Log in Start practising free
CISSP

Asset Security & Security Architecture

47 free practice questions with explanations

Practise all 47 questions free →

PassNova has 47 free CISSP practice questions on Asset Security & Security Architecture, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Asset Security & Security Architecture: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 47 free in the browser.

  1. In data lifecycle management, which role is ultimately accountable for classifying data and determining its protection requirements?

    • A End user
    • B Data custodian
    • C Data owner
    • D Data processor

    Answer: The data owner holds accountability for the data, including classifying it and defining protection requirements; the custodian implements those controls.

  2. An organization wants to ensure that decommissioned solid-state drives (SSDs) cannot have their data recovered. Because of wear-leveling, which method is MOST reliable for sanitizing an SSD?

    • A Reformatting the file system
    • B Degaussing the drive
    • C Single-pass overwrite with zeros
    • D Cryptographic erase (destroying the encryption key) or physical destruction

    Answer: Wear-leveling prevents overwrites from reliably reaching all cells and degaussing does not affect flash memory, so cryptographic erase or physical destruction is the reliable method for SSDs.

  3. Which security model is specifically designed to enforce data integrity by preventing subjects from writing data to a higher integrity level (no write up) and reading data from a lower integrity level (no read down)?

    • A Brewer-Nash
    • B Bell-LaPadula
    • C Biba
    • D Clark-Wilson

    Answer: The Biba model protects integrity using the simple integrity property (no read down) and the star integrity property (no write up).

  4. The Bell-LaPadula confidentiality model enforces the star (*) security property, which states that a subject:

    • A Cannot read data at a higher classification level
    • B Cannot write data to a lower classification level
    • C Cannot read data at a lower classification level
    • D Cannot execute programs at the same level

    Answer: Bell-LaPadula's star property prevents write down (no write to a lower level) to stop leakage of higher-classified data to lower levels.

  5. Which cloud computing service model places the GREATEST share of security responsibility on the cloud customer rather than the cloud provider?

    • A Function as a Service (FaaS)
    • B Software as a Service (SaaS)
    • C Platform as a Service (PaaS)
    • D Infrastructure as a Service (IaaS)

    Answer: Under IaaS the provider secures only the underlying infrastructure, leaving the OS, applications, and data to the customer, maximizing customer responsibility.

  6. A trusted computing concept relies on a hardware component that securely stores cryptographic keys and provides platform integrity measurements. Which component is being described?

    • A Baseboard Management Controller (BMC)
    • B Hardware Security Module (HSM)
    • C Trusted Platform Module (TPM)
    • D Memory Management Unit (MMU)

    Answer: A Trusted Platform Module (TPM) is a hardware chip embedded on the motherboard that stores keys and provides integrity measurements for trusted boot.

Start practising Asset Security & Security Architecture →
More CISSP topics

Practise another topic

Security Assessment, Testing & Operations37 questions Security & Risk Management36 questions Communication & Network Security32 questions Identity & Access Management32 questions Software Development Security16 questions
← Back to CISSP