nerdexam
(ISC)2

CISSP · Question #1516

Drag and Drop Question Place the following information classification steps in sequential order. Answer:

The correct answer is Document the information assets; Assign a classification level; Apply the appropriate security markings; Conduct periodic classification reviews; Declassify information when appropriate. Information classification follows a logical lifecycle: you must first identify and document what information assets exist before you can evaluate them, then assign a classification level based on sensitivity and value, apply the appropriate security markings so handlers know how

Submitted by kim_seoul· Mar 5, 2026Asset Security - Understanding and applying data classification policies and procedures (CISSP Domain 2 / CompTIA Security+ Data Protection)

Question

Drag and Drop Question Place the following information classification steps in sequential order. Answer:

Exhibit

CISSP question #1516 exhibit

Answer Area

Drag items

Declassify information when appropriateApply the appropriate security markingsConduct periodic classification reviewsAssign a classification levelDocument the information assets

Correct arrangement

  • Document the information assets
  • Assign a classification level
  • Apply the appropriate security markings
  • Conduct periodic classification reviews
  • Declassify information when appropriate

Explanation

Information classification follows a logical lifecycle: you must first identify and document what information assets exist before you can evaluate them, then assign a classification level based on sensitivity and value, apply the appropriate security markings so handlers know how to protect it, conduct periodic reviews to ensure the classification remains accurate over time, and finally declassify when the information no longer warrants protection. This sequence reflects both practical necessity (you can't classify what you haven't identified) and governance best practices (declassification is always the last step, not an early decision). Skipping or reordering steps would create security gaps, such as marking data before properly evaluating its sensitivity or declassifying without periodic review to justify the decision.

Topics

#Information Classification#Data Governance#Security Markings#Asset Management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice