1 When switching to hardware encryption from Software encryption, What is most important? What is not?
security level offered by hardware encryption compared to software encryption. Not if it compatibale to exisitng systems.
- What is better at protecting data? A: using strong encryption or password or B: access control
access control.because they ensure that only authorized users can access the data dictionary, preventing unauthorized access and potential breaches. Access controls can include measures such as authentication procedures, permissions and rights management, and monitoring and auditing of access activity. Using strong encryption or pasword does not address issues such as managing who has access to the decryption keys. Unauthorized individuals with the password could still access the data
11 How long should you retain data?
LEAST amount of time necessary to comply with legal and regulatory requirements.
13 Which is the most effective approach to increase security for the company’s sensitive data? Encryption or MFA
Not Enhance data encryption. While enhancing encryption is crucial, encryption alone won’t protect against all potential threats, especially if the keys or passwords are compromised. (MFA) requires users to provide multiple forms of identification before gaining access to a system. This means that even if a malicious actor obtains a user’s password, they would still need another form of verification (like a token or a fingerprint) to access the system.
23 Why is symmetric encryption not enough for data in motion? And what is the solution?
symmetric (or asymmetric) encyrtion by itself is not enough. VPN is the best because it also includes encryption ensuring the integrity and confidentiality of the data while it is in transit.
31 What security does CASB provide?
CASBs provide both encryption and access control to protect data that is in transit to the cloud, or within the cloud, and to enforce policies for accessing this data. The CASB encrypts data before it is sent to the cloud and decrypts it when it is returned. It also provides fine-grained access control, which allows organizations to enforce policies on who can access what data, under what circumstances. This dual functionality is what makes CASBs uniquely suited to the requirements
34 Common sense mistake. Data retention policy. Which is most effective?
A policy that allows for data to be retained on a case-by-case basis. I picked “shortest amount of time”
37 What is the first thing you do to tailor a security plan?
Key word here is “Tailoring”. Customized security controls are built based on the organization’s unique needs and risk profile, indicating that the plan has been customized for that specific organization. Customized security controls may include, for instance, specialized access controls, bespoke encryption protocols, or specific incident response procedures. Risk assessments do not indicate tailoring. They are a pre-requisite to tailoring a security plan, as the information gleaned from risk assessments can then be used to create customized security controls, but they, in themselves, are also not an indicator of a tailored security plan.
40 Trick question: Conducting regular audits of network traffic
Don’t forget to read “network”. You forgot to read that.
41 What is the best way to protect a food formula or software alogrithm?
Encrypt the formula and store it on a secure server, Not file with USPTO because you can’t patent a formula and algorithm.
42 What is MAC memory access control?
security mechanism that regulates how different parts of a computer system, such as processes or users, can interact with specific memory locations. It ensures that only authorized entities can read, write, or execute data within designated memory regions, preventing unauthorized access and potential security breaches.
44 Trick question. risk assessment vs vulnerability assessment
Risk and vulnerability accessment is not the same . If the question ask for risk, the answer should be related to risk, not vulnerability.
47 what is cspm
Cloud security posture management
CSPM, or Cloud Security Posture Management, is a category of security products that help organizations avoid misconfigurations and reduce risk by checking for deviation from security best practices. CSPM tools continuously monitor and report on an organization’s security status, provide security risk assessment, and suggest remediation steps for the identified misconfigurations and compliance violations in the cloud.
49 data sensitivity and data confidendiality mean the same?
No. Confidentiality focuses on preventing unauthorized access or disclosure, but it doesn’t take into account other aspects that might be involved in determining sensitivity, such as the potential impact of unauthorized alteration or destruction.
53 what is cloud security gateway
CSGs provide visibility and control over cloud infrastructure
63 Which part of CIA does Privilege escalation attack?
Privilege escalation refers to a situation where an attacker gains higher access rights on a system or network, often due to system vulnerabilities, and uses them to cause harm or exploit the system further. While this is a serious security concern, it primarily threatens the integrity and availability aspects of the CIA triad rather than confidentiality directly.
63 What does Data exfiltration mean?
Data exfiltration refers to unauthorized copying, transfer, or retrieval of data from a computer or server. This is a direct attack on the confidentiality aspect of the CIA triad.
66 Why is In a file cabinet with a lock not very safe vs a Safe
file cabinet with a lock doesn’t protect from environmental elements while a Safe does.
70 Which should you do first? A gap analysis or design a plan?
First do a gap analysis to identify areas of non-compliance: The first step is to understand the current state of the organization’s software asset management (SAM) practices and identify areas where they may not meet ISO 19770 requirements. By conducting a gap analysis, the organization can pinpoint specific areas that need improvement, which will then inform the development of a comprehensive compliance plan. Developing a comprehensive compliance plan: While this is a critical step in the process, it comes after the gap analysis. A compliance plan is developed based on the results of the gap analysis to address the identified areas of non-compliance and ensure that the organization aligns with ISO 19770 standards
what is ISO 15489-1?
ISO 15489 establishes the fundamental concepts and principles for creating, capturing, and managing records. This standard applies to records in any format, structure, or technological environment, regardless of time. So its about accessing records based on roles and permissions.
70 What is ISO 19770?
IT asset management address both the processes and technology for managing software assets and related IT assets
76 what is ISO 27000
provides a framework for organizations to establish, implement, maintain, and continually improve an Information Security Management System (ISMS). The series offers best practices and guidelines for managing information security risks and protecting sensitive information. Asset management is another important element of the ISO 27000 standard, as it involves identifying and classifying information assets and implementing controls to ensure their security and integrity.
91 Is overwriting data on harddrive effective on no data remittance?
Generally yes.
98 Which step comes first? Develop a data governance framework OR Identify and classify data assets
The first step in implementing a data ownership policy is to identify and classify data assets to determine which data is important and needs to be protected. Data classification refers to the process of categorizing data into types, forms, or any other distinct class.
Before such a framework can be established, the organization needs to identify and classify its data assets to determine what needs to be governed.
-
CISSP Easy/Mid Domain134
-
CISSP Hard #1 All Domains 125Q50
-
CISSP Easy Section 330
-
CISSP Section 234
-
CISSP Stone River Asset Security2
-
CISSP Section 546
-
CISSP Section 736
-
Domain 449
-
Domain 839
-
Domain 6 Security Assessment & Testing35
-
General questions17
-
Technical Institute of America 50 CISSP Practice Questions21
-
Inside Cloud & Security11
-
Thor Hard #228
-
Thor Easy 113
-
Thor Easy 1 Part 224
-
Thor Easy 2 part 135
-
Quantum Exam0
