Certified Information Systems Security Professional (CISSP) — Question 311

Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?

Answer options

• A. Conduct a site survey.
• B. Choose a suitable location.
• C. Check the technical design.
• D. Categorize assets.

Correct answer: D

Explanation

Categorizing assets is essential as it helps identify the sensitivity and criticality of the assets that need protection. This classification informs the development of a relevant Protection Profile. The other options, while important, do not directly inform the baseline requirements as effectively as asset categorization does.