nerdexam
(ISC)2

CISSP · Question #992

Which of the following is the BEST way to protect an organization's data assets?

The correct answer is B. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.. The best way to protect an organization's data assets is to encrypt data in transit and at rest using up-to-date cryptographic algorithms. Encryption is a process of transforming data into an unintelligible form using a secret key, so that only authorized parties can access or mo

Submitted by eva_at· Mar 5, 2026Asset Security

Question

Which of the following is the BEST way to protect an organization's data assets?

Options

  • AMonitor and enforce adherence to security policies.
  • BEncrypt data in transit and at rest using up-to-date cryptographic algorithms.
  • CCreate the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
  • DRequire Multi-Factor Authentication (MFA) and Separation of Duties (SoD).

How the community answered

(46 responses)
  • A
    7% (3)
  • B
    57% (26)
  • C
    13% (6)
  • D
    24% (11)

Explanation

The best way to protect an organization's data assets is to encrypt data in transit and at rest using up-to-date cryptographic algorithms. Encryption is a process of transforming data into an unintelligible form using a secret key, so that only authorized parties can access or modify the data. Encryption can protect data in transit, which is data that is moving across a network or a communication channel, from eavesdropping, interception, or modification. Encryption can also protect data at rest, which is data that is stored on a device or a media, from unauthorized access, theft, or loss. Encryption should use up-to-date cryptographic algorithms, such as AES, RSA, or SHA, that are proven to be secure and resistant to attacks. Monitoring and enforcing adherence to security policies is a good practice, but it may not be sufficient to protect data assets from internal or external threats. Creating the DMZ with proxies, firewalls, and hardened bastion hosts is a way to isolate and protect the network perimeter, but it may not protect data assets that are inside or outside the network. Requiring MFA and SoD is a way to enhance the identity and access management, but it may not protect data assets from unauthorized disclosure or modification.

Topics

#data protection#encryption#data at rest#data in transit#cryptography

Community Discussion

No community discussion yet for this question.

Full CISSP Practice