stores electronic health records (EHR) for millions of patients. The EHR system is hosted in a private cloud and accessed by doctors, nurses, and administrative staff from various locations. Recently, an internal audit found that several employees shared their login credentials with colleagues to expedite workflows. The hospital must comply with HIPAA and state privacy laws. The security officer wants to implement a solution that minimizes the risk of unauthorized access due to shared credentials while still allowing efficient access for patient care. Which of the following is the BEST approach?

Question 51mediummultiple choice
Read the full Asset Security explanation →

A software development company uses a continuous integration/continuous deployment (CI/CD) pipeline that automatically builds and deploys code to production after passing automated tests. The code repository contains proprietary algorithms and customer data. A recent incident was traced to an attacker who injected malicious code into a library that was pulled from a public package repository during the build process. The company wants to prevent similar supply chain attacks without significantly slowing development. Which of the following is the BEST course of action?

Question 52easymultiple choice
Read the full Asset Security explanation →

A small business owner stores customer payment card information (PCI) in a legacy database that is not compliant with PCI DSS. The business is migrating to a new cloud-based point-of-sale (POS) system that uses tokenization. The owner wants to ensure that the legacy data is handled securely during the transition. Which of the following is the BEST approach?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CISSP Practice Test 1 — 10 Questions→CISSP Practice Test 2 — 10 Questions→CISSP Practice Test 3 — 10 Questions→CISSP Practice Test 4 — 10 Questions→CISSP Practice Test 5 — 10 Questions→CISSP Practice Exam 1 — 20 Questions→CISSP Practice Exam 2 — 20 Questions→CISSP Practice Exam 3 — 20 Questions→CISSP Practice Exam 4 — 20 Questions→Free CISSP Practice Test 1 — 30 Questions→Free CISSP Practice Test 2 — 30 Questions→Free CISSP Practice Test 3 — 30 Questions→CISSP Practice Questions 1 — 50 Questions→CISSP Practice Questions 2 — 50 Questions→CISSP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Software Development SecuritySecurity Assessment and TestingIdentity and Access ManagementSecurity and Risk ManagementSecurity Architecture and EngineeringCommunication and Network SecurityAsset SecuritySecurity Operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Asset Security setsAll Asset Security questionsCISSP Practice Hub