Certified Information Systems Security Professional (CISSP) — Question 376

Which of the following is the BEST way to protect an organization's data assets?

Answer options

• A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
• B. Monitor and enforce adherence to security policies.
• C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
• D. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

Correct answer: B

Explanation

The correct answer is B because monitoring and enforcing security policies ensures that data protection measures are consistently applied and adhered to by all users. While encryption, MFA, and DMZ setups are important, they are less effective if the organization does not have strong policies and compliance measures in place to guide user behavior and system management.