Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Asset Security practice sets

CISSP Asset Security • Complete Question Bank

CISSP Asset Security — All Questions With Answers

Complete CISSP Asset Security question bank — all 0 questions with answers and detailed explanations.

46
Questions
Free
No signup
Certifications/CISSP/Practice Test/Asset Security/All Questions
Question 1mediummultiple choice
Read the full Asset Security explanation →

A government contractor handles classified information up to the Secret level. The company's data classification policy recently changed, requiring that all documents marked as 'Confidential' be reclassified as 'Secret' after review. Who is ultimately accountable for ensuring that reclassification is performed correctly?

Question 2easymultiple choice
Read the full Asset Security explanation →

An organization's data retention policy requires that financial records be kept for seven years. After that period, the records must be destroyed in a manner that prevents reconstruction. Which of the following is the best sanitization method for paper records containing sensitive financial data?

Question 3hardmultiple choice
Read the full Asset Security explanation →

A company collects PII from European customers for order processing. Under GDPR, they engage a third-party logistics provider to handle shipping. Which role does the logistics provider typically assume in this scenario?

Question 4mediummultiple choice
Read the full Asset Security explanation →

A healthcare organization must decommission an old server containing patient health information (PHI) stored on solid-state drives (SSDs). Standard overwriting techniques are ineffective for SSDs due to wear-leveling and bad block mapping. Which sanitization method is most appropriate for these drives?

Question 5easymultiple choice
Read the full Asset Security explanation →

An organization wants to implement a data classification scheme for internal use. Which of the following is an example of a commercial data classification label?

Question 6mediummultiple choice
Read the full Asset Security explanation →

A database administrator (DBA) is responsible for implementing access controls and backup procedures for a customer database containing PII. The DBA reports to the data owner regarding security measures. Which role best describes the DBA's responsibilities?

Question 7hardmultiple choice
Read the full Asset Security explanation →

An organization is implementing privacy by design in a new application that collects user location data. Which practice best aligns with the data minimization principle?

Question 8mediummultiple choice
Read the full Asset Security explanation →

A financial institution is preparing to dispose of magnetic tape backups containing transaction records. The tapes are no longer needed for retention. Which sanitization method is most effective for rendering the data unrecoverable on magnetic tape?

Question 9easymultiple choice
Read the full Asset Security explanation →

Which phase of the data lifecycle involves the removal of data from active storage and placement into long-term storage for potential future use?

Question 10mediummultiple choice
Read the full Asset Security explanation →

A company's software asset management team discovers an unauthorized copy of a licensed application installed on several employee workstations. What is the primary risk associated with this finding?

Question 11hardmultiple choice
Read the full Asset Security explanation →

A data warehouse contains anonymized customer transaction data used for analytics. The anonymization process removed direct identifiers and applied k-anonymity with k=10. An attacker obtains the dataset and attempts to re-identify individuals using auxiliary information. Which of the following best describes the residual privacy risk?

Question 12mediummultiple choice
Read the full Asset Security explanation →

An organization's data retention policy specifies that customer records must be retained for five years after the end of the business relationship. After that period, what should be done with the data according to best practices?

Question 13easymultiple choice
Read the full Asset Security explanation →

What is the primary purpose of a configuration management database (CMDB) in asset management?

Question 14hardmultiple choice
Read the full Asset Security explanation →

A company uses differential privacy to release aggregate statistics from a dataset containing sensitive employee information. Which of the following is true regarding differential privacy?

Question 15mediummultiple choice
Read the full Asset Security explanation →

An organization is required to declassify a document that was previously classified as 'Secret' under government guidelines. What process must be followed before the document can be released to the public?

Question 16mediummulti select
Read the full Asset Security explanation →

A multinational corporation is implementing a data classification policy for commercial data. Which TWO labels are commonly used in commercial classification schemes? (Select TWO.)

Question 17mediummulti select
Read the full Asset Security explanation →

An organization is developing a new application that collects and processes European customers' personal data. To comply with the privacy by design principles under GDPR, which THREE measures should be implemented? (Select THREE.)

Question 18hardmulti select
Read the full Asset Security explanation →

A security professional is tasked with sanitizing a set of hard drives that contain sensitive corporate data. The organization wants to ensure that data cannot be recovered, even by advanced forensic methods. According to NIST SP 800-88, which THREE methods are considered appropriate for sanitization? (Select THREE.)

Question 19mediummultiple choice
Read the full Asset Security explanation →

A government contractor handles documents classified as 'Secret.' Which of the following represents the correct handling of these documents when they are no longer needed?

Question 20mediummultiple choice
Read the full Asset Security explanation →

A company is implementing a data classification scheme. Which category should be assigned to internal memos about employee benefit plans that are not intended for public disclosure?

Question 21hardmultiple choice
Read the full Asset Security explanation →

An organization wants to ensure that data is protected throughout its lifecycle. Which step in the data lifecycle is most critical for enforcing data retention policies?

Question 22easymultiple choice
Read the full Asset Security explanation →

Which role is ultimately accountable for the classification of data within an organization?

Question 23mediummultiple choice
Read the full Asset Security explanation →

A company must destroy a set of hard drives containing sensitive customer data. The drives are magnetic (HDDs). Which destruction method provides the highest assurance of data irrecoverability?

Question 24mediummultiple choice
Read the full Asset Security explanation →

Under the GDPR, which role is responsible for determining the purposes and means of processing personal data?

