CISSP (Certified Information Systems Security Professional)

-

The Certified Information Systems Security Professional (CISSP) certification is a globally recognized credential for information security professionals. The CISSP certification exam covers eight domains, which are:

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

Each domain represents a different area of knowledge and expertise that a CISSP must possess to effectively design, implement, and manage a comprehensive security program.

1. Which of the following are considered part of the termination stage of employment?

  • Non-disclosure agreements (NDA) : On-disclosure agreements are a part of the onboarding phase.
  • Returning equipment
  • Escort
  • De-provisioning 
Correct Answer:

Having equipment returned by a terminated employee is part of the termination stage and ensures that organizational's property is retained.

Escorting a terminated employee off-site is part of the termination stage and protects against employee retaliation.

De-provisioning a terminated employee's access is part of the termination stage and protects against unauthorized access.

2. _____ is the process of taking sufficient action and preventative measures to avoid a security incident.

  • Due diligence
  • Operational planning:  Operational planning is a short-term plan that ensures organizational operation.
  • Risk
  • Due care

Correct Answer: 

Due care is the process of taking sufficient action and preventative measures to avoid a security incident.

3. Which of the ISO/IEC 27000 series standards describes the concepts and principles for business continuity?

  • 27001
  • 27014
  • 27031
  • 27002
Correct Answer:

ISO/IEC 27031 describes the concepts and principles for business continuity.

4. When the financial loss is less than the cost of applying a security countermeasure, which of the following risk concepts should be practiced?

  • Risk rejection
  • Risk acceptance
  • Risk mitigation
  • Risk avoidance
Correct Answer:

Risk acceptance is accepting the risk, particularly when the financial loss is less than the cost of applying a security countermeasure.

5. If an asset has a value (AV) of $50,000, and an exposure factor (EF) of 2%, what is the annualized loss expectancy (ALE) given a 5 annual rate of occurrence (ARO)?

  • $5,000
  • $50,000
  • $500,000
  • $25,000

Correct Answer:

AV = $50,000 EF = 2% SLE = $1,000 = ($50,000)(.02) ALE = $5,000 = ($1,000)(5)

6. What are the 2 types of risk analysis organizations should be taking into account when calculating effects of a particular risk.

  • Qualitative risk analysis
  • Residual risk analysis
  • Risk rejection analysis
  • Quantitative risk analysis

Qualitative and quantitative risk analysis should be taken into account when calculating effects of a particular risk.

The two types of risk analysis that organizations should take into account when calculating the effects of a particular risk are:

Qualitative Risk Analysis: This type of risk analysis involves assessing the likelihood and impact of a risk using subjective judgment based on experience and intuition rather than precise calculations. Qualitative risk analysis is typically used when the data is limited, and the risks are difficult to quantify or when making decisions under uncertainty.

Quantitative Risk Analysis: This type of risk analysis involves using mathematical and statistical models to estimate the probability and impact of a risk based on data and information. Quantitative risk analysis is typically used when the data is available, and the risks can be quantified and measured with a reasonable degree of accuracy.

Both qualitative and quantitative risk analysis are important to consider when assessing risks, and organizations may use one or both methods depending on the nature of the risk and the available data. By using a combination of these two types of risk analysis, organizations can gain a more complete understanding of the potential impact of a risk and make informed decisions about risk mitigation and management.

7. What is the process of verifying that an entity is truly what it claims to be?

  • Nonrepudiation
  • Authorization
  • Identification
  • Authentication

Authentication is the process of verifying that an entity is truly what it claims to be.

The process of verifying that an entity is truly what it claims to be is called authentication.

Authentication is the process of verifying the identity of a user, system, or device to ensure that it is legitimate and authorized to access the system or information. It is a fundamental security mechanism that is used to protect systems and sensitive information from unauthorized access and to prevent malicious attacks.

Authentication can be achieved using various methods, such as:

  • Something the user knows, such as a password, PIN, or passphrase.
  • Something the user has, such as a smart card, token, or mobile device.
  • Something the user is, such as biometric characteristics like fingerprints, facial recognition, or iris scan.

By using one or more of these authentication methods, organizations can ensure that only authorized users and devices are granted access to their systems and information, which helps to reduce the risk of data breaches and other security incidents.

8. Who do you need approval from during the BCP Approval and Implementation phase?

  • Information Security department
  • Chief Information Security Officer
  • The highest level of leadership
  • Human Resources leader

BCP approval should come from the highest level of leadership in order to prevent any disputes.

