CISSP Question #301: Real Exam Question with Answer & Explanation

Question

A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?

Options

• AEnterprise asset management framework
• BAsset baseline using commercial off the shelf software
• CAsset ownership database using domain login records
• DA script to report active user logins on assets

Explanation

Establishing asset ownership and compliance requires a structured, holistic framework rather than a point solution. An enterprise asset management framework provides the governance, processes, and tooling needed to systematically track, own, and maintain all assets.

Common mistakes.

• B. Using a commercial off-the-shelf software baseline alone addresses asset inventory tooling but does not define the governance processes, ownership assignment policies, or compliance workflows needed to maintain ownership information over time.
• C. Domain login records reflect user authentication activity, not asset ownership; an asset may be logged into by multiple users or service accounts, making login records an unreliable and incomplete source for determining true asset ownership.
• D. A script reporting active user logins is a reactive, ad-hoc mechanism that captures only currently logged-in users at a point in time and provides no structured ownership attribution, historical tracking, or compliance reporting capability.

Concept tested. Enterprise asset management framework for compliance

Reference. https://www.cisecurity.org/controls/inventory-and-control-of-enterprise-assets

No community discussion yet for this question.