CISSP Security Domains - Part 1
48 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of the CISSP security domains?

  • To conduct financial audits
  • To develop new software security solutions
  • To regulate global security laws
  • To organize daily tasks and identify security gaps (correct)
  • Security posture refers to an organization's ability to manage its defenses and respond to changes.

    True

    Name one of the processes involved in risk mitigation.

    Having the right procedures and rules in place.

    The domain focused on securing digital and physical assets is called ______.

    <p>Asset security</p> Signup and view all the answers

    Match the following CISSP security domains with their focus:

    <p>Security and Risk Management = Defining security goals and compliance Asset Security = Securing digital and physical assets Incident Response = Responding to security incidents Cloud Security = Securing cloud-based environments</p> Signup and view all the answers

    Which of the following is NOT a component of security and risk management?

    <p>Social media policies</p> Signup and view all the answers

    Legal regulations governing security are uniform across all countries.

    <p>False</p> Signup and view all the answers

    What type of information should organizations ensure is properly destroyed?

    <p>Personally identifiable information (PII) or sensitive personally identifiable information (SPII).</p> Signup and view all the answers

    What does authorization relate to in an organization?

    <p>Level of access based on roles</p> Signup and view all the answers

    Security control testing is not necessary for identifying risks and vulnerabilities.

    <p>False</p> Signup and view all the answers

    What process begins once a security incident has been identified?

    <p>Investigation</p> Signup and view all the answers

    What does the concept of 'shared responsibility' imply in an organization?

    <p>All individuals within the organization play a role in maintaining security.</p> Signup and view all the answers

    To ensure improved security, organizations may implement _____ authentication.

    <p>multi-factor</p> Signup and view all the answers

    Match the following terms with their respective definitions:

    <p>Authorization = Determines level of access based on user roles Accountability = Monitoring and recording user actions Assessment and Testing = Conducting security control testing and audits Security Operations = Investigating security incidents and implementing measures</p> Signup and view all the answers

    The concept of 'defense in depth' means relying solely on a single security measure.

    <p>False</p> Signup and view all the answers

    What is the primary focus of communication and network security?

    <p>Managing and securing physical networks and wireless communications.</p> Signup and view all the answers

    Which of the following is a key focus of security operations?

    <p>Investigating security incidents</p> Signup and view all the answers

    The goal of IAM is to reduce the overall risk to ________ and data.

    <p>systems</p> Signup and view all the answers

    Accountability is related to determining the identity of users.

    <p>False</p> Signup and view all the answers

    What is the purpose of conducting security audits?

    <p>To monitor for risks, threats, and vulnerabilities.</p> Signup and view all the answers

    Match the IAM components with their descriptions:

    <p>Identification = Verifies who a user is. Authentication = Confirms a user's identity. Authorization = Determines what a user can access. Accountability = Tracks user activities and access.</p> Signup and view all the answers

    Which of the following principles emphasizes that not all users should have the same level of access?

    <p>Least privilege</p> Signup and view all the answers

    Using public Wi-Fi hotspots is always secure if a VPN is used.

    <p>False</p> Signup and view all the answers

    What is one example of a risky behavior that employees can practice when working remotely?

    <p>Using insecure Bluetooth connections.</p> Signup and view all the answers

    What is the layer of the web that most people use?

    <p>Surface web</p> Signup and view all the answers

    The dark web can be accessed using a standard web browser.

    <p>False</p> Signup and view all the answers

    What type of data does PII refer to?

    <p>Personally identifiable information</p> Signup and view all the answers

    The _____ web generally requires authorization to access it.

    <p>deep</p> Signup and view all the answers

    Match the following layers of the web with their descriptions:

    <p>Surface web = Content accessible via a standard web browser Deep web = Requires authorization to access Dark web = Accessible using special software and often associated with criminal activity</p> Signup and view all the answers

    Which of the following is NOT a key impact of threats, risks, and vulnerabilities?

    <p>Cost of web development</p> Signup and view all the answers

    Secrecy of the dark web is beneficial for businesses seeking to protect sensitive data.

    <p>False</p> Signup and view all the answers

    What should organizations implement to prevent the impacts of threats, risks, and vulnerabilities?

    <p>Proper security measures and protocols</p> Signup and view all the answers

    What is the first step of the NIST Risk Management Framework?

    <p>Prepare</p> Signup and view all the answers

    The 'Select' step involves implementing security and privacy plans.

    <p>False</p> Signup and view all the answers

    What does the 'Assess' step of the RMF focus on?

    <p>Determining if established controls are implemented correctly.</p> Signup and view all the answers

    In the NIST RMF, the step that involves being accountable for security risks is called __________.