Question 25hardmultiple choice
Read the full Asset Security explanation →

An organization is implementing privacy by design for a new application that processes PII. Which practice BEST aligns with the data minimization principle?

Question 26easymultiple choice
Read the full Asset Security explanation →

Which type of data is considered sensitive PII and requires enhanced protection?

Question 27mediummultiple choice
Read the full Asset Security explanation →

A security administrator needs to ensure that data stored on a server is unrecoverable after decommissioning. The server uses SSDs. Which sanitization method is MOST appropriate?

Question 28hardmultiple choice
Read the full Asset Security explanation →

A company has a data retention policy requiring customer transaction records to be kept for 7 years. After 7 years, the data should be destroyed. Which phase of the data lifecycle governs this action?

Question 29easymultiple choice
Read the full Asset Security explanation →

Which term describes the process of modifying data so that it cannot be attributed to a specific individual without additional information that is kept separately?

Question 30mediummultiple choice
Read the full Asset Security explanation →

An organization uses a configuration management database (CMDB). Which of the following is the PRIMARY purpose of a CMDB?

Question 31hardmultiple choice
Read the full Asset Security explanation →

A company is designing a database that will contain personally identifiable information (PII). To reduce privacy risk, they decide to add controlled noise to query results. This technique is known as:

Question 32mediummulti select
Read the full Asset Security explanation →

A data custodian is responsible for implementing controls to protect data. Which TWO of the following are typical responsibilities of a data custodian? (Select 2)

Question 33hardmulti select
Read the full Asset Security explanation →

An organization is developing a privacy program. Which THREE of the following are core principles of privacy by design? (Select 3)

Question 34mediummultiple choice
Read the full Asset Security explanation →

A government contractor handles data classified as 'Secret'. According to government data classification levels, which of the following is the correct order from most restrictive to least restrictive?

Question 35easymultiple choice
Read the full Asset Security explanation →

A data owner has classified a dataset as 'Confidential' in a commercial organization. Which of the following best describes the primary responsibility of the data owner for this dataset?

Question 36hardmultiple choice
Read the full Asset Security explanation →

A financial institution stores customer PII, including Social Security numbers (SSNs). Under privacy regulations, SSNs are considered sensitive PII. Which of the following techniques would best reduce the risk of re-identification while preserving the utility of the data for statistical analysis?

Question 37mediummultiple choice
Read the full Asset Security explanation →

An organization is decommissioning a server containing magnetic hard drives that stored sensitive data. The data has been backed up to tape and the drives are to be reused. Which media sanitization method is most appropriate to ensure data cannot be recovered while preserving the drives for reuse?

Question 38mediummultiple choice
Read the full Asset Security explanation →

Under GDPR, a company processes personal data on behalf of a data controller. Which role does the company fulfill?

Question 39easymultiple choice
Read the full Asset Security explanation →

Which phase of the data lifecycle includes the act of securely deleting data that is no longer needed, in accordance with retention policies?

Question 40hardmultiple choice
Read the full Asset Security explanation →

During an audit, it is discovered that a database containing personally identifiable information (PII) has been retained for 10 years beyond the regulatory requirement. The data owner has not approved the retention extension. Which data lifecycle principle is primarily being violated?

Question 41mediummultiple choice
Read the full Asset Security explanation →

A company wants to ensure that data labeled 'Internal Use Only' is not inadvertently disclosed to unauthorized parties. What is the most effective way to communicate handling requirements to employees?

Question 42easymultiple choice
Read the full Asset Security explanation →

Which of the following is the primary purpose of a configuration management database (CMDB) in asset management?

Question 43hardmultiple choice
Read the full Asset Security explanation →

An organization uses full disk encryption on all laptops containing sensitive data. A laptop is to be decommissioned, and the data must be sanitized. The laptop's SSD cannot be overwritten reliably due to wear-leveling. Which method is most appropriate?

Question 44mediummulti select
Read the full Asset Security explanation →

A data breach has occurred involving a database that contains personally identifiable information (PII). As part of incident response, the organization needs to identify all roles responsible for data protection. Which TWO roles are primarily accountable for data classification and protection requirements according to typical data governance frameworks?

Question 45mediummulti select
Read the full Asset Security explanation →

A company is implementing a data retention policy for customer records. Which THREE factors should be considered when determining retention periods?

Question 46hardmulti select
Read the full Asset Security explanation →

An organization is reviewing its media sanitization procedures. Which TWO methods are considered acceptable for sanitizing solid-state drives (SSDs) according to NIST SP 800-88 guidelines?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CISSP Practice Test 1 — 25 Questions→CISSP Practice Test 2 — 25 Questions→CISSP Practice Test 3 — 25 Questions→CISSP Practice Test 4 — 25 Questions→CISSP Practice Test 5 — 25 Questions→CISSP Practice Exam 1 — 20 Questions→CISSP Practice Exam 2 — 20 Questions→CISSP Practice Exam 3 — 20 Questions→CISSP Practice Exam 4 — 20 Questions→Free CISSP Practice Test 1 — 30 Questions→Free CISSP Practice Test 2 — 30 Questions→Free CISSP Practice Test 3 — 30 Questions→CISSP Practice Questions 1 — 50 Questions→CISSP Practice Questions 2 — 50 Questions→CISSP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security and Risk ManagementAsset SecuritySecurity OperationsSecurity Architecture and EngineeringCommunication and Network SecuritySecurity Assessment and TestingSoftware Development SecurityIdentity and Access Management

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Asset Security setsAll Asset Security questionsCISSP Practice Hub