Module 1 - 02-1

Question 1

Define Security posture

Answer 1

An organization’s ability to manage its defense of critical assets and data and react to change

Question 2

What does CISSP stand for?

Answer 2

Certified Information Systems Security Professional (CISSP)

Question 3

What are the eight CISSP Security Domains (8)?

Answer 3

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

Question 4

What is the first (1st) CISSP Security Domain?

Answer 4

1. Security and Risk Management

Question 5

What is the second (2nd) CISSP Security Domain?

Answer 5

2. Asset Security

Question 6

What is the third (3rd) CISSP Security Domain?

Answer 6

3. Security Architecture and Engineering

Question 7

What is the fourth (4th) CISSP Security Domain?

Answer 7

4. Communication and Network Security

Question 8

What is the fifth (5th) CISSP Security Domain?

Answer 8

5. Identity and Access Management (IAM)

Question 9

What is the sixth (6th) CISSP Security Domain?

Answer 9

6. Security Assessment and Testing

Question 10

What is the seventh (7th) CISSP Security Domain?

Answer 10

7. Security Operations

Question 11

What is the eight (8th) CISSP Security Domain?

Answer 11

8. Software Development Security

Question 12

What areas does the first (1st) Security Domain, Security and Risk Management, focus on (5)?

Answer 12

• Defining Security Goals and Objectives,
• Risk Mitigation,
• Compliance,
• Business Continuity,
• Legal Regulations
  (Professional and Organizational Ethics)

Question 13

Define how Security Goals and Objectives pertains to the Security and Risk Management Domain

Answer 13

Organizations can reduce risks to critical assets and data like PII, or personally identifiable information

Question 14

Define how Risk Mitigation pertains to the Security and Risk Management Domain

Answer 14

Having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Question 15

Define how Compliance pertains to the Security and Risk Management Domain

Answer 15

The primary method used to develop an organization’s internal security policies, regulatory requirements, and independent standards

Question 16

Define how Business Continuity pertains to the Security and Risk Management Domain

Answer 16

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 17

Define how Legal Regulations pertains to the Security and Risk Management Domain

Answer 17

Following rules and expectations for ethical behavior to minimize negligence, abuse, or fraud

Question 18

Define Risk Mitigation

Answer 18

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Question 19

Define Business Continuity

Answer 19

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 20

What does InfoSec stand for?

Answer 20

Information Security

Question 21

Which CISSP Security Domain does InfoSec relate to?

Answer 21

CISSP Security and Risk Management Security Domain

Question 22

What does InfoSec refer to?

Answer 22

A set of processes established to secure information

Question 23

What are some InfoSec design processes (5)?

Answer 23

• Incident response
• Vulnerability management
• Application security
• Cloud security
• Infrastructure security

Question 24

What area does the second (2nd) Security Domain, Asset Security, focus on?

Answer 24

Securing Digital and Physical Assets.
It involves managing the cybersecurity processes of organizational assets, including the storage, maintenance, retention, and destruction of physical and virtual data

Question 25

What can an organization do to determine the level of risk associated with an asset (3)?

Answer 25

* Conducting a security impact analysis * Establishing a recovery plan * Managing data exposure

Question 26

What area does the third (3rd) Security Domain, Security Architecture and Engineering, focus on?

Answer 26

Optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization's assets and data

Question 27

What is one of the core concepts of Secure Design Architecture?

Answer 27

Shared Responsibility

Question 28

Define Shared Responsibility

Answer 28

All individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Question 29

What additional design principles that relate to the Security Architecture and Engineering Security Domain (8)?

Answer 29

* Threat modeling * Least privilege * Defense in depth * Fail securely * Separation of duties * Keep it simple * Zero trust * Trust but verify

Question 30

What area does the fourth (4th) Security Domain, Communication and Setwork Security, focus on?

Answer 30

Managing and securing physical networks and wireless communications

Question 31

What area does the fifth (5th) Security Domain, Identity and Access Management (IAM), focus on?

Answer 31

Access and authorization to keep data secure by making sure users follow established policies to control and manage assets. Basically, the goal of IAM is to reduce the overall risk to systems and data.