    <p>Authorize</p> Signup and view all the answers

    Which step involves developing processes to manage risks to critical assets?

    <p>Categorize</p> Signup and view all the answers

    Match the following steps of the RMF with their main focus:

    <p>Prepare = Monitor risks and identify controls Select = Choose and customize controls Implement = Execute security plans Assess = Determine if controls are effective</p> Signup and view all the answers

    The 'Implement' step is not essential for minimizing ongoing security risks.

    <p>False</p> Signup and view all the answers

    Name one activity involved in the 'Prepare' step of the RMF.

    <p>Monitoring for risks.</p> Signup and view all the answers

    Which step of the NIST RMF involves determining if established controls are implemented correctly?

    <p>Assess</p> Signup and view all the answers

    The Monitor step of the NIST RMF is the final step in the risk management framework.

    <p>False</p> Signup and view all the answers

    What is the main goal of business continuity?

    <p>To maintain everyday productivity by establishing risk disaster recovery plans.</p> Signup and view all the answers

    The __________ represents anything that can impact the confidentiality, integrity, or availability of an asset.

    <p>risk</p> Signup and view all the answers

    Which of the following best defines 'Social engineering'?

    <p>A manipulation technique that exploits human error to gain private information</p> Signup and view all the answers

    Match the following NIST RMF steps with their descriptions:

    <p>Prepare = Activities necessary to manage security before a breach Categorize = Develop risk management processes Select = Choose and document controls Implement = Put security plans into effect</p> Signup and view all the answers

    External threats are those that originate from within the organization.

    <p>False</p> Signup and view all the answers

    A __________ is a weakness that can be exploited by a threat.

    <p>vulnerability</p> Signup and view all the answers

    Study Notes

    CISSP Security Domains - Part 1

    • Eight security domains are identified by CISSP, assisting security teams in organizing daily tasks and identifying potential security vulnerabilities.

    Security and Risk Management

    • Defining security goals and objectives: Reducing risks to critical assets, like personally identifiable information (PII).
    • Risk mitigation: Implementing procedures to minimize the impact of potential breaches.
    • Compliance: Developing internal security policies based on regulatory requirements and independent standards.
    • Business continuity plans: Ensuring an organization's ability to maintain productivity during disasters.
    • Legal regulations: Adhering to global security and risk management laws and regulations to minimise negligence, abuse, or fraud.

    Asset Security

    • Securing digital and physical assets: Protecting data stored on computers, transferred over networks, or physically collected.
    • Data storage, maintenance, retention, and destruction: Establishing policies that ensure proper handling throughout an asset's lifecycle.
    • Data access policies: Understanding who has access to specific data and ensuring privacy.

    Security Architecture and Engineering

    • Shared responsibility: All individuals are responsible for security, encouraging users to report concerns
    • Threat modeling: Identifying potential threats to the security system
    • Least privilege: Granting users only the necessary access levels
    • Defense in depth: Implementing multiple layers of security controls
    • Fail securely: Ensuring systems function properly even if a security control fails.

    Communication and Network Security

    • Managing and securing physical and wireless networks: Ensuring network security for on-site communication and remote services
    • Remote work security: Implementing security measures for employees working remotely in public spaces to protect against security concerns in public places.

    Identity and Access Management (IAM)

    • Controlling access to data and assets: Establishing and following policies for controlling and managing data assets.
    • Limiting user access: Limiting access levels based on the specific needs of an employee.
    • Identifications Methods: Verifying user identities through methods like usernames, passwords, access cards, and biometrics.
    • Authorizations: Granting suitable access based on the employee role and responsibilities.
    • Accountability: Recording user activities and login attempts to ensure proper security procedures are followed.

    Assessment and Testing

    • Conducting security control testing: Evaluating existing security controls to ensure they are sufficient.
    • Collecting and analyzing security data: Regularly analysing data to identify existing risks.
    • Security audits: Conducting regular audits to monitor for risks, threats, and vulnerabilities.

    Security Operations

    • Conducting investigations: Responding to security incidents
    • Implementing preventative measures: Developing preventive measures to reduce risk
    • Digital forensics: Investigating breaches to determine cause and effect.

    Software Development Security

    • Secure coding practices: Employing security practices throughout the software development lifecycle
    • Security testing: Performing security tests to identify and mitigate vulnerabilities.
    • Security considerations throughout the entire development lifecycle: Designing and integrating security into each software development stage.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Explore the first part of the CISSP security domains, focusing on Security and Risk Management, along with Asset Security. Learn about defining security goals, risk mitigation, compliance, and maintaining business continuity. Gain insights into protecting digital and physical assets as part of a comprehensive security strategy.

    More Like This

    Use Quizgecko on...
    Browser
    Browser