nerdexam
(ISC)2

CISSP · Question #420

Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

The correct answer is D. The classification of the data on the asset. The primary security consideration for handling IT assets is determined by the sensitivity and classification of the data they store or process, which drives all subsequent security decisions.

Submitted by certguy· Mar 5, 2026Asset Security

Question

Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Options

  • AThe monetary value of the asset
  • BThe controls implemented on the asset
  • CThe physical form factor of the asset
  • DThe classification of the data on the asset

How the community answered

(43 responses)
  • A
    7% (3)
  • B
    14% (6)
  • C
    5% (2)
  • D
    74% (32)

Why each option

The primary security consideration for handling IT assets is determined by the sensitivity and classification of the data they store or process, which drives all subsequent security decisions.

AThe monetary value of the asset

Monetary value does not determine security requirements; a low-cost USB drive containing classified data requires far more stringent controls than an expensive server holding only public information.

BThe controls implemented on the asset

Controls are implemented as a result of the data classification decision, not the primary consideration itself; controls are the response to the security requirement, not the driver of it.

CThe physical form factor of the asset

Physical form factor (e.g., laptop vs. server vs. mobile device) may influence certain security measures but is not the primary determinant of how an asset should be protected; the data it holds takes precedence.

DThe classification of the data on the assetCorrect

Data classification (e.g., public, internal, confidential, restricted) determines the required level of protection for an IT asset, dictating handling procedures, access controls, storage requirements, and disposal methods. An asset containing highly classified or sensitive data must be protected accordingly regardless of its physical form or monetary value. This principle is foundational in frameworks like NIST SP 800-60 and ISO 27001, where data sensitivity drives asset security policy.

Concept tested: IT asset handling based on data classification

Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf

Topics

#asset handling#data classification#security controls

Community Discussion

No community discussion yet for this question.

Full CISSP Practice