CISSP Question #29: Real Exam Question with Answer & Explanation

The correct answer is C: the level of confidentiality of the information.. The decision to encrypt data transmitted over public networks should be driven by the sensitivity and confidentiality classification of the information, not its monetary value or volume.

Submitted by parkjh· Mar 5, 2026Communication and Network Security

Question

When transmitting information over public networks, the decision to encrypt it should be based on

Options

Athe estimated monetary value of the information.
Bwhether there are transient nodes relaying the transmission.
Cthe level of confidentiality of the information.
Dthe volume of the information.

Explanation

The decision to encrypt data transmitted over public networks should be driven by the sensitivity and confidentiality classification of the information, not its monetary value or volume.

Common mistakes.

A. Monetary value alone is an unreliable metric because highly sensitive information (e.g., personal health records, credentials) may have low direct monetary value yet still require strong encryption due to its confidentiality classification.
B. While the presence of transient relay nodes increases exposure risk, the fundamental trigger for encryption is the confidentiality requirement of the data itself, not the network topology or number of intermediate hops.
D. The volume of data has no bearing on whether it requires encryption; even a single byte of confidential data must be encrypted, while large volumes of public data may require none.

Concept tested. Data classification driving encryption decisions in transit

Reference. https://www.iso.org/standard/54533.html

Topics

#data encryption#confidentiality#public networks#data classification

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions