CISSP 8 Domains

Question 1

Password Attacks falls under what doman?

Answer 1

Communication and Network Security Doman

Question 2

What are the two kinds of Password Attacks?

Answer 2

1) Brute Force
2) Rainbow Table

Question 3

Types of Social Engineering attacks

Answer 3

• Phishing
• Smishing
• Vishing-
• Whaling
• Social media phishing
• Business Email Compromise
• Watering hole attack
• USB baiting
• Physical social engineering

Question 4

Social engineering attacks fall under what domain?

Answer 4

Security and Risk Management Domain

Question 5

Physical Attacks fall under what domain?

Answer 5

Asset Security Domain

Question 6

What are examples of physical attacks?

Answer 6

Malicious USB cable, Malicious flash drive, Card cloning and skimming

Question 7

Adversarial artificial intelligence is a technique that…

Answer 7

manipulates
artificial intelligence and machine learning
technology to conduct attacks more efficiently.

Question 8

Adversarial artificial intelligence falls under what domains?

Answer 8

1) communication and network security and

2) the identity and access management domains

Question 9

Supply chain attack targets…

Answer 9

systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain.

Question 10

Supply chain attacks fall under which domain?

Answer 10

including but not limited to the security and risk management, security architecture and engineering, and security operations domains

Question 11

Cryptographic attacks affect…

Answer 11

secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:

Birthday

Collision

Downgrade

Question 12

Cryptographic attacks fall under which domain?

Answer 12

communication and network security domain

Question 13

Threat Actor Types

Answer 13

• Advanced persistent threats
• Insider Threats
• Hacktivists
• Hackers (authorized/ethical hackers, semi auth/researchers, and unauth/enthical hackers)

Question 14

Tasks associated with Security and Risk Management domain

Answer 14

Compliance, Defining security goals and objectives, business continuity.

Question 15

Tasks associated with the security assessment and testing domain…

Answer 15

• Collecting and analyzing data
• Conducting security audits
• Auditing user permissions

Question 16

Tasks associated with Identity and Access Management…

Answer 16

• Ensuring users follow established policies
• Controlling physical assets,
• Setting up an employees access keycard

Question 17

Security Controls

Answer 17

Safeguards designed to reduce specific security risks

Question 18

CIA Triad

Answer 18

A foundational model that helps inform how organizations consider risk when setting up systems and security policies

C- Confidentiality
I- Integrity
A- Availability

Question 19

Security Frameworks

Answer 19

guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:

• Identifying and documenting security goals
• Setting guidelines to achieve security goals
• Implementing strong security processes
• Monitoring and communicating results

Question 20

Examples of frameworks include…

Answer 20

the NIST Cybersecurity Framework (CSF) and

the NIST Risk Management Framework (RMF)

FedRAMP is a U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings. Its purpose is to provide consistency across the government sector and third-party cloud providers.

Center for Internet Security (CIS®)
CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls that can be used to safeguard systems and networks against attacks. Its purpose is to help organizations establish a better plan of defense. CIS also provides actionable controls that security professionals may follow if a security incident occurs.

General Data Protection Regulation (GDPR)
GDPR is a European Union (E.U.) general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and out of E.U. territory.

Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is an international security standard meant to ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment. The objective of this compliance standard is to reduce credit card fraud.

Question 21

HIPPA

Answer 21

HIPAA is a U.S. federal law established in 1996 to protect patients’ health information. This law prohibits patient information from being shared without their consent. It is governed by three rules:

Privacy

Security

Breach notification

Question 21

Security Frameworks

Answer 21

guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:

• Identifying and documenting security goals
• Setting guidelines to achieve security goals
• Implementing strong security processes
• Monitoring and communicating results

Question 22

International Organization for Standardization (ISO)

Answer 22

ISO was created to establish international standards related to technology, manufacturing, and management across borders. It helps organizations improve their processes and procedures for staff retention, planning, waste, and services.

Question 23

System and Organizations Controls (SOC type 1, SOC type 2)

Answer 23

The American Institute of Certified Public Accountants® (AICPA) auditing standards board developed this standard. The SOC1 and SOC2 are a series of reports that focus on an organization’s user access policies at different organizational levels such as:

Associate

Supervisor

Manager

Executive

Vendor

Others

They are used to assess an organization’s financial compliance and levels of risk. They also cover confidentiality, privacy, integrity, availability, security, and overall data safety. Control failures in these areas can lead to fraud.

Question 24

International standpoint on counterattacks

Answer 24

a person or group can counterattack if:

The counterattack will only affect the party that attacked first.

The counterattack is a direct communication asking the initial attacker to stop.

The counterattack does not escalate the situation.

The counterattack effects can be reversed.