CISSP Asset Security

Question 1

What is defense in depth in the context of CISSP security?

Accepted Answer

Implementing multiple layers of security controls

Answer

Using one strong security control

Answer

Focusing only on perimeter security

Answer

Relying solely on encryption

Question 2

Which principle states that users should only have access necessary for their role?

Accepted Answer

Principle of least privilege

Answer

Separation of duties

Answer

Need to share

Answer

Defense in depth

Question 3

In CISSP practice, what is the purpose of vulnerability scanning?

Accepted Answer

To identify weaknesses before attackers do

Answer

To exploit systems

Answer

To replace firewalls

Answer

To slow down network traffic

Question 4

What is the recommended response when a security incident is detected in an CISSP environment?

Accepted Answer

Follow the incident response plan: contain, eradicate, recover

Answer

Delete all logs immediately

Answer

Ignore minor incidents

Answer

Immediately shut down all systems

Question 5

Which authentication factor is classified as "something you are"?

Accepted Answer

Biometric data

Answer

Password

Answer

Security token

Answer

Smart card

Question 6

What is the primary purpose of encryption in CISSP security?

Accepted Answer

To protect data confidentiality during storage and transmission

Answer

To make data transfer slower

Answer

To compress data

Answer

To organize data more efficiently