Question 32

What does IAM stand for?

Answer 32

Identity and Access Management (IAM)

Question 33

What are the four main components to Identity and Access Management (IAM)?

Answer 33

i. Identification ii. Authentication iii. Authorization iv. Accountability

Question 34

Define how Identification pertains to the Identity and Access Management (IAM) Domain

Answer 34

A user verifies who they are by providing a user name, an access card, or biometric data such as a fingerprint

Question 35

Define how Authentication pertains to the Identity and Access Management (IAM) Domain

Answer 35

The verification process to prove a person's identity, such as entering a password or PIN

Question 36

Define how Authorization pertains to the Identity and Access Management (IAM) Domain

Answer 36

Takes place after a user's identity has been confirmed and relates to their level of access, which depends on the role in the organization

Question 37

Define how Accountability pertains to the Identity and Access Management (IAM) Domain

Answer 37

Monitoring and recording user actions, like login attempts, to prove systems and data are used properly

Question 38

What principle does the Identity and Access Management (IAM) Domain use?

Answer 38

Least Privilege

Question 39

What is the concept of Least Privilege?

Answer 39

The concept of granting only the minimal access and authorization required to complete a task

Question 40

What area does the sixth (6th) Security Domain, Security Assessment and Testing, focus on?

Answer 40

Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities

Question 41

What is another name for Penetration Testers?

Answer 41

Pen Testers

Question 42

What is the primary action of Pen Testers?

Answer 42

To find vulnerabilities that could be exploited by a threat actor

Question 43

What area does the seventh (7th) Security Domain, Security Operations, focus on?

Answer 43

Conducting investigations and implementing preventative measures

Question 44

What strategies, processes, and tools can be used to implement preventative measures for the Security Operations Domain (9)?

Answer 44

* Training and awareness * Reporting and documentation * Intrusion detection and prevention * SIEM tools * Log management * Incident management * Playbooks * Post-breach forensics * Reflecting on lessons learned

Question 45

What area does the eight (8th) Security Domain, Software Development Security, focus on?

Answer 45

Using secure coding practices (programming practices and guidelines to create secure applications and services)

Question 46

Match each CISSP security domain to its area of focus: Optimizing data security by using effective tools, systems, and processes CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security

Answer 46

Security architecture and engineering

Question 47

Match each CISSP security domain to its area of focus: Security goals and objectives, risk mitigation, compliance, business continuity, and the law CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security

Answer 47

Security and risk management

Question 48

Match each CISSP security domain to its area of focus: Managing and securing physical networks and wireless communications CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security

Answer 48

Communication and network security

Question 49

Match each CISSP security domain to its area of focus: Securing assets; storage, maintenance, retention, and destruction of data CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security

Answer 49

Asset security

Question 50

Match each CISSP security domain to its area of focus: Using secure coding practices to create secure applications and services CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security

Answer 50

Software development security

Question 51

Match each CISSP security domain to its area of focus: Conducting investigations and implementing preventative measures CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security

Answer 51

Security operations

Question 52

Match each CISSP security domain to its area of focus: Using access, authorization, and established policies to secure data and manage assets CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security

Answer 52

Identity and access management

Question 53

Match each CISSP security domain to its area of focus: Conducting security control testing and audits, collecting and analyzing data CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security

Answer 53

Security assessment and testing

Question 54

The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets. * communication and network security * identity and access management * security operations * asset security

Answer 54

identity and access management

Question 55

What is the focus of the security and risk management domain? * Optimize data security by ensuring effective processes are in place * Manage and secure wireless communications * Secure physical networks and wireless communications * Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

Answer 55

Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

Question 56

In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities? * Communication and network engineering * Security architecture and engineering * Security assessment and testing * Identity and access management

Answer 56

Security assessment and testing

Question 57

The _____ domain concerns conducting investigations and implementing preventive measures. * asset security * software development security * security operations * communications and networking engineering

Answer 57

security operations

Question 58

Define Asset Security

Answer 58

Focused on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data.