nerdexam
(ISC)2

CISSP · Question #301

A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into

The correct answer is A. Enterprise asset management framework. Establishing asset ownership and compliance requires a structured, holistic framework rather than a point solution. An enterprise asset management framework provides the governance, processes, and tooling needed to systematically track, own, and maintain all assets.

Submitted by tarun92· Mar 5, 2026Asset Security

Question

A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?

Options

  • AEnterprise asset management framework
  • BAsset baseline using commercial off the shelf software
  • CAsset ownership database using domain login records
  • DA script to report active user logins on assets

How the community answered

(57 responses)
  • A
    75% (43)
  • B
    16% (9)
  • C
    4% (2)
  • D
    5% (3)

Why each option

Establishing asset ownership and compliance requires a structured, holistic framework rather than a point solution. An enterprise asset management framework provides the governance, processes, and tooling needed to systematically track, own, and maintain all assets.

AEnterprise asset management frameworkCorrect

An enterprise asset management (EAM) framework provides a comprehensive, policy-driven approach to discovering, classifying, assigning ownership, and continuously maintaining asset records across the organization. It aligns with industry standards such as CIS Controls (Control 1: Inventory and Control of Enterprise Assets) and ISO 55000, ensuring governance and compliance are built into the process rather than bolted on. This structured approach addresses the full asset lifecycle, not just point-in-time snapshots.

BAsset baseline using commercial off the shelf software

Using a commercial off-the-shelf software baseline alone addresses asset inventory tooling but does not define the governance processes, ownership assignment policies, or compliance workflows needed to maintain ownership information over time.

CAsset ownership database using domain login records

Domain login records reflect user authentication activity, not asset ownership; an asset may be logged into by multiple users or service accounts, making login records an unreliable and incomplete source for determining true asset ownership.

DA script to report active user logins on assets

A script reporting active user logins is a reactive, ad-hoc mechanism that captures only currently logged-in users at a point in time and provides no structured ownership attribution, historical tracking, or compliance reporting capability.

Concept tested: Enterprise asset management framework for compliance

Source: https://www.cisecurity.org/controls/inventory-and-control-of-enterprise-assets

Topics

#asset management#asset ownership#compliance#asset inventory

Community Discussion

No community discussion yet for this question.

Full CISSP Practice