During the Business Continuity Planning (BCP) Approval and Implementation phase, approval is typically required from senior management or the executive leadership team. This is because the BCP involves significant resources and coordination across multiple departments and business units, and it is critical that senior leadership provides support and guidance to ensure its success.

The approval process typically involves reviewing and approving the BCP document, including the strategies, procedures, and roles and responsibilities defined in the plan. The plan may also need to be tested and validated before it can be fully approved and implemented.

Once the plan is approved, the implementation phase can begin. This involves communicating the plan to all relevant stakeholders, training personnel on their roles and responsibilities, and testing and exercising the plan to ensure its effectiveness.

It is important to note that the BCP is an ongoing process that requires regular review and updating to ensure that it remains relevant and effective in the face of changing risks and business needs. As such, ongoing approval and support from senior management is critical to the long-term success of the BCP.


=========================================================================

Which one of the following security controls provides the best ability to detect integrity issues?

  • DLP
  • encryption
  • hashing
  • firewalls 

Hashing provides the best ability to detect integrity issues.

Hashing is a cryptographic technique that takes an input (or message) and produces a fixed-size string of characters, known as a hash value or digest. The hash value is unique to the input data, meaning even a small change in the input will result in a completely different hash value. Therefore, if the data's integrity is compromised in any way (e.g., accidental or intentional modifications), the hash value will also change.

By comparing the computed hash value with the original hash value, one can detect if any modifications have occurred, ensuring data integrity. Hashing is commonly used in security mechanisms like digital signatures, data verification, and checksums to detect tampering or unauthorized changes to data.

The other options mentioned are important security controls as well, but they are not specifically designed for detecting integrity issues.

Data Loss Prevention (DLP) focuses on preventing sensitive data from being leaked or lost, but it doesn't directly detect integrity issues.

Encryption protects data confidentiality by transforming plaintext into ciphertext using encryption algorithms. While encryption can help prevent unauthorized access to data, it does not directly focus on detecting integrity issues.

Firewalls are network security devices that monitor and control incoming and outgoing network traffic based on predefined security rules. They aim to protect networks from unauthorized access and can't directly detect data integrity issues.

In summary, hashing is the security control that best provides the ability to detect integrity issues in data.

Comments

Post a Comment

Popular posts from this blog

What is Microsoft SharePoint ?

-
Microsoft SharePoint is a web-based collaborative platform that integrates with Microsoft Office. It's primarily used for document management and storage but also offers a wide range of capabilities such as intranet, content management, workflow management, business intelligence, and enterprise search. SharePoint allows users to create sites where they can share documents, information, and ideas within their organization. These sites can be customized to fit specific needs, such as team collaboration, project management, or departmental portals. Some key features of SharePoint include: Document Management: Users can upload, store, organize, and share documents within SharePoint sites. Version control ensures that users are always working with the latest version of a document. Collaboration: SharePoint facilitates collaboration among team members through features like document co-authoring, discussion boards, calendars, and task lists. Intranet and Portals: SharePoint can be used...
Read more

General Cybersecurity

-
What is perimeter security?  Perimeter security, in the context of cybersecurity, refers to the measures and strategies implemented to protect an organization's internal network from external threats. It establishes a boundary, or perimeter, between the organization's internal network and the external environment, such as the internet. The goal of perimeter security is to prevent unauthorized access, attacks, and breaches from reaching the internal network and its resources. Here are some key components and concepts related to perimeter security: Firewalls: Firewalls are the cornerstone of perimeter security. They inspect incoming and outgoing network traffic based on predefined rules and policies. Firewalls can block or allow traffic based on factors such as IP addresses, port numbers, and protocols. Intrusion Detection and Prevention Systems (IDPS): IDPS solutions monitor network traffic for signs of malicious activity or known attack patterns. They can detect and prevent i...
Read more

Well-Architected Framework | Solution Architect

-
The Well-Architected Framework is a set of best practices and guidelines designed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. The framework is developed by AWS (Amazon Web Services), but similar principles can be applied to other cloud platforms. The Well-Architected Framework consists of five pillars, each addressing a key aspect of building well-designed and well-operated systems. These pillars are: Operational Excellence: Focuses on operational practices that ensure efficient and effective use of cloud resources. Key considerations include monitoring, incident response, automation, and overall operational health. Security: Emphasizes the importance of implementing robust security measures to protect data, systems, and assets. Covers data protection, identity and access management, and incident response, among other security aspects. Reliability: Aims to ensure a system's ability to recover from failures ...
Read more