CISSP · Question #992
Which of the following is the BEST way to protect an organization's data assets?
The correct answer is B. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.. The best way to protect an organization's data assets is to encrypt data in transit and at rest using up-to-date cryptographic algorithms. Encryption is a process of transforming data into an unintelligible form using a secret key, so that only authorized parties can access or mo
Question
Options
- AMonitor and enforce adherence to security policies.
- BEncrypt data in transit and at rest using up-to-date cryptographic algorithms.
- CCreate the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
- DRequire Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
How the community answered
(46 responses)- A7% (3)
- B57% (26)
- C13% (6)
- D24% (11)
Explanation
The best way to protect an organization's data assets is to encrypt data in transit and at rest using up-to-date cryptographic algorithms. Encryption is a process of transforming data into an unintelligible form using a secret key, so that only authorized parties can access or modify the data. Encryption can protect data in transit, which is data that is moving across a network or a communication channel, from eavesdropping, interception, or modification. Encryption can also protect data at rest, which is data that is stored on a device or a media, from unauthorized access, theft, or loss. Encryption should use up-to-date cryptographic algorithms, such as AES, RSA, or SHA, that are proven to be secure and resistant to attacks. Monitoring and enforcing adherence to security policies is a good practice, but it may not be sufficient to protect data assets from internal or external threats. Creating the DMZ with proxies, firewalls, and hardened bastion hosts is a way to isolate and protect the network perimeter, but it may not protect data assets that are inside or outside the network. Requiring MFA and SoD is a way to enhance the identity and access management, but it may not protect data assets from unauthorized disclosure or modification.
Topics
Community Discussion
No community discussion yet for this question.