nerdexam
(ISC)2

CISSP · Question #29

When transmitting information over public networks, the decision to encrypt it should be based on

The correct answer is C. the level of confidentiality of the information.. The decision to encrypt data transmitted over public networks should be driven by the sensitivity and confidentiality classification of the information, not its monetary value or volume.

Submitted by parkjh· Mar 5, 2026Communication and Network Security

Question

When transmitting information over public networks, the decision to encrypt it should be based on

Options

  • Athe estimated monetary value of the information.
  • Bwhether there are transient nodes relaying the transmission.
  • Cthe level of confidentiality of the information.
  • Dthe volume of the information.

How the community answered

(24 responses)
  • B
    8% (2)
  • C
    88% (21)
  • D
    4% (1)

Why each option

The decision to encrypt data transmitted over public networks should be driven by the sensitivity and confidentiality classification of the information, not its monetary value or volume.

Athe estimated monetary value of the information.

Monetary value alone is an unreliable metric because highly sensitive information (e.g., personal health records, credentials) may have low direct monetary value yet still require strong encryption due to its confidentiality classification.

Bwhether there are transient nodes relaying the transmission.

While the presence of transient relay nodes increases exposure risk, the fundamental trigger for encryption is the confidentiality requirement of the data itself, not the network topology or number of intermediate hops.

Cthe level of confidentiality of the information.Correct

Encryption decisions are governed by data classification policies, which categorize information by its level of confidentiality (e.g., public, internal, confidential, restricted). Highly confidential data requires encryption to prevent unauthorized disclosure during transit over untrusted public networks. This aligns with information security principles such as those in ISO/IEC 27002, which tie cryptographic controls to the sensitivity of the data being protected.

Dthe volume of the information.

The volume of data has no bearing on whether it requires encryption; even a single byte of confidential data must be encrypted, while large volumes of public data may require none.

Concept tested: Data classification driving encryption decisions in transit

Source: https://www.iso.org/standard/54533.html

Topics

#data encryption#confidentiality#public networks#data classification

Community Discussion

No community discussion yet for this question.

Full CISSP Practice