CISSP Question #971: Real Exam Question with Answer & Explanation

The correct answer is A: Implement a data classification policy.. A data classification policy is the primary step an organization must take to ensure data is properly protected from public release, because it defines the levels of sensitivity and confidentiality of the data, and the corresponding security controls and handling requirements. A

Submitted by tyler.j· Mar 5, 2026Asset Security

Question

An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?

Options

AImplement a data classification policy.
BImplement a data encryption policy.
CImplement a user training policy.
DImplement a user reporting policy.

Explanation

A data classification policy is the primary step an organization must take to ensure data is properly protected from public release, because it defines the levels of sensitivity and confidentiality of the data, and the corresponding security controls and handling requirements. A data encryption policy, a user training policy, and a user reporting policy are all important measures to protect data, but they are secondary to the data classification policy, which sets the foundation for data protection.

Topics

#Data classification#Data loss prevention (DLP)#Information governance#Policy implementation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions